In just the first half of 2020, data breaches exposed 36 billion records. And, as the web continues on the trend of explosive growth, there are constantly new security challenges on the horizon.
With vulnerabilities around every corner, effective and comprehensive security policies are more important than ever. The cycle of manually creating and maintaining security practices will not be able to scale to meet these needs. Automation is the way forward.
The wild west of on-prem security
Regardless of your current journey with cloud, remember how on-prem looked? You have various components that make up your world: Routers, switches, hosts … the list could go on. And each one of these has its own process to keep access tight and help control security. Each works separately to keep things, and people, who shouldn’t have access out as well as allowing the correct audience in. You’re all too familiar with that room (or rooms, even) full of equipment, each type with its own security setup and a team of people to configure access on routers, servers and the rest.
There are many problems with this age-old approach:
- The teams don’t necessarily talk to each-other
This leads to lots of confusion, chaos and, frequently, bureaucratic overhead to accomplish the simplest of tasks.
- It doesn’t scale well
The larger the environment gets, the more complex it becomes to manage. For example, what happens to the access control for a single router if you have users that span three continents?
- You can never be sure you’re plugging all the security holes
Are you sure that someone who quit a year ago definitely doesn’t have access to your facilities? When was the last time your passwords were changed? And are they strong enough?
Organisations might find themselves with hundreds (or thousands) of people whose access they need to manage. In practice, it’s nearly impossible to manage the entire ecosystem effectively if you’re using a manual approach.
Cloud isn’t a magic bullet
There’s a temptation to see cloud as something that ‘just works’. While cloud is transformative and can provide tremendous cost benefits, it comes with its own set of complications. If you don’t understand that out of the gates, you might assume that all of your technical debt will be easily addressed. The reality is that you’re just swapping one set of tools, for another set of tools.
You’ll quickly find out that security is something that needs a lot of manual intervention to set up and maintain – even on the cloud.
It’s a typical experience to realise your security issues resurface after your move to the cloud. So, what does instinct tell you? Designate a group of people to manually maintain your cloud security. Just like you did on-prem.
And just as it happens on-prem, there are two big problems with a manual approach to cloud security:
- It’s labour intensive (read: costly)
For example, an IAM user on AWS may use several groups and roles. The user may need to update their access, join a new group or be removed altogether. Every time a user changes, manual updates must be made, which is extremely difficult to maintain for teams of any size.
- It’s error-prone
What happens when a user leaves the organisation? Can you be sure their ID has been removed? What about current users and their permissions? For example, if someone changes departments and they used to have admin access but now should have read-only access, can we be sure this has been accomplished? With a manual approach, the larger the installation, the more likely these situations will happen.
Automating these problems away
Long term, a manual approach isn’t workable. You’ll never ‘rest easy’ knowing that you’re adequately addressing all of your security concerns because it rests on fallible human beings.
Solutions that mitigate the mistakes that are made through human error is the ultimate goal. This is where Appvia can help. By enabling companies to automate security best-practices, you don’t have to worry about calling people for different types of access and security needs.
And because it’s automated, it is not labour intensive. You could have just one person looking after hundreds and hundreds of users, and sleep easy knowing that you’re operating in a well-architected security environment. With these things taken care of, your teams are free to focus on applications and delivering more business value to customers.