Security Transcending Boundaries
Cloud computing revolutionized business by liberating organizations from the need to procure, monitor and maintain complex hardware infrastructures. Its advent offered compelling workplace use cases and quickly captured the mindshare of business and IT leaders. With the flexibility and availability of multicloud, organizations are now free to choose the best method for delivering vital applications, data, and company resources to a mobile, highly productive, and technology-dependent workforce.
But, this new flexibility does come with a downside – the evisceration of traditional perimeter defenses as a means to protect information and systems.
In this new era of distributed work, security must extend to wherever access decisions are made. Far beyond traditional hardware devices like firewalls and software like antivirus, modern security incorporates policies, controls and procedures that work together with hardware and software platforms to protect systems, data, and infrastructure — in the cloud, on-premises, at the edge, or on an endpoint — from exploit.
Fortunately, today’s cloud security technologies are anything but nebulous. Let Structured help you regain firm footing when it comes to protecting users and data in a multicloud era.
Cloud Security Posture Management (CSPM)
Proactively identify and remediate cloud security risks by concentrating on security assessments and compliance monitoring, primarily across Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (IaaS) stacks.
CSPM solutions provide consistent controls and automated remediation across cloud providers and help keep configurations secure in a shared-responsibility security model. CSPM providers can also help with auditing regulatory requirements such as SOC2, PCI, GDPR, CCPA and others. CSPM typically uses API calls to proactively monitor for risks and security automation.
Cloud Access Security Broker (CASB)
Close security gaps across cloud platforms with a central location for policy and governance as well as granular visibility into and control over user activities and sensitive data. Protect data wherever it is stored. CASB capabilities are delivered primarily as a SaaS application, occasionally accompanied by an on-premises virtual or physical appliance where adherence with certain regulatory requirements or data sovereignty rules apply.
Secure Access Service Edge (SASE)
SASE, pronounced “sassy,” is the newest conceptual development in security. Coined by Gartner in August 2019, SASE is the convergence of multiple security and networking technologies into a unified, global cloud-native service. While still in its infancy, Gartner predicts 40 percent of companies will seek to implement SASE by 2024.
SASE combines SD-WAN capabilities with network security functions like Firewall as-a-Service (FWaaS), CASB, secure web gateway (SWG), and zero trust network access (ZTNA) that are delivered as a single cloud-based service (aaS). It is meant to provide real-time, dynamic secure access across organizations with permissions based on identity, context and security/compliance policies.
Additional As-A-Service Models (SOCaaS, DRaaS, BaaS)
Due to the complicated and persistent nature of cyberthreats today, many businesses are offloading security operations to firms offering Security Operations Center (SOC) services. These companies proactively monitor for, prevent, and respond to threats around the clock all year long – something for which many organizations just can’t staff. They can monitor and defend on-premises or cloud-based infrastructure/data and are an excellent resource for regulated industries that need to adhere to strict compliance frameworks. SOC/SOCaaS firms must pass rigorous security audits and understand the nature of these regulations. They help customers identify security gaps, can validate compliance and control processes, and supply proof to auditors that an organization is mitigating vulnerabilities and meeting standards.
Where SOC/SOCaaS firms protect information and assets maintained on infrastructure controlled by their clients — either on-premises or in the cloud — other cloud services firms enhance client security by acting as a safe repository for critical information.
Disaster Recovery as a Service (DRaaS) and Backup as a Service (BaaS) platforms allow organizations to adhere to tight recovery point and recovery time objectives (RPOs and RTOs). Companies leveraging these services can quickly restore data and resume operations in the event of unplanned downtime (most often caused by human error, cybercrime, or natural disasters). For businesses with a very low tolerance for downtime, leveraging DRaaS and/or BaaS from a global cloud service provider is an incredibly attractive option.
Structured Professional Services
Collin Miller, Director of Cloud Security
As the Director of Cloud Security for Structured, Collin manages strategies for securing cloud-based infrastructure and applications. He has more than 16 years’ experience in networking and IT security, focusing on data loss prevention (DLP), secure remote access and authentication, next-generation firewall (NGFW), and security event and information management (SIEM). Collin is also an avid backpacker, having completed a thru-hike of the Pacific Crest Trail in 2015.
Securing Your Future
By Collin Miller, Director of Cloud Security — Given the emergency brought on by rapid spread of COVID-19, many businesses have been shut down or are transitioning to telework to comply with public health measures. However, for the group of organizations that make up our critical infrastructure, shutting down is not an option. Critical infrastructure…
By Brad Pierce, Structured Managing Director of Security, CISSP/CISA/PCIP — One of the first things you must do as a network or systems administrator is document. Oh, Documentation! The bane of IT professionals everywhere. In our harried work lives, it is a tedious, time-consuming process. Most people prefer to avoid documentation. But, when it is…