What is cloud workload protection? Let’s begin by defining the key terms.
Hosted services over the internet that generally falls into three categories:
- Software as a service (SaaS): A software delivery model where a vendor centrally hosts an application that users access over the internet
- Platform as a service (PaaS): A platform delivery model accessed over the internet where a vendor provides both the hardware and software generally used by application developers
- Infrastructure as a service (IaaS): An infrastructure delivery model where a vendor provides compute resources, from virtualized servers to storage and network equipment, over the internet
Cloud service deployment models are generally referred to as either public or private. Public cloud services are delivered by third-party providers and are broadly available to multiple organizations and users. Popular public cloud providers include Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP).
A private cloud limits service to a single organization. Its infrastructure can be built and maintained by the organization, a third party or a combination of the two. Organizations can also use both public and private clouds, called a hybrid cloud, where data and work are shared between the clouds.
These are virtual machines (VMs) or virtual servers running in a public or private cloud environment.
The work function (application or service) processed by a remote server or instance at any given time; it generally has users or applications interacting with it through the Internet. Cloud workloads can range from a web server to a database to a container.
A form of operating system virtualization where an application and all of the dependencies that are required for it to run are packaged in a self-contained unit. Containers share the host operating system, enabling multiple containers to efficiently run on a single host. Containers are also portable. They can start and stop quickly, can be clustered together to work as a microservice and can be easily migrated between different computing environments.
Two common container open-source technologies are Docker (containerization platform) and Kubernetes (container orchestration for container platforms like Docker). It is worth noting that providers like Amazon generally support any platform compliant with the Open Container Initiative (OCI) standards. Amazon and Google also offer built-in services including Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service (Amazon EKS) and Google Kubernetes Engine (GKE).
2020 CrowdStrike Global Threat Report
Download the 2020 Global Threat Report to uncover trends in attackers’ ever-evolving tactics, techniques, and procedures that our teams observed this past year.Download Now
The Benefits of Cloud Services
Public cloud services are seeing amazing growth as companies look to cloud computing for their growing and evolving needs.
Moreover, the benefits of cloud computing are resonating. The cloud has become a core and strategic component for an increasing number of organizations, and they are migrating from traditional on-premises data centers to distributed cloud computing environments.
Among the many reasons for this continued migration are:
1. Ease of Use
Cloud providers make it very easy for organizations to get up and running quickly without the hassle of internal reviews, ongoing hardware maintenance and purchase orders, and data center provisioning. Cloud-based applications and resources are easily accessed over the internet, supporting global workforces and customers.
Elasticity is a key benefit that delivers dynamic allocation of resources. This simplifies operations and optimizes cost efficiency as workload demands change. Resources and capacity automatically adjust as needed.
3. Cost Efficiency
Capacity can expand and shrink as needed with fluctuating demand. Consumption-based pricing helps companies save money on physical data center space, power allocation and hardware costs when they pay for what they use. In addition, leveraging a public cloud offloads the data center and operational support costs and resources.
4. Business Agility
The cloud helps speed time to market. Organizations and their engineers can focus on application development when they don’t have to spend cycles planning and maintaining infrastructure. They can quickly adjust to changing market conditions.
5. Breadth of Functionality
Numerous tools, capabilities and new technologies are available and seamlessly updated, enabling organizations to quickly and easily access functionality.
Pricing Cloud Services: Consumption Pricing Model
The pricing model for cloud services is different from more traditional perpetual or annual subscription-based licensing. With cloud services, you’ll often find a pricing model that charges by services used or compute consumption, which helps prevent wasteful spending. This model is often referred to as pay-as-you-go and offers key benefits for customers:
Cost-Effectively Cover Spikes: Burst Pricing
With this pricing model, companies are able to pay only for the resources they are consuming. As an example, a retail company likely has more resource needs for its website around the holidays. Therefore, its cloud computing costs would increase for the short term but then scale back down to normal in the new year. This model eliminates the sunken costs of increasing static, on-premises provisioning while enabling companies to be very efficient by only paying for the resources needed.
Cost-Effectively Enable Short Lifecycle Development
Pay-as-you-go also works well with today’s software development practices. Developers today frequently use cloud environments as they continuously implement, test and deliver new applications. Those fast cycles mean that additional resources are often needed, if only for a short period of time. With a life cycle of minutes or days, an annual licensing model no longer makes sense.
