Ian Jansen van Rensburg, VMware EMEA Senior Engineer, tells Intelligent CIO Africa how organisations can prevent cloud application attacks.
Recent advances in cloud and mobile computing now make it possible to simplify and more fully automate security. There are two fundamental steps to take – implement cyber hygiene and focus on protecting the crown jewels – mission-critical business applications.
With current approaches, it’s hard to effectively achieve security goals, such as ensuring only minimum necessary access. For example, a firewall is often set up at the perimeter of the whole enterprise (like the fence around our whole community) to control access to a group of applications, which can often be thousands of applications.
Instead, there should be a firewall set up to control access to each individual critical application (like each individual house), allowing only access by the users and system components that absolutely need access to that one application (house). Security also needs to get more efficient. Imagine that the guards at the gate get a phone call alerting them to unusual activity somewhere in the community.
The guards might spend all day looking around the community looking for the unusual activity. It would be more efficient if the guards knew exactly which house to go to, if the house was empty or filled with valuables, and if the activity was normal for that house.
With an application-focused approach, the security team can zoom-in on the most important assets, i.e. critical applications, rather than spreading investments thinly across the infrastructure.
Organisations begin by classifying applications to ascertain criticality and prioritisation, so they can put more effort into the most critical applications. Keep in mind however that all applications need some level of protection.
By taking two fundamental steps – implementing the core principles of cyber hygiene and focusing on protecting the application – organisations can move to more effective information security.
Cloud and mobility computing now make it possible and provide a way to architect in security.
As IT environments continue to evolve, this updated model can help ensure that an information security program is not only more effective today but also prepared for the future.