Americas

  • United States

How best to secure applications in any cloud

BrandPost By Vincent Hwang
Mar 17, 20235 mins
Cloud Security

digital check point with man wearing facial protection mask.jpgs1024x1024wisk20c zzutkywl7y9xg9x oq
Credit: iStock

Organizations worldwide are digitizing their products, services, and operations and moving applications to the cloud as quickly as possible. This forced—though often not well-planned— acceleration to the cloud is happening for a number of reasons, both internally and externally driven.

IT leaders within organizations are pushing the “go digital” movement because they know it can lead to improvements in product innovation, customer experience, and operational efficiency.

As for external drivers of this digital push, the recent past has the COVID-19 pandemic with the hybrid workforce as the most obvious one. However, there have also been dynamic business issues such as responding to board-of-directors directives or the specter of increased competition that have compelled organizations to ratchet up the use of the cloud to better defend and acquire market share.

App workflows

Until recently, most individuals in digitalization efforts thought that application workflows went in only one direction—moving from a physical on-site location to a virtual location (a.k.a “the cloud”). However, currently, many IT experts are demonstrating that application workflows can be more dynamic when apps can reside anywhere:

  • In the data center
  • In hybrid or multi-clouds
  • In edge compute

Fluid environments and cloud adoption

Speeding up digitalization has enabled many organizations to provide faster and better applications and experiences—and to bring applications and data closer to users and devices. Applications should reside wherever they can deliver the best outcomes for organizations, such as customer experience, performance, cost optimization, and more. However, fluid environments and cloud adoption are creating both benefits and difficulties for CIOs and CISOs.

On the positive side, fluid environments provide organizations with the flexibility needed for cloud adoption, and they create new value for customers and accelerate ROI on the organization’s digital investments. But, on the negative side, applications residing in multiple different locations require IT teams to spend much more time and energy addressing the hard problems of protecting all their networks and locations, which have greatly expanded the attack surface and the organization’s vulnerability to cyberattacks.

Additional issues that come with an expanded attack surface include increased operational complexity, visibility gaps, an explosion of cloud platforms and tools, and “accidental multi-clouds.” 

Barriers to cloud adoption

All these issues impede the growth rate of cloud adoption. In a recent survey, security professionals said the biggest unforeseen factors that slow or stop cloud adoption are lack of visibility (49%), high cost (43%), lack of control (42%), and lack of security (22%).

To securely reach their digital acceleration goals and maintain momentum, organizations need to consider a cloud-adoption strategy for apps that is centered on a cybersecurity mesh platform approach and aim for solutions that deliver consistent security no matter where applications reside. 

The workflow of applications is fundamentally different today than just a short time ago. Now, what we hear from CIOs and CISOs is that applications can and should be deployed anywhere they best meet the organization’s business needs.

While many are migrating applications and workloads to the cloud to achieve the promised benefits of digital acceleration, some are pulling back—having decided that certain applications perform better on-premises or in the data center. Other organizations may have a greater need for performance and lower latency and are adopting edge compute as a result. In most cases, organizations use a combination of these in a hybrid cloud or multi-cloud.

The risks and challenges with securing applications

Organizations are all at different stages of application deployment. Many are not totally sure where their application workflows will lead. Despite varied application routes, the main challenges organizations are confronted with are basically the same. They lead to increased risk due to misconfigurations, operational complexity, loss of visibility, and inconsistent policies. All of the issues are further stoked and complicated by the lack of organizational resources and employees with the appropriate skills.

Key challenges include:

  • Apps residing in multiple locations

With the dynamic nature of where applications can live, organizations have to manage many of them and cloud edges across multiple cloud platforms, hybrid clouds, and data centers. 

  • Forcing cloud acceleration

External drivers such as the coronavirus pandemic shutdowns, leadership directives, or responses to competition have forced organizations to launch hastily developed initiatives to the cloud over the past several years. Sadly, many organizations are still dealing with the repercussions.

  • Edge compute

A number of companies are now rolling out edge compute architectures, and placing apps and data in local clouds closer to the users and devices that rely on them. The goal is to improve user experiences and the performance of cloud applications—as well as decrease costs.

  • Risks

The greatest risks in the cloud are not hackers but the misconfiguration of cloud security, which can make organizations very vulnerable to attacks. Other risks include insecure interfaces and APIs, the stealing of sensitive data, and unauthorized access to apps.   

Use a cybersecurity mesh platform

As organizations go digital, successfully running and protecting their application workflows is critical. However, they need to accept that there will be vital applications that must not move to the cloud and will remain on-premises.

To succeed in securing apps moving to the cloud as well as those that are not relocating, CISOs and IT teams need to use flexible, well-integrated cybersecurity solutions that are supported by a broad, consolidated, and automated cybersecurity mesh platform. The right mesh platform will enable organizations to protect any application workflow on any cloud, while also providing apps with the freedom and flexibility to evolve as needed.

Find out more about how Fortinet secures any application on any cloud.