<
>

Securing the Cloud by Learning from the Horseshoe Crab

Author: Ron Goh is President, Southeast Asia and Korea at VMware

Horseshoe crabs are known for its excellent immune systems. Surviving for more than 450 million years is testimony to that. The horseshoe crab’s blood has the amazing ability to detect minute traces of bacteria and trap them in clotted masses, isolating these infectious agents before they can spread to inflict further harm.

Taking inspiration from this simple yet sophisticated defense system, we can look to enterprise security in the same vein. Malicious cyber-attacks, hacks and data breaches can cause widespread damage, impacting bottom lines. Such risks are increasing, as more organizations in Asean embark on the journey to the cloud.

What businesses need is micro-segmentation in the network. Micro-segmentation provides granular application visibility in the virtualization layer, helping to shrink the attack surface and containing any attack, thus creating a more actionable security model.
The use of micro-segmentation radically improves a network’s ability to prevent attacks by allowing the creation of a least-privilege environment around an application. It creates far better visibility and control for I.T inside that environment. Benefits are multifold - it reduces the attack surface, simplifies security, and improves the ability to detect anomalies. Robust security defense starts with the ability to see the entire infrastructure of the enterprise, and what needs to be protected.

Micro-segmentation also simplifies another weapon in the security arsenal: encryption. Encryption is an incredibly effective tool for protecting sensitive data—at rest, in use, or in flight. But this effectiveness has been limited because of the complexity of managing encryption. In a micro-segmented environment, virtualization turns encryption into a simple ‘check-box’ on a micro-segment.

Every IT department faces the unenviable task of overseeing the myriad network of firewalls, identity management, and endpoint security. However, creating a firewall around infrastructure only provides a first-line perimeter defense. Security solutions need to be deployed in both a more ubiquitous and granular manner, to offer better and more intrinsic protection. Micro-segmentation, new ways to quarantine east-west traffic, and a new approach to endpoint security offer improved options to protect enterprise security.

AmBank in Malaysia recognized this – the company’s legacy IT infrastructure operated on the traditional “rack and stack” model, which was a costly, inefficient system that required deployment times of up to 12 weeks per new server installation. AmBank’s physical and power limits were eventually reached, leaving the system vulnerable to power outages and cybersecurity risks, further stretching IT resources. To counter this, AmBank moved its systems to a completely virtual environment, thus bolstering security, operating on a much smaller hardware footprint and enabling staff to be more productive.

Cyber threats and risks are not going to disappear. With cloud technologies becoming mainstream in enterprises across Asean, we need to be better prepared in enterprise security. Like the horseshoe crab’s excellent immune system, we can strengthen our enterprise defenses to be more proactive and targeted, and a key strategy will be through micro-segmentation in network virtualization.

share us your thought

0 Comment Log in or register to post comments