DataCenterNews Asia logo
Specialist data center news for Asia
Story image
A10’s app delivery solution now on Azure Marketplace
Story image
Virtustream launches cloud automation and security capabilities
Story image
Digital Realty nabs new executive appointment from Equinix
Story image

Pitfalls to avoid when configuring cloud firewalls

10 Dec 18
Contributor

Article by FireMon technology alliances VP Tim Woods

Data breaches are giving cloud a bad reputation.

Simple configuration errors in cloud-based application deployments are still making a splash in the media – and they’re not going away.

From the Target hack in 2013 to the World Wrestling Entertainment (WWE) and Verizon leaks in 2018, they are all based on misconfigurations.

These days, cybercriminals don’t even bother with sophisticated hacks; instead simply looking for those simple errors to fulfil their goals.

If the industry does not get ahead of it, 2019 will be just as colourful.

Gartner predicts 95% of cloud security incidents will be the customer’s fault by 2020.

The State of the Firewall Report 2018 uncovered the scale of the problem.

When it comes to managing firewalls in the cloud, security professionals are less likely to know who is responsible for cloud operations, with 33% of respondents saying they weren’t sure who was responsible all.

This is how things spiral – if an on-premise environment isn’t mirrored in the cloud, with the right controls, businesses could be subject to a world of pain.

Preparing for the year ahead

It is time companies consider their new year’s cyber resolutions for 2019.

To do that, CIOs and CISOs need to be able to prioritise organisational and governance processes, without having to firefight all the time, getting distracted by cloud vendor challenges.

Knowledge is power when it comes to the cloud. 

A deeper understanding of what the cloud provider affords the builder is essential if mistakes are to be avoided. 

It’s encouraging to see a provider like Amazon Web Services committing to adding security functionality and more prescriptive “best practice” blueprints for the less experienced cloud architects. 

Flexibility and granularity of security controls are good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.  

Working with vendors is a collaboration, and both partners need to pull the necessary weight to make it work.

A cloud vendor isn’t responsible for a business’ security strategy.

This means a company’s network operations team need to know all about the different offerings from cloud vendors - and when picking a cloud provider, advise the business on the implications of certain choices.

Prevention is about people and policy

When it comes to cloud security, consistency is key – cloud controls should mimic an on-premise security policy.

That way, security teams remain consistent and can easily enforce security policy in the cloud as well.

With a firewall, the controls in the cloud should mirror on-site firewall rules. 

There are times when the person taking responsibility is someone who is familiar with a specific project, but not the business-wide security policy. 

This can lead to unintentional configuration errors that allow inappropriate access through the firewall.

When hybrid and public clouds are introduced into a network, the principles of managing a firewall actually don’t change, it’s just in another place.

There are nuances that an organisation needs to think about though: whether the intention is to move an existing on-premise system into the cloud or create a whole new cloud deployment that doesn’t have a home on-premise.

If the intention is to move an existing on-premise system, and the security controls in the new cloud implementation do not mimic those of the on-premise implementation, security teams are asking for trouble.

Thankfully, it can be solved easily, as it is often an operational issue.

As long as someone takes control of the cloud migration that knows the pre-existing security controls, and can mirror those same controls in the cloud, teams should be in the clear.

That’s why sorting out ownership of cloud among the IT team is important.

This ownership is also key when creating new cloud deployments (those for which there is not a pre-existing on-premise system).

Developing the right security controls in this situation needs to involve all stakeholders across an organisation, simply to ensure a company strikes the right balance between business, operations and security.

