Today we launch the Multi-Cloud Security Architecture - and the pathway to get there. This is an industry-wide vision for multi-cloud security which will both address the security challenges emerging in a world of ‘constant breach’ from increasingly sophisticated attackers and also enable the adoption of multi-cloud infrastructure to facilitate secure IT transformation.
In the world of IT security, a tremendous amount of focus has always been on the next incremental step forward (or the next ‘must have’ security control). This is partly why today’s perimeter environments often look more like a hastily assembled set of functions than a coherent architecture. In putting together this reference architecture, we have worked with our customers, partners, and key industry experts and analysts to define a vision for the present and future of data center security architecture. We hope this approach will provoke debate and help to provide a reference point to guide future developments for our customers, and also suggest a series of valuable, achievable, increments to get there. We would love to hear your feedback on the pathway to the Multi-Cloud Security Architecture (MCSA) via Twitter at @vArmourNetworks.
To get a deep dive on MCSA, I encourage you to watch my 30-minute webinar (registration required) and download our detailed whitepaper (no registration required) to get a greater understanding of the pathway and end-state architecture for multi-cloud security - as shown below. Security processes are cyclical in nature and multi-cloud security is no exception to this, which is why MCSA is framed in the traditional security cycle of Prevent, Detect, Respond, and Predict.
In my five part blog series over the next few weeks, I’d like to describe each aspect of the the target reference architecture in more technical detail - from the foundation, prevention, detection, response, and prediction perspective. I will start today with the foundation of the Multi-Cloud Security Architecture.
At a foundational level underpinning the entire architecture, the system needs to be API-driven and distributed. Meaning, the architecture has the ability to apply a variety of security controls in an appropriately scalable and dynamic manner to the variety of multi-cloud venues and their interconnections. Without a fully distributed architecture, traffic becomes converged around ‘choke points’ and fails to scale in the way that is consistent with ‘scale out’ multi-cloud architectures.
Additionally, independence of the cloud environment and the endpoint is tremendously important to ensure flexibility, security and independent control. Coupling between security capabilities and the multi-cloud environment or workload results in reduced flexibility and inevitable compromises some point down the line. For example, dependence upon a single service provider’s differentiating security features could lead to an inability to make placement decisions for commercial or other technological reasons; organizations must be able to choose the right multi-cloud infrastructure for their business needs and have security to support it. If we are to realize the full benefits of a multi-cloud architecture, security must not become the ‘lock-in’ for this decision, yet the limitations of a single provider shouldn’t constrain the security capabilities of the multi-cloud.
Equally critical are strong foundational concepts, such as granular data collection, down to Layer 7, to feed threat analytics. In addition, strong identity and access management for applications, data, and infrastructure is imperative to protect every potential access point for attackers at the most basic level.
Now that we have covered the foundational elements of the Multi-Cloud Security Architecture, stay tuned for next week’s blog on Prevention in MCSA. Read the details of MCSA and our ecosystem of partners to support this vision in the official press release.