As a Sci-Fi fan, the journey to the cloud reminds me of the USS Enterprise in Star Trek whose mission was to explore new worlds—to boldly go where no one has gone before. As businesses rush head-on into the digital frontier, spinning up new cloud instances at warp speed, the key question for security professionals is how do we keep ourselves safe as we navigate between the world of traditional data centers and public clouds?
The terrain of the software defined data center (SDDC) and public cloud introduce new and daunting security challenges: an expanded threat landscape, cloudy visibility, and a big talent shortage. It is tempting to slow down and chart a measured course. However, cloud adoption is growing at such a rapid pace, over 95% of organizations are experimenting with infrastructure as a service (IaaS),1 that we have no choice but to adapt our security approach to address the dynamic nature of the hybrid cloud.
Navigating this new security frontier
Our strategy at Intel Security is to automate the threat defense lifecycle, delivering the ability to address more threats, faster, and with fewer resources.
In the cloud, protection is divvied up across the compute workload stack between service providers and the enterprise in a shared responsibility model. Ultimately, the responsibility for protecting business assets is up to the enterprise. We help you proactively manage these workloads, within minutes identifying new workloads, discovering non-compliant systems, and identifying potential breaches.
In Raja Patel’s recent blog on securing the distributed enterprise, he showed how Intel Security is protecting the enterprise, bringing together Web Security, Advanced Threat Detection, Cloud Application Visibility, and Data Protection into a common platform.
Today we will go deeper into the strategy for delivering security for hybrid clouds, providing comprehensive visibility and protection to ensure consistent security policies match business line demands for rapid service provisioning and strong security controls.
Overcoming the security obstacles
As enterprises adopt Software Defined Networking (SDN), Network Functions Virtualization (NFV) and DevOps, the surge in payloads exponentially increase an enterprise’s attack surface. Locating the origination of an attack and preventing lateral spread becomes more complex.
Most organizations don’t have visibility across their entire cloud infrastructure—they can’t see what is running and they don’t know if their cloud workloads are safe—only 35% employ an integrated security solution.2
All this is compounded because we don’t have enough security talent. In a recent study, 46% of enterprises claim that their organizations do not have the right level of cloud computing skills to provide controls and oversight for cloud computing security.3
Intel Security provides visibility into your environment by discovering cloud workloads, increases protection by sharing network IP, host server security, and cloud security threat information, and improves time-to-protect by automatically inoculating systems.
Setting the course—automating the threat defense lifecycle
Moving to the cloud can feel like exploring a new universe. We believe the best way to navigate security in a hybrid cloud is with an automated threat defense lifecycle. Our solution offers three distinct advantages:
Better control through integration and automation: we have integrated our McAfee Network Security Platform with our Multiplatform Host Security solution (MOVE AV) to unify hybrid cloud protection, threats that emerge at the host or network are now identified and blocked. Through the integration with the Threat Intelligence Exchange (TIE), all network devices and endpoints are automatically inoculated against the identified threat. Additionally, MOVE is integrated with our advanced threat detection malware sandbox (ATD) to provide protection rates greater than 99.5 percent in a fast moving virtual environment.4
Enhanced visibility: our new Cloud Workload Discovery enables enterprises to discover all their virtual networks and virtual private clouds (VPCs), apply security policies, and quickly remediate security issues from a single management console. Moreover, we offer the first network IPS to run natively on VMware NSX and Amazon AWS, eliminating the choke-point architecture of traditional IPS solutions, improving performance and visibility.
Maximize protection: sharing threat information across network and host security irrespective of private/public cloud environment to quickly detect threats and prevent lateral spread. With 50% of enterprises using multiple hypervisors, we deliver a multiplatform agnostic antimalware solution (MOVE) to protect customers irrespective of their platform(s) of choice.
To boldly go where no one has gone before is an iconic phrase from Star Trek. It speaks of both the rewards and the dangers of exploration. Much like the crew of the Starship Enterprise, we too are embarking on a new venture with the cloud. Please join the Intel Security team and me at FOCUS 2016 to explore these new solutions for the hybrid cloud.
1 RightScale 2016 State of the Cloud Report
3 ESG—Cloud Computing & Network Operations Transformation, March 2016
4 Intel Security internal testing
NOTICE: The information contained in this document is for informational purposes only and should not be deemed an offer by Intel or create an obligation on Intel. Intel reserves the right to discontinue products at any time, add or subtract features or functionality, or modify its products, at its sole discretion, without notice and without incurring further obligations. Performance achievement objectives stated throughout this document assume certain environment configurations and are only representative of what we want to achieve, not a statement of current performance.