UKI Tech News: Cloud Native Security and the Opportunity to Your Business

ResourcesSophos Cloud Native Security (CNS)Technical NewsUKI

When we are asked to discuss Cloud, what does this mean to you and your business?

For many businesses and organisations, it has been a long-planned digital transformation journey, which has included multiple changes along the way; making use of local and hybrid, private and public with an ongoing mixture of all of these to deliver the required outcome. Though many other businesses were met with a need to make the move quickly in early 2020 when offices were closed in response to the global pandemic. Fast forward to today and businesses are needing to make a few changes, select the best licence options and plan security reviews to allow the cloud to become a permanent part of their adaptive ecosystem.

At the start of 2021, Forbes reported that because of the uncertainty of the times and the realities of the “new normal,” more organisations are now charting the course for their journeys toward cloud computing and digital transformation. Just a few months into the pandemic, Microsoft CEO Satya Nadella said that the company had seen two years of digital transformation in two months as its customers started adopting cloud solutions. We have all seen the change in the way we communicate and conduct business. For example, video conferencing has become so popular that even our grandparents are happy to receive a Zoom call.

Cloud usage for many has become a suitable way to meet the challenges, new or known; providing flexible computing power, high availability, disaster recovery, lower cost for backup and disaster recovery, resilient core for business process and business continuity, legacy skill risk, remote workforce management, safe return to the workplace, and business agility to allow for resilient business functions. Simplifying and speeding up the way we interact with businesses, access a required service or item place orders, and collect or receive deliveries are all now being powered by software services developed and launched across multiple cloud providers and locations.

Using the cloud has many benefits for use, including more ways to access, store, test and dev or website/e-commerce hosting. The Cloud offers access to a wider range of tools and technologies, allowing quick spin-up of resources as needed to be used to meet your needs, allowing the option to switch off when no longer required.

Cloud Computing can support project growth without the need to over-provision for future use. Scaling resources up and down as capacity changes, these options allow for reduced upfront expenditure and only be charged for the resources as they are required. Meeting the demand for services and cost control. When it comes to demand, the ability to deliver your services in a different location can result if your services are accessed in local regions by users delivering faster response and local compliance.

This ease of access with no upfront commitment is one of the reasons that Start-ups and SMB users have been big consumers of AWS over the past 2 years.

How are companies assessing and making use of Cloud environments? The As a Service Model is used by many to include:

  • Infrastructure as a Service (IaaS) – This provides the most similar experience to the existing IT resources with which many IT departments and developers are familiar. Access to networking features, computers (virtual or on dedicated hardware), and data storage space purchasing resources on-demand and as-needed instead of having to buy the hardware outright.
  • With Platform as a Service (PaaS), you do not need to worry about resource procurement, capacity planning, software maintenance, and patching involved in running your application. Just focus on the deployment and management of your applications.
  • Or you may be familiar with tools like Office 365 and Salesforce.com Software as a Service (SaaS) which are a complete product that is run and managed by a third-party vendor. With a SaaS offering, you do not have to think about how the service is maintained or how the underlying infrastructure is managed or even the need to carry out downloads or installations on the client side.

Public Cloud can be used to access these services required by their customers from the Cloud provider themselves. It is the public cloud like AWS, Azure or Google that are built with a particular market or customer type in mind who are using these environments and what are they doing within these them now or planning to do with them in the future. Though, as with all Infrastructure, we need to consider the security requirements

Do not forget your security when moving to any services and providers that are cloud located. The Public Cloud providers operate a shared responsibility for security of the Cloud. You are responsible for the security in the Cloud while they provide the Security of the Cloud, Security needs to continue being part of your complete infrastructure design and build.

When we look at the more common Challenges within Cloud environments, we can categorise these into the following areas.

  • Visibility – If you cannot see it, you cannot secure it,
  • Compliance – Ever-changing, Auto- Scaling environments,
  • Response – Complex attacks but limited resources.

Sophos is delivering complete multi-cloud security coverage across environments, workloads, and identities via Cloud Native Security; combining security tools and services to protect Cloud, data centre, host, container, Windows, and Linux to increase your visibility and speed up your response. It does this by Power-Up your Security Teams, unifying security tools across workloads, cloud environments, and entitlements management. Integrated with SIEM, collaboration, workflow, and DevOps tools to increase agility across an organisation and Fast-Track Cyber Resilience. Your cloud environments need to be tough, hard to compromise and quick to recover. Our comprehensive and intuitive security and remediation tools can be managed by your security teams, or via Managed Services to fast-track your cyber resilience to best meet the security incidents of today. They also minimise the time to leverage our extended detection and response (XDR) tools to identify and stop malware, exploits, misconfigurations, and anomalous behaviours. Hunting for threats, prioritising detections and automatically connecting security events to optimise investigation and response.

Sophos support for Azure, AWS & Google increases efficiency by monitoring posture across AWS, Azure, GCP, Kubernetes, infrastructure as code, and Docker Hub environments in a single console; collecting information from the Cloud provider’s native tools to deliver an overview of threat detection. This includes risk-assessed and colour-coded alerts along with suggestions to resolve these issues either automatically or by providing you with the steps required, reviewing your cloud spend and guided remediation to help your teams build their cloud security skills.

Sophos has worked closely with AWS to Identify and deliver ready-to-access services that can be delivered within the AWS environments. In fact, Sophos is one of the world’s first AWS Partners to join the new Level 1 MSSP Competency Program, fusing automated protection, with a team of managed service experts monitoring your environment 24/7 to stop threats – even at 3 a.m. and over the holidays.

Register today for Managed AWS Security – even at 3 a.m. and over holidays with Ryan Orsi, WW Partner Practice Team Lead, Security-MSSP, AW and Scott Barlow, VP, Global MSP & Cloud Alliances, Sophos. More details of what is provided and how to access can be found at www.Sophos.com/aws-mssp

Access to ISV products and services via the Public Cloud Marketplace

Another offering from the public cloud providers is the use of their Marketplaces to access and transact products and services that can be used within the cloud environment usually benefiting from additional programs from the Cloud provider.

What benefits do such Marketplaces offer to the IT Channel? Your business services can be offered along with channel-friendly ISVs products to deliver a package or offer that is accessible to customers via the Marketplace, transacting using their chosen terms and credit lines, many different promotions can be accessed by IT Service providers to reach a wider ordinance who are looking to access via the Marketplace.

In conclusion, invite Sophos to be part of the journey for you and your customers accessing and securing cloud environments; making use of the advantages that it provides. The Public Cloud Team are here to support your planning, implementation and ongoing services using Sophos Cloud Native Security to protect Cloud, data centre, host, container, Windows, and Linux. Increasing your visibility and speeding up your response by combining Cloud Workload Protection to secure and protect workloads that exist in a cloud environment, with Cloud Security Posture Management delivering visibility into all resources, applications and data distributed across cloud environments, including real-time security and compliance posture.

References

https://www.sophos.com/en-us/products/cloud-native-security

https://www.forbes.com/sites/forbestechcouncil/2021/01/15/how-the-pandemic-has-accelerated-cloud-adoption/

https://aws.amazon.com/what-is-cloud-computing/

https://aws.amazon.com/smart-business/migrate-to-cloud/?smb-all.sort-by=item.additionalFields.sortDate&smb-all.sort-order=desc&awsf.location=location%23uk&events-cards-main.sort-by=item.additionalFields.startDateTime&events-cards-main.sort-order=asc&awsf.event-location=location%23global&awsm.page-smb-all=2