skip to Main Content

2019 Predictions – Virtual Cloud Environments and Orchestration Security

2019 Predictions – Virtual Cloud Environments And Orchestration Security

2019 will be an interesting year. Security leaders have a daunting task — identifying where their vulnerabilities are fast and how to fix them…before it’s too late. The risks are there and with more complex systems, security will be more difficult than ever.

Virtual Environments

Physical security is typically integrated on the perimeter of a network to provide protection against cyber attack, enabling access to the network by authenticated users. While in some instances this is still the norm, we are beginning to see a shift of dedicated hardware appliances to software that can be easily moved between hardware or run in the cloud.

Virtual infrastructure is very different than a physical machine infrastructure and as a result, IT and security processes require significant change.

In a virtual environment, networks, workloads, and virtual machines (VMs) are consistently being set up, torn down, and moved around inside of a network. In addition, because multiple VMs can operate across the same infrastructure, security needs to be in each layer of virtualization. VMs, specifically, have additional security complexity because they operate as moveable files, regardless of location. These pose increased security risks.

In 2019, we’ll continue to see virtual environments strain the security of our applications. As virtualization technology becomes common practice within the modern IT environment, the need for sound security and risk management at scale increases.

Orchestration

To accomplish many of the new data center, virtualization, and cloud tasks, administrators have turned to orchestration for help and automation. Orchestration is the use of programming technology to manage the relationships among workloads on public and private cloud instances. “It connects automated tasks into a cohesive workflow to accomplish a goal, with permissions oversight and policy enforcement.”

Orchestration has helped IT admins and DevOps span their distributed infrastructure for better control of all of the elements that keep their platforms running. However, like virtualization, orchestration brings new security requirements.

If a cyber attacker where to find vulnerabilities in a business’ containerizations and mimic the orchestration engine, the cyber attacker could effectively own every single service in that infrastructure — reconfiguring admin access, taking control over the entire business. Orchestration security requires deploying security continuously and with compliance goals. It requires a closer relationship between the business structure and cloud security and constant analysis and management.

Knowing the increased complexity of our infrastructure, in 2019, we will see a dramatic shift in how security is leveraged and integrated into orchestration.

In the age of the cloud, more organizations are utilizing this type of distributed computing architecture. Because we have so many new types of devices connecting into the modern data center, it’s critical to have solid security controls in place.

Tags:
Topics:

David Baker

Chief Security Officer at Bugcrowd.

Learn More About Security Testing Unlocked From a Joint Webinar With Bugcrowd And IOActive Register Now
+
Back To Top