Start For Free
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Aviatrix Blog

Here’s How Companies are Navigating the Network Security Obstacle Course in 2024 

Updated June 6, 2024 in Survey, Security By Tim McConnaughy

Cloud security is a necessity – but when you’re trying to manage a network, it can feel like a never-ending obstacle course. When you’re trying to manage costs, optimize performance, create resiliency, and make the whole network as simple as possible, juggling data encryption, firewalls, user access, monitoring, and troubleshooting can be exhausting.

The recent 2024 Secure Cloud Networking Field Report, a survey of over 400 cloud networking professionals, discovered three main approaches for companies when it comes to cloud security:

  • 39.9% have a “lift and shift” approach – They take security practices and principles from on-premises environments and move them directly to the cloud.
  • 36.7% rely on native cloud services provided by cloud service providers.
  • 23.4% use a third-party solution for cloud security solutions.

All three of these approaches have their advantages and disadvantages.

 

Three Current Approaches to Cloud Networking

Approach 1: Lift and Shift

The lift and shift approach to security seems simple: you already have your network security principles in place – why reinvent the wheel? However, the fundamental differences between an on-premises environment and the cloud mean that this transition is less like reinventing the wheel and more like turning a wheel into a sphere.

Here are some of those fundamental differences:

  • Centralized location vs. distributed environment – Most on-premises environments were in a centralized location, while a cloud environment can be geographically distributed. When you move your resources from on-premises to the cloud, you lose your perimeter, or the clear boundary between the security edge and the assets you need to protect. In a distributed environment, you not only need to connect applications from different places; you need to secure those connections while still ensuring performance and managing costs.
  • Implicit trust – One locked server room kept many on-premises environments safe – but it took only one lost key to compromise that safety. Many on-premises environments had an “implicit trust” model that meant that every user was assumed trustworthy until proven otherwise. When you were in, you were in. In a distributed cloud environment, the implicit trust model makes it harder to identify and prevent threats.
  • Static vs. dynamic identification methods – In on-premises environments, users were identified by static or unchanging attributes like IP addresses. In the cloud, a user could be identified by dynamic attributes, such as IP addresses that change or are NAT’d.
  • Tech debt and unnecessary resources – Simply lifting and shifting into the cloud means that you are moving not only your network, but all its technical debt and potentially overbuilt technology. You may find yourself running huge cloud workloads to support features and configurations you don’t need, but still have to license.

A Better Solution than Lift and Shift

Instead of using a lift and shift approach that ignores the differences between on-premises and cloud environments, companies should adapt by using a cloud-centric, flexible approach to security.

  • Distributed cloud model ― Instead of assuming all resources are in one centralized location, companies need to recognize that security should be embedded throughout a distributed infrastructure. You need unified, networkwide policies with distributed enforcement that sits as close to the workloads as possible so you can lessen data transfer charges for traffic that will be dropped anyway.
  • Zero trust – Companies need to abandon the implicit trust model, which gives users too much access once they’re in the system, and adopt the Zero Trust Model: no one is assumed trustworthy without identification.
  • Dynamic attribute-based security – Instead of authenticating user access based on attributes that can change, like IP addresses, systems should authenticate based on attribute. Attribute-based security allows you to group and identify resources even in separate clouds to ensure one unified policy experience instead of developing and duplicating policies in each cloud. For example, Aviatrix’s multicloud solution offers a SmartGroups feature that allows you to tag resources by attribute across clouds.

 

Approach 2: Native Cloud Services

As mentioned above, 36.7% of the report’s survey respondents rely on native cloud services provided by cloud service providers (CSPs). CSPs offer robust and often customizable security options. If you’ve already budgeted for the CSP you use, why not save costs by using their native security?

While native cloud service security options are a great resource, they come with risks as well.

  • Vendor lock-in ― Relying on a CSP’s security may make a company subject to vendor lock-in, or difficulty in transitioning to a different CSP or security service after becoming dependent on a complex, customized setup in one CSP.
  • Multicloud mayhem — Native security may also become difficult for a company that uses more than one cloud, as each CSP has a different configuration. A security team may find itself juggling security groups, access control, and other access requirements across several CSPs. This problem is especially relevant to firewall solutions, which are unique to each cloud. If you rely on native cloud firewall services, you need to replicate policies in each cloud, and no firewall solution excels in inspecting or protecting traffic across clouds.
  • Visibility – When you rely on native security, you rely on your CSP(s) for log data, threat detection, and response times.

 

Working with Native Cloud Services

Native cloud security solutions will always play a role in your security solution, but clearly, you need a set of best practices to use them effectively. Here are some best practices for working with native cloud security services:

  • A unified security policy – Your company’s security policy needs to be holistic, consistent, comprehensive, and custom-built for you.
  • Multicloud solutions – If your company uses multiple clouds, consider a multicloud solution like Aviatrix’s single pane of glass management interface that helps create and enforce a unified security policy.

Approach 3: Third-Party Cloud Solutions

23.4% of survey respondents to the 2024 Secure Cloud Networking Field Report use a third party for cloud security solutions. These third-party solutions can give companies valuable insights and independence from individual CSPs and cloud-centric solutions to security issues.

However, third-party solutions can also come with risk:

  • Cost – Any third-party solution will cost – no avoiding that.
  • Lift and shift of their own – Some third-party solutions have done a lift and shift of their own, replicating the structure and the problems of on-premises security solutions. They can use the on-premise centralized approach and carry the technical debt and licensing cost of their hardware equivalents.
  • Data integrations – To use any data you gain from a third-party solution, you need to make sure both that solution and your other networking solutions can integrate data easily and quickly enough that the data is still useful.

Using Third-Party Services Wisely

Third-party security services are effective solutions to many of the issues of lift and shift and native cloud services, but they have their own disadvantages. When you examine third-party services for your security needs, consider:

  • Cost – Is this solution cost-effective? In other words, does it fit not only your budget, but your company’s specific security needs?
  • Cloud capabilities – Is this solution really cloud-native, or just a lift and shift of on-premises structure and problems?
  • Data integrations – Can this service integrate with your other third-party solutions, such as logging services?
  • Visibility – Visibility and transparency should be a priority in any third-party solution you choose.

 

Are Any of These Approaches Working?

The lift and shift approach to security is the undoubted loser among the three approaches; companies need to adapt to the cloud. Native security solutions and third-party solutions come with pros and cons. However, the cons of all three approaches appeared to be winning. According to the 2024 Secure Cloud Networking Report, “only 41.8% of respondents strongly agree that their organization’s approach to cloud security is achieving its objectives.”

Certain aspects of security will probably never change. Security costs money; it evolves with changing technology; it complicates other networking concerns like agility. However, security teams can continue using best practices for the cloud like Zero Trust, developing unified policies to utilize native cloud solutions, and exploring useful third-party solutions that enhance security in their networks.

Security teams may never find the perfect solution, but cloud best practices can turn network security from a never-ending obstacle course to a strong and flexible suit of armor that protects your resources and empowers you meet your business goals.

 

Read more findings from the 2024 Secure Cloud Networking Field Report or get in touch with us today! Our cloud networking experts would be glad to discuss your unique cloud security and networking challenges.