Hyper Scalable Security for Hyper Agile Infrastructures: What You Need to Know

Agile Infrastructures bring hyper scale challenges

Once narrowly defined as applications specifically built to run and scale on the cloud, the term “cloud native” has evolved to encompass any app built using cloud services. This broadening of the definition has led to the emergence of new terminology such as “hyper-scale” and “agile infrastructure” to describe cloud workloads designed to handle infinite scale – workloads built with containers, Kubernetes and serverless technologies. 

By design, hyper-scale applications are highly modular, with each component running in its own container. This layered architecture makes it easy to update components and scale them individually without affecting the rest of the application. However, it also makes it more difficult to secure the application as a whole. Each layer of the application represents a potential attack surface, and any vulnerability or misconfiguration in one layer can potentially compromise the entire application.

Breaking down the barriers to hyper scale security 

In this session “Hyper Scalable Security for Hyper Agile Infrastructures” from ONUG Spring 2023, we explore the basic constructs of hyper agile infrastructures, and break down the specific limitations of current security practices and tools. 

We detail the three three fundamental shifts needed to overcome these challenges and realize effective hyper-scale security:

  1. Siloed to Unified: Today’s cloud-native apps are much more complex, often spanning multiple clouds, and integrated with on prem environments. By their nature, siloed security tools for individual cloud providers and on prem leave gaps in visibility, missing critical assets across the hybrid attack surface. A unified approach is needed to gain a complete view of assets and exposure that lead to initial access, lateral movement and escalation. 
  2. Findings to Exposure – With hyper-scale architectures it is not enough to manage individual findings in isolation. We must have foundational visibility into all three leading causes of breaches for each asset and its layers – vulnerabilities, misconfigurations and excess privileges. We must understand the relationship of assets to the crown jewels – the critical business applications and services that drive revenue. This is vital for prioritized remediation.
  3. Reactive to Preventative: Hyper-scale applications are highly dynamic, with many more moving parts than traditional applications, including microservices, containers, pods, and nodes. These components get replicated at scale, automatically, along with their security shortcomings, making remediation in production a losing battle. A preventative approach that detects risky code and images in the pipeline, before deployment is critical in order to enable security at the scale of cloud.

Cloud exposure management lays the foundation

A recent publication from Gartner states, “By 2026, organizations prioritizing their security investments based on a continuous exposure management program will be three times less likely to suffer from a breach.” 

So what is cloud exposure management all about?

In simplest terms, cloud exposure management is about prevention of exposure that leads to breaches. By applying proactive measures to enforce secure configuration of applications, infrastructure and privileges, cloud exposure management shifts from reacting to threats in cloud environments to preventing them in the first place. The main goal is to ensure that sensitive data, systems, and resources in the cloud are visible, compliant, and protected before they are actively exploited as threats. 

Key aspects of cloud exposure management include implementing shift left security and automated guardrails in the developer pipelines to detect and prevent policy violations before they happen. This is critically important for complex, hyper scale environments where exposures in containers or infrastructure as code can be automatically replicated at scale. Additionally, tracking of all assets across the entire attack surface is critical to ensure there are no gaps in visibility which can lead to exposure. Rather than assess risk in isolation in point tools, exposure management aggregates total exposure for each asset — vulnerabilities, misconfigurations and excess privileges and maps assets to the critical business applications, and processes they support. Risk is then quantified to determine an overall cyber exposure score. This business context allows for more effective prioritization of resources, budget and staff, where they will have the biggest impact on risk reduction. With increased scrutiny from boards and regulatory bodies, cloud exposure management helps quantify and report the effectiveness of an overall cyber security program in reducing risk over time.

What you’ll get from this session

Watch the Proof of Concept from ONUG Spring and enrich your cloud security practice in critical ways:

  • Discover key strategies for achieving hyper-scalable security and gain crucial insights into the components and benefits of an exposure management program. 
  • Find opportunities to consolidate tools and vendors and cut costs, optimize data sharing across your organization for reduced risk and improved visibility, and alleviate the burden on your security teams through improved collaboration.
  • Walk away equipped with the knowledge to implement a successful exposure management program and leverage key metrics and tools to drive quantifiable improvements in your business outcomes. 

 

Check out the session: Hyper Scalable Security for Hyper Agile Infrastructures.

Author's Bio

Piyush Sharrma

Vice President, Cloud Security Engineering, Tenable

Piyush Sharrma is a seasoned technologist and entrepreneur behind multiple technology startups over the past two decades including Accurics. He has led global teams across engineering, product, and research at Symantec Corp to bring numerous enterprise security innovations to market. Piyush has filed multiple patents, contributed to other patents and invention committees. He now leads the cloud engineering team at Tenable where he is also responsible for the ongoing support of Terrascan, an open-source security analyzer.