Security should not be an afterthought in cloud security
In the ever-evolving landscape of technology, cloud computing has emerged as an indispensable tool for individuals and organisations alike. Offering unparalleled scalability, accessibility, and efficiency, the cloud has revolutionised the way we store, process, and access data. However, as the utilisation of cloud services continues to soar, so does the importance of addressing the paramount concern of cloud security.
As data breaches and cyber threats become increasingly sophisticated, ensuring the safety and integrity of sensitive information has become a top priority. The realm of cloud security encompasses a multitude of challenges, ranging from protecting data privacy to safeguarding against unauthorised access and defending against the potential vulnerabilities of shared infrastructure.
Cyber Magazine sits down with Josh Goldfarb, Security and Fraud Architect at F5 Inc, about F5’s solutions, the challenges organisations face when moving to the cloud and why hybrid IT is the future.
Trends in cloud adoption
The transition to the cloud has completely changed the cyber threat landscape. As Goldfarb explains, much of this change has been driven by end customers.
“Once upon a time, F5 was, like many technology companies, a bare metal on-premise server or box provider,” he explains. “Customers would have to order one of our BIG-IP boxes and have to put it in their data centre or on-premise.
“With time, our customers have needed us to evolve and change to meet their needs. A lot of that change is driven by their end customers. When it comes to banking, for example, the idea of having to go to a brick-and-mortar bank these days is, for many of us, foreign. Even before COVID, most of us did a lot of banking online. Now, the idea of going into a branch to do something is almost nonexistent with most people under a certain age.”
As businesses move online, customers need to be able to meet that demand. “This means that they need to move closer to their customers, meaning they need to move into the cloud or the edge,” Goldfarb adds. “Because of that, they often end up with multiple cloud environments or hybrid environments that include a mix of on-premise, cloud and edge. So our customers needed us to support them in their journey to satisfy their customers.”
Through a combination of organic evolution and acquisition, F5 has joined its customers on that journey. “With our flagship BIG-IP brand, for example, we spent a lot of time developing and improving so that it no longer requires that the customer buy a server, it can now be deployed in cloud environments.”
With customers using increasingly complex cloud environments, a new solution was needed. Enter, Distributed Cloud.
“As our customers were trying to meet their end customer needs, most of them were getting into a situation where they had extremely complex environments – some cloud, some edge, some on-prem or private data centre – and they had entire teams dedicated to setting up and managing technology stacks for security, for development, for fraud and for IT at each of these environments.”
Through a number of acquisitions in the cloud space, in the form of Volterra, Shape and Threat Stack, Distributed Cloud was formed.
As Goldfarb explains, one benefit of Distributed Cloud is the ability to simplify the management and administration of IT security and application stack across multiple environments – whether they're on-prem or in the cloud: “A huge win for our customers is the ability to simplify that diverse or hybrid cloud environment or multi-cloud environment. But another huge win for them is that, once I deploy and deliver my applications and APIs, I also want to secure those or protect those from security and fraud threats.
“That's another area where, through organic growth and strategic acquisitions, F5 has been able to provide our customers the ability to protect those applications and APIs from a variety of security and fraud threats, regardless of what environment they're in.”
The challenges of moving into the cloud
The rapid move to the cloud has resulted in a number of challenges which must be addressed. As organisations move to a variety of different cloud environments to get closer to their customers and maintain the same pace of innovation, it is essential for security to not be overlooked.
“Let's say I'm a bank or a retailer and you're my customer, and you tell me that you want a certain capability on your smartphone application for the bank or for the retail site,” Goldfarb comments. “Well, I'm going to do my best to get you that as quickly as possible.
“That might mean that, unfortunately, security and fraud are an afterthought. Or, if I include them from the get-go, I need a way to do that without being overly intrusive in the process of development and deployment.
“That is another challenge that our customers have is either trying to get security and fraud baked in without it becoming a six-month or a year delay. And also if it hasn't been baked in, adding it after the fact to protect those applications and APIs in a way that isn't intrusive, that doesn't interfere with your ability, for example, to consume what you want from that application.”
The future cloud landscape
Today, global organisations are continuing to grapple with multi-cloud opportunities and challenges. But as F5’s 9th annual State of Application Strategy Report (SOAS) found, hybrid IT is here to stay.
In 2018, 74% of survey respondents planned to deploy “up to half” their apps in “a cloud.” But today, the report found, just under half of respondents (48%) say they currently have any apps deployed in the cloud, and on average organisations deploy only 15% of their app portfolio in the cloud.
“What we see across our customers is that whereas once it may have looked like everything was moving to the cloud, the reality of the situation is it doesn't look like that will happen,” Goldfarb concludes. “Some things will remain on-prem, some things will either migrate to the cloud. And in some cases will repatriate back to the on-prem depending on the costing.
“I think the picture for the next two to three years is one of complexity. The fact that one of our chief differentiators for our customers is our ability to simplify that complexity is going to be a huge win. I think that they're going to find themselves continually in situations where they will have increased complexity and not reduced complexity. And we can help them with that. And I don't see any other way around that. I don't see the world going any other way.”