Contextualizing Cyber Security tools and frameworks

After medical science, if any professional stream has the most number of acronyms, Cybersecurity would be it. Every acronym represents a concept, framework, or tool with substantial overlapping features with others. It is not always easy to find how these different solutions interact with each other.

While I may not know about all, let's contextualize a few of the most prominent ones which often find a place on CISO’s agenda.

If we could visualize all of them in a single frame, the picture may look something like this.

 Now, let's look at the different parts of this picture in brief.

Security of End Point

Endpoints are essentially devices used to access applications and services. It may include laptops, desktops computers, smartphones, tablets, IoT devices, and edge servers among many others. Endpoint security focuses on securing these devices, along with cloud or on-prem resources, when they are connecting to the network and accessing or storing the data.

Endpoint protection (EPP) is a legacy classification-based solution for threat detection. Although this solution can identify known threats by looking up a known-threat database(KTDB) and take an automated action if a match is found.

Endpoint detection and response (EDR) is an evolution of EPP in the sense that it can also identify unknown sophisticated cyber threats.

XDR (also referred to as X-EDR) bridges the gaps left by EDR. It extends endpoint detection and response capabilities to networks, cloud services, and the entire threat surface. It is also called X-EDR.

As X-EDR is mostly machine surveillance, it may generate a lot of noise – duplicate alerts and false negatives. MDR brings human experts and AI to take care of that experience.

MDR (also referred to as M-XDR) is managed service provided by a third-party security provider who delivers the XDR solution reducing the workload of enterprise security professionals. MDR is especially relevant when the organization doesn't have the skills or adequate bandwidth to provide holistic security coverage to its technology ecosystem.

If you considering applying an XDR/MDR solution, your consideration set may start with these:

Security of SaaS

SSE and SASE – When Gartner coined these two terms in 2021, frankly, it took me a while to figure out what exactly Gartner is trying to cover that is not already covered in existing security frameworks.

So, what I understand now is – SSE (security service edge) is a security framework to bring all solutions targeting the security needs of rapid cloud adoption, SaaS-centric IT, and a growing remote workforce.

While SSE facilitates secured access to websites, SaaS applications, and custom-developed applications hosted on the cloud-hosted cloud, SASE (security access service edge) extends the security to the wide area network (WAN) when the cloud resources are not only accessed from the public internet but also private on-premise networks.

In a start-up ecosystem, where there is little to no on-premise infrastructure, SSE works perfectly in securing SaaS resources. However, for a large enterprise, SASE is required to enable secure access from private offices and public internet.

Although I haven't mentioned Email Security explicitly in this section, it is one of the most important parts of an organization's IT security. In fact, it would be the first Security solution you may start with considering, that emails are the first and foremost way of communicating within and outside an organization. So, just for completeness' sake, sharing here the most popular email security solutions:

 

Run-time security components (Enterprise Architect / CTO organization)

DDoS (distributed denial of service attack) is one of the most prominent patterns of security attacks. Most of the Content Delivery Network (CDN) service providers and hyperscalars provide a basic level of DDoS protection complimentary as part of their services. Load Balancers also play an important role in blocking DDoS attacks.

Once a user request passes through Edge or CDN Network, WAF (Web-application Firewall) provides a second line of defense. It is generally attached to CDNs and external Load-balancers. WAF provides critical protection mainly by creating a baseline of access parameters like URLs, cookies, and sessions; blocking external attacks defined by OWASP such as SQL injection, Cross-site scripting, etc.

Often, a Network Firewall is also placed before WAF to ensure Layer-4 attacks are prevented before the WAF gets into action to prevent layer-7 attacks. In fact, solutions like Next-gen firewalls (NGFW) combine the capabilities of WAFs and network firewalls into one, providing extra context to organizational security policies. 

NACL (network access control list) and Security groups are software-defined security features that secure Subnet and Virtual machines. Cloud providers may have differently named components and ways to configure this layer. For example. while AWS has NACL and Security Groups as separate configurable resources, Azure has the capability of Network Security groups (NSG). Google Cloud facilitates global network protection using the software-defined firewall as a service.

IDPS (IDS / IPS) aims at detecting all intrusions or attacks as they occur and preventing them. It is a gatekeeper that analyzes inbound and outbound network traffic for signs of known attackers. It sits in the perimeter before Firewall and can catch packets missed by a firewall. They can be Virtual Machine-based, Host-based, Network-based, and Wireless, and they can also do Network Behavior Analysis.

If you have already implemented an IDPS solution, it's highly probable that it would be one of these:

IAM or Identity access management is the foundation of the IT security landscape. Driving the Least Privilege philosophy and codified policies, IAM has its impression on all cyber security frameworks including Security Service Edge (SSE).

