Multiple sources have provided cloud computing predictions for 2020 and, in most cases, they are much the same as in previous years. However, there is one cloud computing security prediction every business should heed, because if you don’t spend the money on it in 2020, it’s likely to cost you a lot more in the future.
This year’s cloud computing predictions mostly have a familiar ring to them. Typically they consist of “the public cloud will grow”, “more businesses will adopt multi-cloud strategies”, and “the use of containerization will continue to flourish”. However, there was one cloud computing security prediction businesses should be aware of—an increased focus on app-centric cloud governance.
East-west firewalls vs. app-centric cloud governance
East-west firewalls are supposed to prevent hackers moving laterally once they have infiltrated a network. They would have prevented the Equifax data breach (assuming the firewalls had been configured correctly) and, because east-west firewalls are a cheaper alternative to virtual private clouds, they became a popular choice for security-conscious businesses despite their high maintenance overhead.
App-centric cloud governance involves applying access controls and security policies to individual apps. Although this sounds like a lot of hard work, the policies are mapped by application type, isolation zone, or other criteria. They are then managed via tags to simplify maintenance and eliminate vulnerabilities while delivering the same level of internal network security as a properly configured firewall.
The availability of cloud-native app-centric governance solutions
Currently, the availability of app-centric cloud governance solutions is fairly limited because of cloud service providers failing to provide visibility below the level of abstraction. Microsoft Azure has a Cloud App Security service available for subscribers to its Enterprise and Mobility Security program; and although the service is very good, it is unsuitable for businesses operating in a hybrid or multi-cloud environment.
Alternatives to the Cloud App Security service includes Amazon Inspector—which does not yet allow for customized policies—and Google Cloud’s Apigee; which although is genuinely cloud agnostic, only works retrospectively—i.e. you can’t apply policies that automatically block unwanted requests. Users are notified of unusual requests and have to manually block, flag, or allow them like a spam email filter.
Automated app-centric Cloud governance from CloudHealth
By comparison, CloudHealth’s policy-driven automation capabilities allow businesses to apply governance policies to applications across multiple clouds at scale. Like the Cloud App Security service and Amazon Inspector, CloudHealth deploys agents to ensure compliance with policies and to provide total visibility into user activities, admin activities, and sign in activities.
CloudHealth can be configured to either notify admins of policy violations (like Google Cloud’s Apigee service) or take a customized action to prevent a policy violation (i.e. suspend user, revoke access, etc.). However, the biggest benefit of using CloudHealth for application-level governance is that the platform can be used to apply and enforce both app-centric and network-centric governance policies.