“Traditional models rely on assets being generally fixed, not changing very often,” said Alex Wood (@abwoodrow), CISO, Pulte Financial Services. “Having that reliance on things being fixed doesn’t always work out with the traditional tools.”
When it comes to the cloud, traditional security tools are at risk of failing. The concept of what they’re trying to do works, it’s just given the dynamic and non-static nature of the cloud, it just doesn’t work the way it’s implemented.
“I think most people think they can take the traditional applications that they have, pick them up, and forklift them into the cloud. If you do then you’re still relying on the architecture that you had in the non-cloud environment, trusting that east-west traffic,” said Wood. “But if you architect correctly, giving least privilege to the hosts, only allowing the traffic that is supposed to be allowed, then you can cut down on that illegitimate east-west traffic.”
The success of securing that east-west data requires letting security ride alongside server deployments.
“In a cloud environment, you’re traditionally scripting these kinds of deployments so in a traditional environment it would be tough to do that meaning you’d have to manage firewall rules. Automating this through a cloud deployment, you can build that into the deployment so you’re automatically getting that security built in,” said Wood.