While, within IAM, RBAC (Role-based access control) is the most popular framework, ABAC (Attribute-based access control) augments the security layer by providing a dynamic way to grant access based on specific attributes of the requester.

Following the Shift-left approach to IT security, secured code review (SCR), static application security testing (SAST), and dynamic application security testing (DAST) jointly provide the first line of defense for your custom applications. If every line of code released to production has gone through this first line of defense, it will substantially reduce the security threat to the organizations.

Security Operations (CISO’s organization)

Once the IT infrastructure and applications are up and running in production, the next step to is keep it secured through robust security operations, Although, planning for security operations starts from the time a new technologies component is being designed and developed, the real work starts when these newly developed components go to production. Solutions like SIEM, SOAR, and platforms like TIP play a role in keeping the business technology landscape secure.

SIEM solutions are designed to ingest all the logs and telemetry data (users, application, network, and other tech assets) in storage, and analyze them using event correlation and analytics to uncover a potential security incident. It can integrate with other security solutions to get data and share the events. It is mainly an alert generation solution

SOAR platforms extend SIEM capabilities by consuming alerts and orchestrating workflows to automate responses. As SIEM and other security solutions may produce more alerts than the SOC team can handle, SOAR helps the SOC teams respond to newer critical alerts quickly and efficiently.

TIPs aggregate security intelligence feeds (threats and suspicious activities) from vendors, analysts, and other sources across the globe. This data includes malicious IP addresses, domains, file hashes, etc.

TIPs drive actionable intelligence from this data and feed them into other security solutions such as EDR, SIEM, IDPS, and firewalls.

SOC or Security Operations Centre – a centralized function within an organization to monitor, prevent, detect, investigate, and respond to cyber threats to protect the organization’s technology and data assets such as IPs (intellectual properties), data, systems, and applications.

If you have made up your mind to implement SIEM/SOAR solution, you may start from this list for evaluation:

Most of the time, organizations either don't have enough bandwidth, or skillset to set up a Security operations center (SOC). In those situations, a managed security service provider (including a system integrator) may help set up and operationalize SOC.

Also, as it could be overwhelming for any organization to evaluate every solution listed here, they must ask their SI partner to provide the best set of solutions aligned with business needs and the existing tech landscape.

I hope this article helped in your understanding of the overall security landscape and how different solutions help provide a layer security framework to business-critical information and processes. 

Cloud Comparison - Part-3: Business Strategy - Get Set Go

All businesses formulate their strategies around their strengths and use partnerships and collaborations to bridge the gaps. The three cloud hyperscalars we are talking about – AWS, Azure, and GCP – also follow a similar approach. 

Before we go into details about these three players, let me list the main segments of the cloud market.

The cloud market is divided into 3 sets of solutions:

1. IaaS (Storage, Compute, Network)

• Public IaaS – This is the segment with ~$100B market and AWS commands around 55% of the market, followed by Microsoft (30%), Google (10%)
• Private IaaS (On-premise) – This is a sub-segment within IaaS driven by clients' demand for hybrid cloud solutions. Overall market size is ~$25B led by Microsoft Azure Stack (33%), Google Cloud Anthos (25%), AWS Outposts (15%)
• Overall IaaS market is led by AWS with more than half of the market share.

* Please note, that all numbers mentioned here are approximates and based on the reports published by Gartner and TBRi. The purpose is not to focus on actual numbers but to get an idea of cloud market fragmentation among three large players.

2. PaaS (Environments ready to deploy applications; very limited control on Storage, Compute, Network)

• Public PaaS – This is the next segment with a size of $80B. Microsoft, with ~33% of the market, leads the pack. AWS commands ~16% and Google cloud ~10% of the market.
• Private PaaS – With the PaaS solutions deployed on-premise, this segment gets ~$15B market, and Microsoft has a lead over others.
• Overall the PaaS market is led by Microsoft with ~35% of the market. 

3. SaaS & COTS (On-prem as well as cloud solutions including ERP, CRM, Databases, BI, HR, and marketing solutions)

• This is a highly fragmented segment with a size of ~200B. Here Microsoft has been a traditional leader for a long time. With its 365 and power platforms, Microsoft commands over 35% of the market. While SAP and Salesforce may claim second and third positions, AWS and GCP are not very big players in this segment.

So while AWS has a huge lead over others in IaaS, Microsoft is the leader in all other segments and catching fast in the rapidly commoditizing IaaS segment because of its end-to-end solution proposition.

If we look at their overall positioning, both AWS and Azure are positioning themselves as a one-stop shop for all of their client needs. Google Cloud has deliberately closed a few doors for itself so to ensure it can focus on the things that matter most to its target set of customers.

Moreover, as the cloud is becoming synonymous with IaaS, what once used to be said about IBM, is now being said about AWS – No CIO is going to be fired for choosing AWS. AWS has become a default choice for the cloud, particularly IaaS, even more so when organizations don’t have a specific set of criteria to find the best platform for their needs.