Additional money-saving options are often available as well, including reserved capacity where partial or annual upfront usage commitments and payments reduce spend, and volume discounts apply as usage increases.
Cloud Workload Security Challenges
Cloud computing requires security measures from customers and providers alike since public cloud deployments operate under a shared security model. Both the cloud computing provider and the customer have a responsibility to ensure the security within their area of control.
In general, the provider is responsible for security of the cloud. That includes physical access and infrastructure.
In turn, the customer is responsible for security in the cloud. That includes their applications, identity management, data and encryption. The unique characteristics and capabilities of the cloud introduce new security challenges for customers as they migrate their workloads:
1. Expanded Attack Surface
Having more systems and instances distributed to various off-premises locations means more risk and an expanded attack surface. It is no longer just about protecting physical data centers and servers. Having a cloud presence means the additional responsibility of securing virtual servers, remote applications, cloud workloads, containers and the network communications between the environments. There is also the issue of having more users with different levels of security expertise but the same ability to create and use cloud workloads.
Blind spots lead to silent failure and ultimately breaches. Cloud workloads are challenging in terms of visibility for a number of reasons. First, traditional security tools are not designed to provide granular visibility. For example, tools such as Linux logs make it difficult to uniquely identify events generated by containers versus those generated by the host, since visibility is limited to the host. Then, containers present additional visibility challenges because they are short-lived, making data collection and incident investigation difficult because forensic evidence is lost when a container is terminated. And, container portability creates even more challenges — deployment across cloud environments results in decentralized container controls that limit overall visibility.
Because of the dynamic nature of cloud workloads, and specifically containers, traditional solutions and manual processes no longer suffice. Rapid deployment and scaling mean the attack surface is constantly changing, and security solutions need to match the speed of DevOps without sacrificing performance.
Key Requirements of Cloud Workload Protection Platform
With the above challenges in mind, it is imperative that cloud workload security solutions deliver in these key areas:
Image scanning, while important, is blind to attacks. Vulnerabilities can be exploited before they can be patched. Misconfigurations can happen. Once a virtual machine or container is launched, even if the image is configured properly and verified, it can be compromised. Comprehensive runtime protection is required to secure containers and the hosts they run on.
You can’t detect, stop or respond to something if you can’t see it. Workload events, including container events, need to be captured, analyzed and stored so that security products and teams alike have the visibility they need to detect and stop threats as they happen, as well as to hunt and investigate.
Simplicity and Performance
Companies need to address the security requirements of the cloud without increasing the number of products they deploy and manage. Ideally, companies could use the same platform for their on-premises and public, private and hybrid cloud needs to help provide consistent, low-impact security without adding complexity.
With cloud workloads, it is even more important for a solution to deliver protection while having minimal performance impact on systems, teams and workflows. DevOps requires speed, and delays and inconvenience can lead to hazardous behaviors, from weak passwords to the use of untrusted images.
CrowdStrike Falcon Platform: Built in the Cloud to Protect the Cloud
CrowdStrike sets the new standard in cloud workload protection by bringing the award-winning CrowdStrike Falcon® breach protection capabilities to cloud workloads, including virtualized workloads and containers in private, public and hybrid clouds. Falcon unifies and simplifies cloud workload security with one platform for all workloads.
Runtime protection for cloud workloads and containers: The Falcon platform combines the best and latest technologies to protect cloud workloads and containers against known and unknown malware and sophisticated attacks.
EDR for cloud workloads and containers: The Falcon platform offers full endpoint detection and response (EDR) for cloud workloads and containers, providing continuous and comprehensive visibility to enable proactive threat hunting and forensic investigation. You can distinguish activity within a container from activity on a host, and view event details and a full set of enriched data, even for ephemeral and decommissioned workloads.
Performance: The Falcon platform secures workloads at the speed of DevOps, providing immediate protection and adapting to the dynamic scalability of containers in real time without sacrificing performance. A single agent secures the host and containers and automatically applies protection as they spin up and then scales as they expand.
Simplicity: The Falcon platform was built in the cloud for the cloud. One platform secures all workloads, wherever they run, without added complexity and overhead. One console provides central visibility over cloud workloads, regardless of their location.
Want to see the CrowdStrike Falcon platform in action? Watch an on-demand demo of Falcon for AWS below: