The route to secure cloud workload communication
© Provided by TechRadar Representational image of a user accessing data from the cloud

If your company hosts applications in the cloud, you face the challenge of ensuring that your online app communications are secure – both between the apps themselves and between the app and the data center. With complex connections and demanding security requirements, this is an area that is crying out for simplification. Therefore, the answer may lie in cutting-edge cloud workload solutions based on zero trust technology.

When workloads are relocated to the cloud, they need to be accessed in a variety of ways and in the multi-cloud scenarios that are prevalent in business today – this fact is central to the complexity and security debate. For most applications hosted in the public cloud, three communication relationships are required. The workload, which is comprised of the application and the related data, needs to be accessible by the IT department for administrative purposes; it must also be capable of communicating with other applications via the internet, and also be connected to the data center. If the required access rights in these directions are not set up properly, the company may increase its vulnerability to attack.

The costs and effort involved in secure workload communication rise with the number of applications hosted in the cloud and the number of cloud providers used. As hyperscalers tend to use a decentralised infrastructure, their application developers and network and security teams are faced with the challenge of ensuring that the communication relationships for each workload and from each cloud provider are both effective and secure. If these companies adopt a traditional approach to network security, those responsible are often confronted with high levels of complexity or high costs.

The latest “State of Cloud (In)Security” analysis by the Zscaler ThreatLabz team which looked at thousands of cloud workloads shows that security considerations often fall by the wayside due to the complexity of multi-cloud environments.

Compared to 2020, the spectrum and frequency of cloud security problems increased over the course of 2021. According to the analysis, no software, or hardware-based multifactor authentication is used for 71% of cloud accounts, compared to 63% the previous year, and 56% of access keys had not been renewed in the last 90 days: an increase of 6% on last year’s figure. Furthermore, 91% of accounts had been assigned permissions that had never been used.

The majority of permissions granted were not only unnecessary, but also incorrectly configured. In yet another blow to security, the analysis found that 90% of companies did not know that they had granted comprehensive reading rights to third-party providers.

Confusion and chaos in workload communication

The increase in public cloud workloads over the past two years has left many companies facing a complex and chaotic system of connections for their cloud applications. This complexity is the result of the different routing requirements for data traffic destined for the application in the cloud, communication between the cloud-based apps themselves, and communication from the application back to the data centre. Factors such as the required levels of service availability in different regions and availability zones, and even redundant applications, all contribute to convoluted communication paths.

Depending on the data volume, and with dedicated speeds for workload synchronization in the terabyte range, companies are forced to employ fiber-optic technology or direct connections to hyperscalers. Dedicated point-to-point connections address the requirement for workload communication back to the data center. The only alternatives for companies with lower workload data volumes were a complex VPN tunnel or a combination of packages from carriers who could assist with the administrative burden.

In this kind of complex cloud scenario, the question of who exactly is responsible for the security of cloud workloads and all of the associated infrastructure is often overlooked. Although responsibilities may have been clearly defined when the applications were hosted on the network, with the application team, network team and security department all playing their part, the cloud blurs these traditional delineations of responsibility.

Simplifying security via the cloud

The Zero Trust approach has exploded in popularity in recent years as a way of securing application data traffic on the internet as well as remote access to applications in data center or cloud environments. With this approach, secure communication takes place based on policies and defined access rights, in line with the principle of least-privileged access. A security platform acts as an intermediate security layer to implement these policies. These safety services operate between the internet, the applications, and the user to monitor secure communication. In this kind of scenario, a cloud-based approach is ideal as it provides the necessary scope for scaling and requires little input in terms of management.

This Zero Trust-based concept can also be applied to the structuring and monitoring of cloud workload relationships, helping to reduce the complexity of these scenarios. Policies are used to grant the workload access rights to the required applications; these rights are then monitored via a cloud platform. This approach renders network connections obsolete, and instead favors granular connections at individual application level.

Workloads in the cloud can be connected to defined destinations on the internet, to implement updates or to communicate with other applications in different clouds or in the same data center. In this case, too, defined access rights to the cloud workload, between workloads and to the data center, are the basis for secure communication.

The cloud security platform not only implements the access rights but also manages other security functions to monitor data traffic, such as analyzing SSL-encrypted traffic for hidden malicious code.

Cloud workloads are no longer a gateway for attacks

This type of approach has a two-fold effect – it reduces complexity while also reducing the vulnerability of cloud workloads to internet attacks. As communications between apps are encapsulated, the applications themselves are not visible online, thus preventing unauthorized parties from accessing them.

This method also allows for micro segmentation – using the defined access right policies, the system determines which servers can communicate with other servers and in which circumstances this can take place, without needing to route any data traffic via external network devices to apply firewall rules. This approach works across different clouds, counteracting the decentralized methodology of hyperscalers.

It also restores the traditional division of responsibility for the application, the network, and security. The application developer is only responsible for setting up the application’s path to the cloud security platform; responsibility for the security of the cloud infrastructure is transferred back to the security team once the policies are established. As the applications are no longer exposed online for communication purposes, the company also reduces its vulnerability to attack.

The cloud facilitates secure cloud workload communication

Workload connections in the public cloud need to be just as secure as the connections through which individual users access their cloud-based apps. Applying the Zero Trust principles of user communication to cloud workloads allows companies to ensure that this communication is straightforward and secure, while also reducing their exposure to attacks on the internet.

We’ve featured the best identity management software.

NEWS RELATED

Η Blake Lively αποκάλυψε ποιο είναι το μυστικό της αυτοπεποίθησής της

© Queen.gr JUICY NEWS «О ОїП„О­ ОґОµОЅ О­ОЅО№П‰ПѓО± ОєО±О»ПЌП„ОµПЃО± ОјОµ П„ОїОЅ ОµО±П…П„ПЊ ОјОїП…В», ОµОЇПЂОµ О· О·ОёОїПЂОїО№ПЊП‚. Η Blake Lively, εκτός από μια πανέμορφη γυναίκα, είναι ένας άνθρωπος γεμάτος αυτοπεποίηθηση και αυτό βγαίνει προς τα έξω. Η ηθοποιός είναι ακομπλεξάριστη και σε κάθε εμφάνισή της, ο αέρας και το χαμόγελό της ...

View more: Η Blake Lively αποκάλυψε ποιο είναι το μυστικό της αυτοπεποίθησής της

Ann Budge: People say Hearts have to beat Rangers for me - I don't see it that way

When Hearts defeated Rangers in the 1998 Scottish Cup final, they did more than end a 36-year trophy drought. Without knowing it, they sowed the seeds they would later need to survive. © Ann Budge during the Scottish Cup semi-final between Hearts and Hibs at Hampden. “I am a realist ...

View more: Ann Budge: People say Hearts have to beat Rangers for me - I don't see it that way

Jorge Jesus faz acerto verbal com condição com o Fenerbahce, da Turquia

© Ídolo do Flamengo, Jorge Jesus está livre no mercado desde o fim de dezembro de 2021 (Foto: Divulgaç… Ídolo do Flamengo, Jorge Jesus está livre no mercado desde o fim de dezembro de 2021 (Foto: Divulgação / Benfica) Jorge Jesus acertou verbalmente a ida para comandar o Fenerbahce ...

View more: Jorge Jesus faz acerto verbal com condição com o Fenerbahce, da Turquia

Governo anuncia corte de R$ 8,2 bi em verbas de ministérios

BRASÍLIA, DF (FOLHAPRESS) – O Ministério da Economia anunciou nesta sexta-feira (20) a necessidade de um corte adicional de R$ 8,2 bilhões no Orçamento para evitar o estouro do teto de gastos, regra fiscal que limita o crescimento das despesas à variação da inflação. O anúncio significa que os ministérios ...

View more: Governo anuncia corte de R$ 8,2 bi em verbas de ministérios

Denis Abrahão projeta 'evolução' do Grêmio

© Dênis Abrahão, vice-presidente de futebol do Grêmio (FOTO: Lucas Uebel/Grêmio) Dênis Abrahão, vice-presidente de futebol do Grêmio (FOTO: Lucas Uebel/Grêmio) Presente nos bons e maus momentos, Denis Abrahão, vice-presidente do Grêmio, voltou a conversar com a imprensa após o empate sem gols do Tricolor diante do Criciúma. – ...

View more: Denis Abrahão projeta 'evolução' do Grêmio

Nova perícia de Adélio Bispo fica sem data prevista por falta de profissionais

© Divulgação Adélio Bispo de Oliveira, de 40 anos, foi o autor da facada contra o abdômen de Bolsonaro e foi preso no ato Divulgação Adélio Bispo de Oliveira, autor do atentado contra Jair Bolsonaro (PL) na campanha de 2018, iria passar por uma nova perícia médica. Porém esse ...

View more: Nova perícia de Adélio Bispo fica sem data prevista por falta de profissionais

Amandine Pellissard ("Familles nombreuses, la vie en XXL") s’affiche dans un maillot de bain des plus osés !

Ce vendredi 20 mai, Amandine Pelissard a fait monter la température avec une photo d’elle en maillot de bain publiée sur son compte Instagram. © Instagram/famille.pellissard.tf1 Amandine Pellissard (“Familles nombreuses, la vie en XXL”) s’affiche dans un maillot de bain des plus osés ! Alors que les températures grimpent partout ...

View more: Amandine Pellissard ("Familles nombreuses, la vie en XXL") s’affiche dans un maillot de bain des plus osés !

Sexo no frio: veja 5 dicas para esquentar o clima na cama

A queda das temperaturas está afetando a vida de grande parte dos brasileiros. Além das alergias e doenças respiratórias, a onda de frio também pode esfriar as coisas debaixo do edredom. Se você quer melhorar as coisas por aí, veja a seguir as dicas para esquentar o clima na ...

View more: Sexo no frio: veja 5 dicas para esquentar o clima na cama

"Salário no Santos deve aumentar"; Rueda vê rivais na cola e 'turbina' situação de meia de R$ 100 mil de vencimento

50 mouthwatering grill recipes perfect for your weekend barbecue

Bakan Kirişci duyurdu! Ödemeler hesaplara aktarılıyor

“Vous n’êtes pas une politique” : Anne-Claire Coudray rembarre Elisabeth Borne en plein JT

RHOBH Star Kyle Richards Recommends This ‘Great Makeup Case’ for Travel

Professores da rede privada de BH podem entrar em greve na terça-feira (24)

Watch Sunderland fans take over Traflagar Square before League One play-off final

How to Tell If Mushrooms Are Bad

GM follows Ford and Honda in skipping SEMA

Di Maria muss gehen! PSG-Star von Klubbossen belogen?

EPA, NJ announce $588M in water infrastructure spending

Member of Mayor Adams’ security team suffers ‘minor injury’ after can is thrown at him in Brooklyn

OTHER NEWS