Flipping the Script on Security in the Cloud
Gillis said that many security strategists currently address cloud security by developing different approaches for private versus public clouds. His advice, however, is they should worry instead about the different security needs of traditional versus modern applications.
“I'll argue that you really want to turn that 90 degrees. You really want to have a conversation about, what do I do to protect traditional applications, which are primarily virtual machine–based? And then, what do I do to protect modern applications, which are primarily container-based or Kubernetes-based? Because the concepts between protecting both of them are the same, but the implementation is quite different.”
Gillis cited Log4j as evidence that attackers are adapting not only their techniques but also their objectives. While no major breach has occurred as a result of the widespread vulnerability, Gillis said, “attackers have a motivation to get in and stay in. And this is why lateral security is really a new battleground.”
According to Gillis, lateral security requires segmentation. “Segmentation is a foundational capability. If you don't have segmentation in place, you should leave this conference today.”
Segmentation Can Help Protect Your Apps
Gillis said segmentation can help limit the damage of a potential ransomware attack, explaining that ransomware begins by affecting a single machine. “Now, the attackers are going to move laterally until they find the database, a database that has some size, maybe something they recognize, and there's those credit card numbers in it. That's where the trouble starts.”
Once an attacker is able to access your network, they’re going to explore and attempt to infiltrate the entire environment. “Segmentation puts these firebreaks in place that make it harder for them to just traverse through your network and totally go into your network.”
Segmentation can be very effective in defending traditional, VM-based applications, but cloud-based applications require different methods. Gillis said the same principles apply for both modern applications and traditional apps, but cloud security involves a new concept called service mesh.