Making the Transition to the Cloud - CDW

1 downloads 234 Views 139KB Size Report
are rising to this challenge is the adoption of cloud-based services that provide ... businesses led to many “what ifâ
WHITE PAPER

NEXT-GENERATION SECURITY AS A SERVICE

The power of the cloud can deliver advanced cyberdefense to organizations of any kind. EXECUTIVE SUMMARY

In today’s information-centric environments, every organization is justifiably concerned about cybersecurity. Customers, organizational leaders, regulators and other stakeholders all demand that organizations prioritize protecting the confidentiality, integrity and availability of sensitive information. At the same time, enterprises are operating in an increasingly risky threat environment filled with more sophisticated attackers seeking to undermine security controls. This feedback loop of increased demand for security and growing risk of cyberattack puts IT leaders in a dilemma. How can they continue to protect their organizations against cybersecurity risk when it is often difficult to add additional staff to the payroll? One way that organizations are rising to this challenge is the adoption of cloud-based services that provide state-of-the-art products that are continually updated to thwart new threats. Recognizing the need for more sophisticated controls in today’s threat environment, cloud security service providers are now providing next-generation security controls to their customers. From firewalls and intrusion prevention systems to advanced identity and access management solutions, organizations can find the answers to many of their security needs in the cloud.

NEXT-GENERATION SECURITY AS A SERVICE

The Constantly Evolving Security Threat

Where and how cyberattackers strike is a shifting and evolving matrix. Fueled by increases in the number and diversity of Internet-connected devices, organizations find themselves facing an uphill battle as they strive to defend themselves against many different types of attacks. In a recent survey of IT professionals conducted by McAfee and the Aspen Institute, 70 percent believe cybersecurity threats to their organizations are escalating. Operating in today’s environment requires that security professionals and other leaders collaborate to prioritize their investments in information security controls. Media attention given to major security incidents in 2014 and 2015 sparked an interest in security issues among leaders, from the board level down to line managers. Breaches at the federal Office of Personnel Management and several major businesses led to many “what if” questions about practices within organizations everywhere. One of the core realizations for many organizations was that it simply isn’t possible to completely prevent security breaches. They can and do occur, even to well-defended organizations. Enterprises must implement security strategies that not only reduce the likelihood of security incidents, but also minimize the effect of successful attacks through strong security controls and proactive incident response processes.

Advanced Persistent Threats In today’s threat environment, the primary risk facing an organization is no longer only the lone cyberattacker toiling away in a basement in the wee hours of the morning. Today’s threats can come from sophisticated groups of attackers who are highly skilled, well funded and sponsored by government agencies, military groups or terrorist organizations. These groups, which use sophisticated techniques known as advanced persistent threats (APTs), pose a significant risk to the security of any organization they choose to target. APTs aren't used to leverage known vulnerabilities to gain access to an organization. They involve ongoing research and development designed to identify new vulnerabilities cyberattackers can use against their targets. These types of zero-day vulnerabilities may not be known to the software or device vendor and, therefore, may remain unpatchable, rendering them extremely potent as access tools. APTs are used in a highly specific manner. Rather than broadly seeking out vulnerable targets, cyberattackers that employ APTs identify specific organizations that have coveted information or resources and then skillfully attack that target. The highly organized nature of these attacks leverages reconnaissance, stealthy techniques and operational security controls designed to prevent a target from ever learning that its network was compromised. These sophisticated threats require advanced, next-generation security controls.

CDW.com/security | 800.800.4239

2

Many security experts advocate a defense-in-depth approach to information security issues. This approach calls for adopting a layered defense of overlapping security controls that can withstand the failure of a single security technology. Cloud security services facilitate defense-in-depth by providing responsive, rapidly updated security services that might otherwise be too difficult or cost-prohibitive for an organization to build on their own.

