By Jonathan Maresky, Cloud Security Expert, Check Point Software
As organizations expand and deepen their cloud presence, security for cloud is becoming business-critical. According to the Check Point 2020 Cloud Security Report, 75% of surveyed organizations described high levels of concern surrounding cloud security.
This article describes ten essential considerations that an organization should examine when choosing its cloud network security platform. It explains how you can ensure that vendor solutions have the capabilities that are important for your organization’s security and success.
- Advanced Threat Prevention and Deep Security. In today’s complex cyber security landscape, threat detection is not enough to effectively safeguard assets. You need multilayered, real-time threat prevention for both known and unknown (zero-day) vulnerabilities. The solution must provide deep security via features such as granular and deep traffic inspection, enhanced threat intelligence, and sandboxing that isolates suspicious traffic until it is either blocked or validated. And these advanced capabilities must be deployed on both North-South (incoming/outgoing) and East-West (lateral) traffic.
- Borderless. The solution must operate transparently and consistently across even the most complex multi-cloud and hybrid (public/private/on-prem) ecosystems. A unified management interface (sometimes called a “single pane-of-glass”) should provide a single source of cloud network security truth, along with a centralized command and control console.
- Granular Traffic Inspection and Control. Seek out next generation firewall (NGFW) capabilities, such as fine matching granularity that moves beyond basic whitelisting, deep inspection to ensure that traffic matches the purposes of the allowed ports, advanced filtering based on URL addresses, and controls at not just the port level, but the application level as well.
- Automation. To match the speed and scalability of DevOps, the solution needs to support sophisticated levels of automation, including programmatic command and control of security gateways, seamless integration with CI/CD processes, automated threat response and remediation workflows, and dynamic policy updates that don’t require human intervention.
- Integration and Ease of Use. The solution must operate effectively with your company’s configuration management stack, including support for Infrastructure as Code deployments. In addition, the solution needs to be deeply integrated with the offerings of the cloud provider. In general, your goal should be to streamline operations and promote ease of use by minimizing the number of point security solutions that must be deployed and managed separately.
- Visibility. The solution’s dashboards, logs, and reports should provide end-to-end and actionable visibility into events as they are occurring. For example, logs and reports should use easy-to-parse cloud object names rather than obscure IP addresses. This visibility is also important for enhanced forensic analytics, should a breach unfold.
- Scalable, Secure Remote Access. The solution must secure remote access to the company’s cloud environment with features such as multi-factor authentication, endpoint compliance scanning, and encryption of data-in-transit. Remote access must also be able to scale quickly, so that during times of disruption -such as the COVID-19 pandemic- any number of remote employees can work productively and securely.
- Context-aware Security Management. The cloud network security solution must be able to aggregate and correlate information across the entire environment—public and private clouds as well as on-prem networks—so that security policies can be both context-aware and consistent. Changes to network, asset, or security group configurations should be automatically reflected in their relevant security policies.
- Vendor Support and Industry Recognition. In addition to the features and capabilities of the solution at-hand, it is also important to closely review the vendor’s reputation. Is it highly rated by independent industry analysts and third party security testing companies? Can it meet your SLAs? Does it have a proven track record? Can it provide added value, such as network security advisory services? Can it support your global operations? Is it committed to innovation so that its solution will be future-proof? Is its software mature, with a limited number of vulnerabilities, and does it deliver timely fixes?
- Total Cost of Ownership. The total cost of ownership is determined by a variety of factors, all of which should be considered as part of the buying process: the flexibility of the licensing model, the extent to which the cloud security platform seamlessly integrates with and leverages existing IT systems, the level and scope of personnel required to administer the system, the vendor’s MTTR and availability SLAs, and more. Your cloud security platform should streamline operations, optimize workflows, and reduce costs while enhancing your security posture. The last thing you want is to be surprised by hidden infrastructure, personnel and other costs that emerge only after the system is up and running.