Although all three are trying similar levers to grow, such as Cloud Migration Discounts, Partner Programs to promote channel sales, and Joint GTM with System Integrators, there are also nuanced differences in how they navigate through this fragmented market.

In the table above, I summarize key strategic aspects that have defined AWS, Azure, and GCP’s journey in terms of how they started their offerings, how they are building the landscape, and how they are growing their footprint in the global cloud market.

#CompareCloud #AWS #Azure #GCP #Digital #Cloud #Strategy

Emerging Techs Hype Curve 2022 - Web3 Foundation is underway, Metaverse will take a decade !!!

 

While most of the technologies on the hype curve are known and will mature in the time period Gartner mentions. I am interested in seeing how a few specific ones will take shape – Internal Talent Marketplace, Digital Human, and Minimum Viable Architecture. When these ones mature, we will witness faster and more decentralized business transformation through digital.

Nevertheless, what I find interesting is, that while NFT, Decentralized Identity, Digital Twin, and Web3 may find their places in 2-10 years, Metaverse and Digital Human are still more than a decade away, and rightly so, because NFT, DI, Digital Twin, and Web3 will be the pillars of the Metaverse ecosystem.

Similarly, while Cloud Hyperscalars like Azure have been trying to lead with Industry Cloud Platforms solutions, Creating cloud data ecosystems for various industries will play a critical role in building those industry solutions. However, as I interact with hyperscalars and a few clients, I reckon that both cloud data ecosystem and industry solutions on the cloud will be part of mainstream business transformation by 2025-2027, instead of the 5-10 years that Gartner estimates.

Merging cloud frameworks for a sustainable digital transformation (Corporate Blog)

 

Please refer the original post at

https://atos.net/en/blog/merging-cloud-frameworks-for-a-sustainable-digital-transformation

Cloud Comparison - Part-2: Management & Administration

In Part-1 we talked about the geographical coverage of the three largest hyperscalars (excl. Alibaba).

Here, in Part-2, let’s see how you can organize your cloud resource for better management and administration. In general, all three hyperscalars provide a hierarchical way to structure your cloud workloads. This structure covers 3 aspects:

1. Centralized policy enforcement at an appropriate level
2. Billing administration aligned with the organizational structure and strategy
3. Reporting and monitoring of cloud resources driving accountability

Reflecting their organizational philosophy, google cloud’s structure is very simple and intuitive without losing the flexibility you may need to structure your cloud workloads. 

Azure’s way of organizing cloud resources may seem a little confusing to starters, however, its concept of “Resource Group” is extremely useful as it enables one-click administration of many of your cloud resources. Even though you may be able to achieve the same thing in GCP and AWS with other options, they are not as easy as the "Resource Group" is in Azure.

At the top level, both AWS and GCP provide a way to create an “Organization” that represents your real-world organization. Azure uses the Azure Active Directory (tenant) as a top-level entity.

For billing, all three provide a way to consolidate billing independently of how the workloads are structured across different sub-units. In AWS, a management billing account can be used to manage billing across multiple member accounts. In Azure, one billing account can be used to manage multiple subscriptions, which is the lowest level of billing separation in Azure. In Google Cloud, you may have multiple cloud billing accounts to group workloads in different projects.

For logical groups and a hierarchical structure, AWS provides “Organizational Unit (OU)” under “Organization”. You may govern multiple member accounts within an OU. Similarly, using Azure’s “Management Group”, we can create 5 levels of hierarchies under the Top-level management group. In this hierarchy, leaf nodes would be resource groups under specific subscriptions. 

In GCP, the structure is simple. Within the “Organization” node, we may have zero to many folders, and within that, we can have one-to-many projects which provide the lowest management and billing separation. Here, folders are optional, so, projects can be placed directly under the organization node.

At the lowest level of management boundary and billing Separation, AWS uses “Member accounts” to organize all the cloud resources. In Azure, this feature is provided by “Subscriptions”. In GCP, “Projects” take care of the same capability.

For one-click resource administration, Azure provides a most helpful feature – “Resource Group”. In GCP and AWS, it can be achieved partially using Tags and Labels. In AWS, if the resources were created using cloud formation, we can do one-click resource administration in cloud formation as well.

The last one is Dynamic Grouping which can help in cost-allocation to different departments of cost-heads for billing, managing varying levels of security for different workloads, and other monitoring needs. AWS tags, Azure tags, and GCP labels can be used to automate events & workflows, and management, and Attribute-based Access Control (ABAC).

Overall, while Azure’s “Resource group” is a unique feature, all other features are comparable.

For more details, please see:

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/organize-subscriptions

https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy

#CompareCloud #Tip 2 #AWS #Azure #GCP #Digital #Cloud #Strategy