Cloud Security: Making the Invisible … Visible

Living in Colorado and having 14,000-foot mountains in my backyard, there are times I end up driving into the clouds. One minute I can be traveling in sunshine and great weather and the next, a cloud surrounds my car.

Entering a cloud, things begin to lose visibility. Soon, you can barely make out anything around you. This is a good time to slow down and get clarity on your surroundings.

As the business market continues to drive into the cloud, it too comes with risk of diminished visibility. The major cloud providers give you tools to secure platforms in the cloud, but they don’t provide you the means of monitoring those solutions to know what is happening in the platform or within a cloud datacenter.

Besides a bill for your monthly traffic, compute and storage usage, you don’t have visibility of what the traffic is within the cloud.

For many, cloud security can be a challenging prospect as each provider has slightly different ways of implementing their security stack. You may have secured your cloud devices, but how do you know what traffic goes in and out of them? And just because you identify the appropriate ports and protocols that are allowed, that doesn’t mean your application can’t be compromised and data exfiltrated through those ports and protocols.

How to Gain Better Cloud Visibility

The challenge when working within the cloud is making the invisible, visible. Cloud providers do not rely upon layer 2 connections, but rather route all the traffic based upon their own algorithms/methods.

In most cloud systems, depending upon how well you’ve defined your security rules, when you launch a new device within a cloud environment, all the other devices within that environment can send traffic to and from each other. This is why micro-segmentation has become one of the cloud buzzwords; we needed the ability to restrict traffic at the host or interface level.

While micro-segmentation will allow you to restrict traffic, how do you inspect the traffic?

How Virtual Firewalls Secure Cloud Environments

SonicWall provides two products to help with this problem of visibility within the cloud: Network Security Virtual Firewall (NSv) and Web Application Firewall (WAF). These products each have their own purposes, but when implemented correctly, they will provide you visibility within the cloud.

Every cloud provider allows you to modify the default route paths and direct traffic within their infrastructure. With these routes, you can direct traffic in and out of NSv or WAF in order to provide additional visibility and inspection of the traffic within your cloud.

You can further improve cloud security by adding Deep Packet Inspection (DPI), Capture Advanced Threat Protection (ATP) multi-engine cloud sandboxing, which includes Real-Time Deep Memory Inspection (RTDMI^TM), and traffic reporting and analysis.

Setting up the custom route tables to direct traffic within a cloud provider can be a daunting task. SonicWall’s Remote Implementation Service for the NSv Firewalls can help.

Whether you use the SonicWall NSv or the WAF within the cloud, you will have the ability to shed light upon the traffic within the cloud and know that it’s appropriate for your environment. Take back control of your traffic by bringing it to a higher level — above the clouds.

Beau Beamesderfer

Solutions Architect | SonicWall

Beau, who is based in Colorado, has worked on highly secure and complex networks and systems for 25-plus years. Previous to his position with SonicWall, Beau worked with Dell EMC Professional Services as a senior consultant. In that role, Beau used his expertise for on-premise and cloud systems within the enterprise platform, and also helped to secure the transition from on-premise systems to hybrid or cloud-based systems.