Best Practices for Cloud Workload Protection – Redesigning Cybersecurity for Cloud-First Businesses

Legacy security designed to protect physical endpoints is no match for software-defined environments, such as cloud infrastructures. In fact, not even a modern endpoint security solution can, on its own, cover the full spectrum of cloud-workload protection requirements, use cases and workload types. This has opened the flood-gates to a new breed of cybersecurity solutions called “Cloud Workload Protection Platforms” (CWPPs), and the market is ripe for the picking, according to Gartner.

Enterprises are the new hot target for bad actors big and small

In recent years, cyber crooks have increased their success rate with a new strategy. Instead of targeting many entities en masse, they spear-fish fewer, yet bigger targets. They deploy advanced and persistent attacks to gain a foothold on the targeted infrastructure while flying under the radar for months, and even years in some cases. Ransomware operators in particular are focusing on enterprises to maximize their profits. From one-off black hats to nation-state disruptors, bad actors today also set their sights on clouds and data centers. And one of the reasons behind bad actors’ growing success rate is the growing gap between the evolving cloud infrastructures and the lagging traditional security technologies meant to secure them. For example, these technologies are not suited to detect advanced threats such as fileless malware, script-based attacks, or zero day / unpatched vulnerabilities, which have become a low hanging fruit for cyber criminals during the first stages of an attack on a cloud infrastructure.

The Cloud requires rethinking security

In its Market Guide for Cloud Workload Protection Platforms, research firm Gartner cautions that organizations still relying on endpoint protection (EPP) offerings for server workload protection are placing enterprise data and applications at risk. And most companies’ use of more than one public cloud infrastructure-as-a-service (IaaS) broadens the attack surface exponentially.

Gartner researchers advise security and risk management leaders in charge of cloud workload security to architect for consistent visibility and control of all workloads, regardless of location or size, and to develop a strategy to address the unique and dynamic requirements of protecting cloud workloads. To answer this challenge, cybersecurity vendors have upped their game with a new set of tools engineered for virtualized and cloud workloads.

CWPP: a modern approach to cloud-workload security

Cloud workload protection platforms (CWPP) aren’t an entirely new concept, but as the granularity and dynamism of workloads are changing, so too have the CWPP offerings and strategies evolved. Advanced CWPP solutions employ Machine Learning augmented security layers, or hypervisor-enabled security layers designed specifically for cloud workloads and highly-virtualized infrastructures.

As CWPP strategies can no longer rely solely on preventive controls, server workload behavioral monitoring is becoming a critical requirement. The increasingly short life spans of workloads means there is no time for traditional loading of signature files or anti-malware scanning. But there is so much more to modern CWPP solutions than meets the eye. Gartner offers a hierarchical view of the intricate CWPP mechanism that should serve as a foundational resource for all prospecting customers.

As shown in the above figure, the security of server workloads is deeply rooted in the solid operations hygiene best practices. Any workload protection strategy must start here, ensuring several conditions (as shown in the shaded base) are met. Not every layer is necessarily needed for every server workload. Based on the usage profile, the workload’s exposure, and / or the enterprise’s tolerance for risk, businesses must adjust their CWPP strategies accordingly.

Gartner recommendations for decision makers

As enterprises evaluate the large number of offerings in the CWPP market, Gartner recommends several evaluation criteria. Decision makers should look at diversity of workload types supported, use of analytics and machine learning, console and integrations (including integration into the development pipeline, and licensing flexibility).

“Cloud-native apps require solutions designed to address the protection requirements of cloud-based systems,” Gartner says.

“Advanced CWPP offerings share threat intelligence across their community of users, helping to identify interenterprise patterns that are not visible in a single organization alone. By sharing telemetry and analysis, there is value in broader ‘community immunity.’ By obfuscating the telemetry that is shared, CWPP vendors can balance the enterprise need for privacy with the community need for protection,” the research firm adds.

Gartner researchers estimate that, by 2022, 60% of server workloads will use application control in lieu of antivirus, an increase from 35% at YE18.

“Through 2020, due to the immaturity of incumbent CWPP offerings, 70% of organizations will use a different CWPP offering for container and serverless protection than they use for virtual machine protection,” Gartner analysts said.

Bitdefender, a Gartner representative vendor of CWPP, is pleased to offer Business Insights readers a complimentary copy of the Market Guide to help navigate the complexity of cloud-workload protection and develop a strategy to effectively and efficiently secure their datacenter and cloud environments.

Readers are also invited to scroll through the infographic below for more details about the key differences between CWPP and EPP, industry trends observed by Gartner, and the best evaluation criteria when choosing cloud workload protection for your industry / organization.