Protecting Workloads in AWS with comprehensive Segmentation – Simpler, Faster Security by Akamai – Whitepaper

Protecting Workloads in AWS with Comprehensive Segmentation whitepaper - Simpler, Faster Security by Akamai

Don’t let security concerns hold back cloud adoption. One solution can handle visibility, lateral movement prevention, and breach detection and response in AWS.

More than 60% of enterprises worldwide cite security as a major reason to avoid cloud adoption. The benefits of moving critical workloads to AWS are clear, taking infrastructure costs and maintenance off your hands, improving scalability and elasticity with almost limitless resources and power, and utilizing the latest innovations such as machine learning and AI to boost performance and analytics. However,
security concerns are holding many enterprises back.

The challenge of security in AWS
When considering a whole new environment, it isn’t surprising that you will need to revisit security from scratch. You may be a complete newcomer to the cloud, or you might be migrating from a different vendor, choosing a new hybrid solution, or adding AWS to your existing ecosystem. Either way, the cloud requires its own specific toolset, handling the unique challenges that this infrastructure presents. Some factors are common for all cloud vendors, while others will be unique to Azure, Google Cloud Platform (GCP), or AWS. Here are some of the top concerns for businesses using cloud or hybrid cloud that include AWS technology:

Understanding shared responsibility: When you shift your workloads to AWS, you need to recognize that you still hold a lot of responsibility. You will need to secure customer data, applications, and platforms. The lack of understanding around the shared responsibility model is why Gartner predicts that 99% of cloud security failures will be the customer’s fault through 2025.

Lack of visibility: You can’t control what you can’t see. In the cloud, visibility is a lot more complicated, especially when it comes to protecting and visualizing network traffic that moves east-west as well as north-south. Looking at flows alone is not enough. Your critical assets may be spread across multiple AWS accounts, containers, or network security groups, and without contextualizing all of this, it can be impossible to accurately get a sense of flows and interdependencies.

Limited control for policy creation: If your business is used to having insight at Layer 7 on-premises, you aren’t going to want to take a step back to just Layer 4 visibility, losing that granular insight and control now that your workloads are in the cloud. Amazon Security Groups support controlling traffic to Layer 4. But with Layer 7 visibility and control, no matter the underlying infrastructure, you can do more than rely on ports and IPs alone, which are largely insufficient for breach detection or troubleshooting.

Container security: AWS uses Amazon Security Groups to apply policy for container security, but this is limited to clusters rather than individual pods.
For full insight into communications, you need a solution that recognizes the context of an overlay network running on top, and can drill down in a granular way to the pod level. This gets more complex when you want to create network policies that include both VMs and containers, often resulting in organizations handling two sets of security controls.

Download & read the complete whitepaper below 👇👇👇


Leave a Reply

Your email address will not be published. Required fields are marked *