The Cloud Delivers Security

Organizations across many industries depend on cloud security solutions for a wide variety of enterprise needs. The value these solutions offer is the ability to leverage the broad expertise of vendor security specialists and reduce the administrative burden on enterprise IT teams. Cloud security solutions also bring unique benefits to many security disciplines, including antivirus protection, email security, web application security and enterprise mobility management. Most anti-virus technology depends on the use of signature detection approaches that use databases of known malware objects. In the traditional approach to anti-virus protection, each client downloads signature files from a central repository, and the anti-virus software is only as good as the most recent update. Failing to update anti-virus signatures results in dangerous security vulnerabilities. Cloud-based approaches to anti-virus technology remove this update burden from an organization’s IT staff by performing malware analysis in the cloud. Whenever an anti-virus client discovers a suspicious file, it sends a digital hash of that file to the cloud service for analysis and evaluation. The service provider keeps the cloud database current, and these updates improve security for all clients in real time. Cloud-based email security services function in a similar manner, offloading the analysis of inbound email messages to a cloud provider. An organization’s IT staff simply configures the domain to automatically route incoming messages to the cloud security service before delivery to users. The service can then perform anti-virus screening, spam filtering and other contentbased security checks on messages, quarantining any suspicious content before delivery to individual mailboxes. Cloud-based email systems also provide encryption technology designed to add confidentiality to the exchange of sensitive messages both inside and outside an organization. Cloud-based web security also provides significant benefits to web applications. From a server perspective, cloud-based web application firewalls can filter out malicious traffic, protecting an organization from distributed denial-of-service attacks, SQL injection, cross-site scripting and other malicious requests. Cloud web security services also extend protection to end users, filtering out requests for malicious websites or other content that violates an organization’s security policy. Organizations also turn to the cloud for easy-to-administer enterprise mobility management (EMM) products. These solutions provide a simple, web-based way to manage the many mobile devices that exist in modern organizations. Administrators may leverage policy templates provided by the

NEXT-GENERATION SECURITY AS A SERVICE

CDW.com/security | 800.800.4239

EMM vendor or develop custom policies that ensure secure device configurations, prevent the installation of unwanted mobile apps and track lost or stolen devices to facilitate recovery or data wiping. These cloud services share several common benefits. They boost security by allowing the incorporation of real-time threat updates. They enable organizations to leverage state-of-theart security technology without major increases in staff, and they typically offer cost benefits over in-house solutions by leveraging economies of scale across many clients.

3

their work with additional insight into application, network, identity and behavioral information about the organization and its users. This capability provides security specialists with enhanced functionality they can use to identify potentially malicious traffic, even when it masquerades as legitimate activity. Administrators may also use these profiles to restrict application activity in a granular fashion. For example, a firewall administrator might create a rule that blocks customer service staff from streaming music over the network during business hours but does not affect other users. This contextual analysis reduces false positive rates and improves the security team’s ability to detect sophisticated threats. As organizations realize the benefits of The same contextual information that assists the existing array of cloud-based security NGFWs in performing their analysis can also be brought services, they increasingly turn their to bear in the area of intrusion prevention. Nextattention to the implementation of new generation intrusion prevention systems (NGIPSs) use security technologies in the cloud. While contextual information to identify and block potentially the first cloud security services simply took malicious traffic that may slip through the firewall. This existing technology and made it easier to improves the analysis, decision-making and reporting deploy and manage, these next-generation capabilities of the device by performing some of the security services leverage the cloud to heavy lifting that previously required manual analysis. provide significantly increased security For example, an NGIPS that detects suspicious file The percentage of over existing solutions. Cloud security access might automatically pull identity information organizations that services now offer next-generation from Active Directory to determine the user’s role in the deployed network firewalls, unified threat management, organization, and then use that information to assess security, firewalls or intrusion prevention and identity whether the alert is genuine or a likely false positive. intrusion prevention management capabilities. Many organizations are turning to unified threat services via the cloud management (UTM) to centralize their security in 2014* Next-Generation Network functions on a single technology platform. UTM Security products incorporate firewall, intrusion prevention, Next-generation firewalls (NGFWs) provide enhanced security application control, content filtering and other capabilities in a services for organizations seeking to create a secure perimeter, single device that can then share information between these blocking attackers from breaching their protected networks. In functions, improving the ability of each service to protect the addition to serving in the firewall’s traditional role of enforcing organization. Next-generation UTM (NGUTM) products also rules governing the traffic permitted to leave the network, include contextual information in that analysis, providing them NGFWs go a step further and provide administrators with deep with a comprehensive look at enterprise security. contextual insight into network activity. Rather than simply Each of these next-generation network security solutions relying on characteristics of network traffic, NGFWs perform provides significant benefits when organizations choose to

