From Survival to Security and Availability
During the pandemic, businesses did what they needed to do in order to adapt and survive. That meant pushing apps to the cloud, having employees work remotely, and increasing WebEx/Zoom usage at an explosive rate.
Now businesses are seeing the strains on the system for both security and availability for these services. They need to now go back and apply best practices in both security and availability, since we see that many of these services are getting hacked and are having availability issues. Online presence is usually the lifeline of many businesses, so both security and high availability are NON NEGOTIABLE.
Cloud-Only Comfort? Not So Much.
Being available to serve customer or user requests is one of the key requirements when applications are accessible over the Web. If your business completely depends on a cloud presence, then news headlines — like What Caused The Massive Microsoft Teams, Office 365 Outage On Monday? Here’s What We Know; Google Cloud Confirms, Fixes Sweeping Outage; Azure Appears to be Full; and AWS celebrates Labor Day weekend by roasting customer data in US-East-1 BBQ — do not provide a lot of comfort to those transitioning to a cloud-only presence.
[You may also like: Application Security in Today’s Multi-Cloud World]
Service disruption often leads to poor customer experience, and attackers and hackers know that and use a broad set of techniques to cause harm.
Common techniques include bursts of high traffic volumes, which do not leave time for mitigation teams to get a grip, usage of encrypted traffic to overwhelm security solutions’ resource consumption, and crypto‐jacking that reduces the productivity of servers and endpoints by enslaving their CPUs for the sake of mining cryptocurrencies. The recent ransomware attacks highlight the need to secure against denial of service and application attacks.
So What Are the Best Practices?
Best practices to ensure availability and scalability while securing applications may include:
- Addressing issues such as phishing and social engineering that play a large part in human failures
- Ensuring that the applications are accessed by the right users that are authorized and authentic
- Keeping service denial attacks out of the corporate / virtual private networks
- Enabling applications to be available across outages through multiple providers
- Architecting scale-out and scale-out mechanisms to enable handling of loads at scale and reduce cost when not in use
- Optimizing access for application end-users by implementing latency reduction techniques
- Applying consistent application scalability, monitoring, security, optimization policies across multiple clouds
- Preventing configuration errors from creeping in during deployment by automating across multiple clouds
- Gaining actionable visibility for management, monitoring, auditing, compliance, forensics and troubleshooting
[You may also like: Understanding the Shared Responsibility Model]
The pandemic has forced organizations to move many of their applications to the cloud, and accelerated the transition timeline for most. The outages at most cloud providers and recent hacking and ransom attacks highlight availability, scalability and security challenges that must be addressed to keep both customer data and corporate IP and businesses safe from hacking attempts while allowing end-users seamless access to their applications.