More:
Share on: LinkedIn Twitter Facebook
Story image
A10’s app delivery solution now on Azure Marketplace
Story image
Virtustream launches cloud automation and security capabilities
Story image
Digital Realty nabs new executive appointment from Equinix
CSPs ‘not capable enough’ to meet 5G demands of end-users
A new study from Gartner produced some startling findings, including the lack of readiness of communications service providers (CSPs).
Microsoft invests in more Azure availability for Asia
Asia is proving to be a hot spot among the major cloud providers with new investments happening on a seemingly weekly basis.
Korean Air to close on-premises data centre within 3 years
One of the world’s top ten airlines has declared its going all-in with cloud and shutting down its on-premises infrastructure - the first in APAC to do so.
Industry cloud market forecast for ‘unusual’ growth
The market for industry cloud solutions is in good stead with that growth showing little signs of slowing.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Dell dominates enterprise storage market, HPE declines
The enterprise storage system market continues to be a goldmine for most vendors with demand relentlessly rising year-on-year.
Story image
Lenovo DCG moves Knight into A/NZ general manager role
Knight will now relocate to Sydney where he will be tasked with managing and growing the company’s data centre business across A/NZ.
Story image
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Story image
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
Story image
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Story image
Schneider Electric's bets for the 2019 data centre industry
From IT and telco merging to the renaissance of liquid cooling, here are the company's top predictions for the year ahead.
Story image
HPE announces financial results for the fourth quarter of 2018
“As we close my first fiscal year as CEO, I am incredibly proud of where we stand in the marketplace."
Story image
Gartner: Infrastructure services moving beyond the edge
First it was about data moving to the edge, now Gartner says it's taking one step further.
Story image
MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Story image
How Schneider Electric aims to simplify IT management
With IT Expert, Schneider Electric aims to ensure secure, vendor agnostic, wherever-you-go monitoring and visibility of all IoT-enabled physical infrastructure assets.
Story image
Record revenues from servers selling like hot cakes
The relentless demand for data has resulted in another robust quarter for the global server market with impressive growth.
Download image
Whitepaper: How to protect your business from insider threats
Critical data has moved to the cloud and employees are able to access it from any network, wherever they are in the world.
Download
Story image
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
Download image
Whitepaper: Three changes that will make security teams more effective
Organisations are spending more and more money on cybersecurity preventive measures, yet the breaches seem to keep increasing.
Download
Story image
Cisco dominates record-high Ethernet switch & router markets
While the market is flourishing, it’s tough-going as Cisco has increased its majority share of the pie.
Download image
Whitepaper: Automation platforms giving companies better insights on data
451 Research has produced an analysis sponsored by Nintex on how automation is increasingly being used to transform businesses.
Download
Story image
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Story image
Platform9 aims to allow enterprises to run Kubernetes instantly
Snapfish, HPE, and Juniper use Platform9’s hybrid cloud solution to deliver a modern cloud infrastructure-as-a-service experience.
Story image
Vertiv’s 5 most noteworthy data centre trends for 2019
Vertiv has placed particular emphasis on edge computing being the ‘epicentre’ of innovation in the data centre space.
Story image
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Story image
STT GDC to build hyperscale data centre in Singapore
ST Telemedia Global Data Centres (STT GDC) today unveiled ambitious plans for expansion with its largest data centre in Singapore to date.
Story image
China to usurp Europe in becoming AI research world leader
A new study has found China is outpacing Europe and the US in terms of AI research output and growth.
Story image
How Fujitsu aims to tackle digitalisation and the data that comes with it
Fujitsu CELSIUS workstations aim to be the ideal platform for accelerating innovation and data-rich design.
Download image
A guide to using automation to digitally transform business
The report includes steps to an effective digital transformation, including what the leaders are doing right and what the laggards are doing wrong.
Download
Story image
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
Download image
Whitepaper: How much is your company’s data really worth?
The most valuable companies in the world are so valued because of the data those companies control.
Download
Story image
Malaysia investing in data-driven future – but obstacles remain
The country has openly expressed its desire to become the prime destination for high-tech industries in Southeast Asia.
Download image
Insights: How 'digital trust' can create competitive advantages
Business leaders can wait and be forced to respond to market change, or they can embrace digital and lead market change themselves.
Download
Story image
QNAP launches a new hybrid structure NAS
"By combining AMD Ryzen processors with a hybrid storage structure and 10GbE SFP+ connectivity, the system packs performance into a compact 1U frame."
Story image
OneAsia and Megaport partner to bolster cloud services
The two companies have partnered with the goal to open up cloud connectivity options in Hong Kong
Story image
Why the future of IT infrastructure is always on and always available
As more organisations embrace digital business, infrastructure and operations leaders will need to evolve their strategies and skills to keep up.
Story image
Samsung, Qualcomm and Verizon demonstrate 5G NR data connection
The test used Samsung’s commercial 5G NR and 4G LTE equipment to deliver the 5G NR data transmission using Verizon’s 28 GHz spectrum.
Download image
Whitepaper: Why it’s critical to detect cyber attacks as they happen
"Many organisations are struggling to keep pace with the speed in which hackers are attacking their systems."
Download
Story image
HPE to supply tech to Formula E racing team
“At HPE, we believe the future belongs to the fast, and we’re focused on accelerating what’s next for enterprises, including in the world of auto racing."
Story image
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
Story image
Opinion: A data centre manager's Christmas wish list
In this time of merriment and cheer there is one thing everyone is not-so-secretly waiting for: Presents.
Download image
The six golden keys to successful identity assurance
When someone tries to access your internal systems, how can you be sure a user is who they claim to be?
Download
Story image
Sponsored
The Implications of a data disaster and why effective DR is critical
93 percent of companies without disaster recovery who suffer a major data disaster are out of business within one year.
Story image
Gartner’s ten 2019 trends for infrastructure and operations
As IT infrastructure and operations take an continually growing role in the IT ecosystem, Gartner highlights what to prepare for in the year ahead.
Story image
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.
Download image
Report: How IT Is responding to digital disruption and innovation
Today “every company is in the software business" to get a competitive edge, and this survey reveals how app dev is affecting IT teams.
Download
Story image
Golden opportunities for enterprise e-waste reduction
E-waste is a hot topic in tech circles, and Park Place's EMEA MD believes there could be huge opportunities if data centres and enterprises improve their practices.
Story image
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Story image
Opinion: Critical data centre operations is just like F1
Schneider's David Gentry believes critical data centre operations share many parallels to a formula 1 race car team.
Story image
QNAP introduces new 10GbE and Thunderbolt 3 NAS series
The new series is supposedly an all-in-one NAS solution for file storage, backup, sharing, synchronisation and centralised management. 
Story image
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Story image
Fujitsu’s WA data centre undergoing efficiency upgrade
Fujitsu's Malaga data centre in Perth has hit a four-star rating from National Australia Built Environment Rating System (NABERS).
Story image
Data Exchange Networks achieves world-first
After receiving a new Uptime Institute award, DXN is now the first modular data centre developer in the world equipped to blend different standards.
Story image
Is the on-premises data centre really going to ‘die’?
Gartner certainly thinks so, as it expects the sheer majority of enterprises to have binned their on-premises facility by 2025.
Story image
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.