Using the Cloud for Web Security — What You Need to Know
San Francisco/#NEXT17 (YouTube)
Cloud computing is rapidly transforming many industries, including Internet security. There are numerous providers who are now offering cloud security products, built on platforms such as Google Cloud Platform (GCP).
Cloud web security is turning out to be a classic example of a ‘disruptive technology’:
- It has immediately made previous-generation approaches obsolete.
- Most solution providers are claiming that their products provide the full benefits of the cloud, but these claims are false.
- Only a few providers are taking full advantage of the capabilities of platforms such as GCP.
Let’s discuss each of these points.
It makes previous approaches obsolete.
The traditional approach to web security relies on hardware appliances. These inspect and filter traffic as the packets arrive at your servers.
There are numerous disadvantages to this approach. Appliances are costly, complicated, and require frequent updates and maintenance.
Also, appliances can only filter traffic after it has arrived at your network. Therefore, volumetric DDoS assaults can overwhelm your incoming Internet pipe before your appliances have a chance to block them.
Cloud web security is a different approach. Incoming traffic is scrubbed as it passes through the cloud on the way to your network.
This eliminates all the problems listed above:
- Security is obtained as a low-cost monthly service, rather than requiring a large up-front purchase.
- The software can be operated and maintained remotely by the provider, reducing the amount of on-site expertise required to use it effectively.
- Hostile traffic never arrives at your network. Only legitimate traffic can access your sites, web apps, and so on.
- Bandwidth is effectively infinite, limited only by the capacity of the global cloud.
Unfortunately, as with any disruptive technology, cloud security is surrounded by a lot of buzz and hype.
And so…
Many providers are not offering robust solutions.
Lots of VC funding has poured into this space. Too often, brand recognition has been established not from the strength of the providers’ technology, but merely from the strength of their marketing budgets.
As CTO and co-founder of Reblaze Technologies, I’ve been surprised at the number of companies in this space that are still offering suboptimal solutions. The problem has persisted much longer than I’d expected.
For example, consider cloud deployment. At Reblaze, each customer gets a unique private cloud, fully isolated from any attacks happening elsewhere on the Internet. (Some customers even choose to have multiple unique clouds — deploying one per data center, or one per geographical region, etc.)
But other cloud providers only offer shared-resource environments. In other words, a large number of customers all share a single cloud.
This makes each customer vulnerable to an attack on any of the others. A large-enough volumetric attack can (and often does) take down the websites of many organizations who weren’t even its target.
And this is only one part of a larger problem, which is…
Only a few providers are offering full-featured solutions.
When a disruptive technology transforms an industry, there are typically a few leaders who understand its potential, and are eager to exploit it. Everybody else tends to lag far behind.
This is certainly true of cloud web security. Most providers have not fully grasped the power of technologies such as Google Cloud Platform.
In effect, most providers are using the cloud as a lower-cost, higher-bandwidth version of a WAF appliance.
And they’re missing the true power of the cloud in general, and GCP in particular. This is a shame.
Imagine instead a truly next-generation web security solution: one that actually uses the cloud to its fullest potential. It does not consist of separate products, such as a WAF, DDoS protection, scraping prevention, and so on. It’s a comprehensive, unified, easy-to-use platform that blocks all forms of hostile traffic.
Imagine that this platform is built upon infrastructure such as Google Compute Engine, Cloud Virtual Networking, and Interconnect. It can be deployed anywhere in the world, in minutes, with as many instances as necessary, right in front of the data centers it’s protecting (thus ensuring near-zero latency).
Using Cloud Load Balancing, it reroutes incoming traffic dynamically. It scales bandwidth as needed automatically, limited only by the capacity of the worldwide cloud. Global CDN integration ensures lightning-fast responses to user requests.
Imagine that this platform does not treat each incoming request as an isolated event, which is the traditional approach (that almost all providers are still using).
Instead, it understands that each user request is merely one data point about that particular user’s behaviour, which is merely one part of the larger, holistic truth about that user, which overall determines whether that user is a legitimate visitor or an attacker. The platform also considers user characteristics such as geographic location, originating network, anonymizer and proxy usage, pace of incoming requests, and many other factors that helps to characterize the user’s intent.
Over time, as more incoming requests arrive, the platform builds a profile of each user, knowing that attacks frequently begin with requests that otherwise would seem innocuous.
If at any time a user’s behavior starts to become hostile, that user is instantly and automatically banned from further network access for a configurable length of time.
Imagine though that this diagnosis is not merely based on that user’s last few requests, or even on all of that user’s recent history.
Instead, the platform maintains a data trove in Google BigQuery Datastore, with petabytes of user behavior data, going back years — a comprehensive record not only from the domain being protected, but of all traffic the platform has ever encountered.
This massive data set can be accessed in an instant, thanks to Google Cloud DataFlow.
And Google Cloud Machine Learning allows the platform to learn and develop over time. Even as hackers develop new attack techniques, the platform becomes more sophisticated, always adapting to the ever-changing Internet environment.
Consider the implications of such a platform. Today, a would-be network intruder usually only needs to outwit a WAF appliance, or some similar device.
But with the platform described above, he would be contending with the computing capacity of the entire global cloud, which can marshal years of data and analytics against him, instantly recognizing if his behaviour is legitimate or not. (In fact, it can usually predict in advance exactly what he will do, before he even does it.)
And as you might have guessed by now, everything described above is not a futuristic vision. It exists already today, in the Reblaze web security platform.
While other security providers are still thinking of the cloud merely as a distributed WAF, Reblaze is weaving proprietary next-generation technologies into the global cloud infrastructure. This provides powerful, sophisticated protection that previous-generation solutions cannot come close to matching.
At Reblaze, our goal has always been to deliver the world’s best security technologies in a single, easy-to-use platform. And we’re very excited by all the innovations that Google has rolled out in GCP.
It’s much more than just disruptive technology. It’s allowing us to make the web a safer place for everyone.
