The computational power provided by cloud infrastructure, as well as the possibility of delivering any type of “as-a-service” products, are some enablers that encourage the creation of even more efficient protection solutions.
You already know that cloud computing is an indispensable technological resource in times of accelerated digital transformation. The concept of delivering computing infrastructure and applications on demand makes the operation of any company more flexible — after all, you only hire what you will use (which reduces costs), and you don't need to worry about details such as machine maintenance or expiration of software licenses (which optimizes productivity) and so on.
At the end of the day, with the chaos created by what is known as the “new normal”, the cloud has become a refuge for both small startups and large corporations. Small companies saw the possibility of creating new disruptive products with reduced investment; The large companies found the solution to deliver applications to their remote team, modernize their infrastructure, and even adapt their business model to an increasingly “digitized” market.
What few people know — or we can say that they haven't stopped to notice — is that the cloud is also, little by little, revolutionizing the way we think and do information security, and we're not just talking about the “standard security” that you already know. You get a “free gift” when hiring this type of infrastructure (as long as it is properly configured, of course). We are talking about a series of solutions that were born natively in the cloud and that can make the lives of professionals in the field simpler.
Security and Network in One Delivery
One of the most obvious examples we can cite here is the famous secure access service edge (SASE), whose name could be freely translated as “secure access service edge”. It is a technological architecture in which wide area network (WAN) and security resources converge on a single platform delivered natively through the cloud. The term itself was created and first used by the consulting firm Gartner in 2019 as a prediction of a new network structure for the future.
They hit the nail on the head. More than ever, with their workforce distributed, companies need to evolve their security strategies and go beyond traditional endpoint protection (not to mention, of course, the old concept of the network perimeter, which has been annihilated). The SASE architecture came precisely to deliver this: greater protection in the network itself and at connection points, including constant behavioral monitoring features and access restrictions defined by policies.
More than providing a high level of security through cloud-native capabilities, a good SASE solution facilitates the management of multi-cloud instances, provides simpler orchestration of all remotely delivered applications, increases traffic efficiency, and gives unmatched visibility over the entire net. Nowadays, not only traditional and reputable cybersecurity vendors offer SASE platforms, but we are also seeing the birth of startups with high-quality products.
The Cloud as An Application Protector
Wouldn't it be much easier to ensure the application of the DevSecOps methodology if your team worked collaboratively on a platform delivered by the cloud, capable of identifying possible vulnerabilities in the code through machine learning algorithms and also proactively addressing the future delivery of this application also via the cloud — anticipating possible conflicts with best cloud security practices? Believe it or not, but this scenario is already perfectly possible to become reality.
Cloud-based DevSecOps solutions simplify security for applications, APIs, and even websites. Whether integrating with your favorite development environment or offering a completely new one, this type of service identifies the plug of third-party APIs in your project that may contain malicious payloads, enables communication with management software and correlation of security events ( SIEM), and are even capable of mitigating distributed denial of service (DDoS) attacks.
Of course, it's always good to remember that, with so many automatons in the development, compliance, and quality testing pipeline, these solutions not only ensure that, at the end of the day, we have a more secure application, but also drastically reduce various costs while at the same time which optimizes team time management. The entire DevSecOps cycle makes it much more agile and efficient.
From the mainframe it came, to the mainframe it will return
Finally, if the cloud encouraged the concept of delivering “everything as a service”, sparking the offer of more flexible remote servers, why not work on a desktop that is also delivered as a service? Well: cloud computing has allowed us to go beyond the concept of machine virtualization (virtual desktop infrastructure or VDI) and now we can simply “hire” a virtualized desktop that will be “transmitted” from the cloud directly to the user's device.
This model has several economic advantages (just imagine the reduction in CapEx!), but, if we focus only on the protection benefits, suffice it to say that it almost eliminates any concern about protecting the endpoint. After all, the entire corporate network and even applications delivered via the cloud will be running on a virtual machine managed by a provider that — guess what? — will also be in the cloud!
Here we have a double security structure in which the protection of the final physical device (nor its computational power) does not matter much, as it becomes just a “monitor” to visualize everything that is being executed in a restricted environment with the most modern cybersecurity. In a way, we can see this as a return to the model of terminals connected to the mainframe — which was the way we used to work with a computer before the popularization of personal machines.