2. Zero-Trust Network Access for Cloud and Noncloud Applications
The “walled garden” approach to application and network security has been under attack for more than a decade. Hackers take advantage of its loopholes as security architects try to come up with better ideas. The consensus in most corporate and higher education IT is to shift to a zero-trust design that assumes everyone, everywhere is always out to get you. Cloud deployments are encouraging the implementation of zero trust because maintaining that walled garden is much more difficult when pieces of your infrastructure are spread across data centers around the world. The 2020 pivot to remote work and learning has shifted zero-trust implementations into high gear.
Zero trust includes tearing down old components, such as VPNs, and adding new components, such as SSL accelerators. It involves changing network architectures to create greater segmentation and device posture checking. Most important, it includes deploying a secure multifactor authentication system and Identity and Access Management into enterprise applications.
Many of these changes are easy in IaaS, since changing the network topology and stack of devices in front of an application is usually just a few clicks in the graphical user interface. Still, higher education is finding zero trust, even in a cloud environment, more challenging because of the relatively broad application portfolio, a large number of application owners, and constrained developer and budget resources.
For higher ed IT teams, navigating organizational and application complexity as they roll out zero trust is a difficult task. Success usually requires a lot of hand-holding with distributed development teams. IT teams will need a toolkit with elements such as reverse proxies and single-sign-on APIs that can be layered on top of applications to reduce the number of intrusive changes needed.
3. Embracing Multicloud and Gaining Visibility
Early experiences with cloud computing and commercial IaaS providers led most IT teams to recommend a single cloud environment. That recommendation went nowhere, and most organizations — public and private — are now making use of multiple IaaS and SaaS service providers. This approach doesn’t only consist of adding together substitutable products, it also creates lock-in as developers in search of best-of-breed technology head to service providers to take advantage of specific APIs, services or even charging models.
IT teams are going to have to get used to multicloud. Adding a management layer, as mentioned above, will help However, for cloud security, visibility across all components is equally important. IT teams will need to export information from the full stack of service providers, network services and middleboxes, and application servers to a unified security information system.
Some product vendors are pushing their machine learning and artificial intelligence capabilities, while others are using extended detection and response to go beyond traditional Security information and event management tool capabilities. No matter what technology a team chooses for security visibility, the key starting point is getting unified. Once security information is brought together from multiple components and clouds (likely in yet another cloud-resident application) IT teams can select security visibility tools based on their needs and budgets — and buzzword tolerance.