Building a wall is NOT the answer

For about 20 years I've been installing, configuring and selling walls to protect the perimeter of Networks and Data Centers. When I just started in the IT security industry, that wall was a simple stateful inspection firewall, configured to allow or deny IP addresses and ports. Years later - as hackers became smarter and attacks more sophisticated - that firewall evolved to a Next Generation Firewall, including Intrusion Prevention Systems (IPS), anti-malware, URL filtering, VPN and finally full layer 7 Application Firewall.

But in the end, advanced and sophisticated as it is, it is still a wall protecting your network and on premise IT assets based on IP, ports and applications.

Now that the Cloud era has arrived, a wall around the on premise network suddenly has a big issue. Services and IT assets are no longer within that perimeter. A local wall can't protect data or assets outside of it. Another issue around Cloud is the way we consume these services. No longer are we using our computer at the office to use the services, but we also consume the same services using apps on our mobile devices from wherever we are at that moment. We clearly need another approach to IT security in this Cloud era, and simply building a thicker and higher wall won't cut it.

First of all, forget about IP addresses and trying to secure based on networks or computers. We are global and mobile now. So what is the next basis to build our new era security on ? Identity. If I connect with my laptop from the office, from home or from the airport, or if I connect with my mobile phone from the beach (I live in Malaga after all), the only common parameter is ME. From wherever and with whatever I consume services, it's still me. So Identity Access Management (IAM) is the basis of security.

Once we understand IAM is the basis, we can start building our security on top of that. Single-Sign-On (SSO) is mandatory for our consumers. Multi-factor authentication is a must. User Behavior Analytics (UEBA) makes sure that if someone tries to impersonate me, this is detected and dealt with promptly. For example I usually login from Malaga, but occasionally I work abroad. Through Machine Learning (ML) a sophisticated UEBA is smart enough to learn my patterns and usual locations. But when I suddenly try to login from China using an unknown linux system, it might be a good idea to send me an extra authentication token to my mobile, just in case.

Once we have established this IAM baseline, we can expand our security as needed. At Oracle we follow the concept of an Identity SOC - A full Security Operation Center where Identity is in the center.

The best place to monitor and analyse User Behavior when consuming cloud services, is a Cloud Access Security Broker (CASB) system. A CASB can be used as a proxy to be in the middle of the users and the cloud services, or can use the API's delivered by the cloud providers. Data loss Prevention (DLP) can usually also be implemented on a CASB, as it monitors and prevents access to cloud services and can see user behavior anomalies on the fly.

Off course multiple solutions and multiple security products make it more complex for us humans to analyse and take actions accordingly. Therefore the more automation built in these systems, the better and the easier it gets for the security engineers.

A centralized logging services, that also correlates all that data and has again Machine Learning built-in to detect anomalies, makes life even easier and for sure more secure. Total visibility and security around your cloud applications can be achieved with a Security Information and Event Management (SIEM) solution. At Oracle we call this our single glass of pane, including extra UEBA and ML to rule out false positives and find all relevant anomalies.

So in the end building a higher and bigger wall is definitely not the answer in the cloud era. Identity is the new perimeter and a whole suite of security solutions arise directly in the cloud.

For more information on Oracle IDSOC : https://cloud.oracle.com/security

*views expressed are my own*