The Next Generation of Security Services

35%

Overcoming Fear, Uncertainty and Doubt In some cases, IT and organizational leaders struggle when they first begin to think about deploying security services in the cloud. These concerns typically boil down to three root causes: fear, uncertainty and doubt (FUD) surrounding cloud computing and, in particular, placing critical security services in the cloud. Encountering FUD is a normal part of the decision to migrate to cloud services, and successful organizations find that the best response is to face it head-on and counter it with knowledge and education. Leaders who have questions about the use of cloud services should explain their objections and then work with service providers to address those issues. For example, if an executive expresses concern about where data will be stored in the cloud, the provider should share information about the physical security of its data centers and the controls in place to protect customer information. A little knowledge goes a long way.

*SOURCE: Cisco Systems, "2016 Annual Security Report," January 2016

NEXT-GENERATION SECURITY AS A SERVICE

adopt cloud-based versions. Within such a scenario, cloud providers handle the time-consuming aspects, ensuring that the underlying platforms are securely implemented and highly available. Customers may then adopt security policy templates provided by the vendor or choose to implement their own security policies on the vendor’s platform.

Next-Generation Identity and Access Management Identity and access management (IAM) solutions pose major technical challenges for many IT organizations. IAM technology plays a critical role in the quality and security of IT services provided to internal and external customers but is complex

CDW: A Security Partner That Gets IT

CDW’s solution providers are available to serve as your organization’s security partner. The CDW team offers a variety of cloud-delivered security services that will help you improve your security posture. CDW’s account managers and solution architects stand ready to assist you in every phase of your project as you select and implement security solutions. CDW takes a comprehensive approach to identifying and meeting the needs of every customer. Each engagement includes five phases designed to help you achieve your security objectives in an efficient, effective manner. These phases include: • Initial discovery session • A ssessment review • D etailed manufacturer evaluations • P rocurement, configuration and deployment • 2 4/7 telephone support In addition to assisting with the design and implementation of security solutions, CDW staff are available to perform a wide range of security assessments.

CDW.com/security | 800.800.4239



To learn more about a wide variety of advanced cyberdefenses, read CDW’s Tech Insights Guide on “Next-Generation Security.”

to design, build and maintain. Next-generation IAM service providers offer cloud-based approaches to IAM that manage identity repositories, automate synchronization between repositories, manage authentication and single sign-on, and perform required logging and reporting functions. Many service providers go beyond these capabilities to provide customers multifactor authentication and integration with other technology platforms.

The CDW Approach ASSESS Evaluate business objectives, technology environments and processes; identify opportunities for performance improvements and cost savings.

DESIGN Recommend relevant technologies and services, and document technical architecture, deployment plans, "measures of success," budgets and timelines.

DEPLOY Assist with product fulfillment, configuration, broad-scale implementation, integration and training.

MANAGE Proactively monitor systems to ensure technology is running as intended and provide support when and how you need it.

To learn more about CDW’s security solutions, contact your CDW account manager, call 800.800.4239 or visit CDW.com/security.

YOU

4

CDW

The information is provided for informational purposes. It is believed to be accurate but could contain errors. CDW does not intend to make any warranties, express or implied, about the products, services, or information that is discussed. CDW®, CDW•G ® and The Right Technology. Right Away ® are registered trademarks of CDW LLC. PEOPLE WHO GET IT ™ is a trademark of CDW LLC. All other trademarks and registered trademarks are the sole property of their respective owners. Together we strive for perfection. ISO 9001:2000 certified MKT10786 — 160108 — ©2016 CDW LLC