eBooks/eGuides

CHAPTER 2 Security Challenges in Hybrid Clouds 17 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. » Security deployments are process-oriented; cloud computing environments are dynamic. The creation or modification of your virtual and containerized workloads can often be done in minutes, though the security configu- ration for this workload may take hours, days, or weeks. Security delays aren't designed to be burdensome; they're the result of a process that is designed to maintain a strong security posture. Policy changes need to be approved, the appropriate firewalls must be identified, and the relevant policy updates determined. In contrast, virtualization and DevOps teams operate in a highly dynamic environment, with workloads being added, removed, and changed rapidly and constantly. The result is a disconnect between security policy and virtualized workload deployment leading to a weakened security posture. CLOUD-BASED SAAS APPLICATIONS: I CAN'T SEE CLEARLY NOW Organizations are adopting SaaS-based application services at a breakneck pace. These applications continue to redefine the network perimeter, providing critical functionality and increasing productivity, but at the same time introduce potential new security and data risks if not properly controlled. In most organizations that use SaaS applications, users are provided access to a specific list of services that the organization has deemed acceptable or suitable for business purposes. However, given the large number of unique SaaS applications that are readily available on the Internet, many users likely aren't strictly complying with such usage policies and are instead using unsanctioned SaaS applications at work. This practice further increases the risk of data leakage to organizations due to the lack of visibility from regular logs or notifica- tions from unauthorized SaaS applications, as well as additional risk of intermeshing users' personal and work emails. In these situations, a user's personal email account may be attacked, and the attacker may then be able to steal data or compromise the user's work email account.

• Cover
• Title Page
• Copyright Page
• Table of Contents
• Introduction
• About This Book
• Icons Used in This Book
• Chapter 1 The Evolution of the Data Center
• Understanding the Impact of the Cloud on the Data Center
• Recognizing Security Challenges in the Data Center and Hybrid Cloud
• Looking at Why Legacy Security Infrastructure is Ineffective
• Firewalls
• Intrusion prevention
• Proxies
• Defining Security Requirements
• Gain complete visibility
• Minimize the attack surface
• Automate threat protection
• Chapter 2 Security Challenges in Hybrid Clouds
• Cloud Security and The Shared Responsibility Model
• The Dynamic Nature of Modern Threats
• Ransomware
• Credential theft
• DNS-based attacks
• Targeted "Low-and-Slow" Attacks and APTs
• Chapter 3 Delivering Consistent Security Using Zero Trust
• Gaining Complete Visibility
• Application identification
• User identification
• Content identification
• Minimizing Your Attack Surface with Segmentation
• Using Dynamic Security to Support Moves and Changes
• Chapter 4 Leveraging Unmatched Threat Protection
• The Challenges of Defense in Depth
• What Is a Perimeter?
• Threat Protection Components
• Endpoint protection
• Security orchestration and automation
• Cloud-based threat intelligence
• Chapter 5 Ten Evaluation Criteria for Network Security in the Data Center and Hybrid Cloud Environment
• Safe Enablement of Applications in the Hybrid Cloud
• Identify Users and Enable Appropriate Access
• Comprehensive Threat Protection
• Flexible, Adaptive Integration
• Secure Access for Mobile and Remote Users
• One Comprehensive Policy, One Management Platform
• Cloud Ready
• Automate Routine Tasks and Focus on the Threats That Matter
• Flexible Deployment Options
• Consume New Innovations Easily in a Broad Partner Ecosystem
• Glossary
• EULA