eBooks

OreillyMultiCloudFinalEBOOK

Learn all you need to know about email best practices, deliverability, and tools with email whitepapers and ebooks.

Issue link: https://hub.dyn.com/i/1119883

Contents of this Issue

Navigation

Page 35 of 57

traffic to edge devices, and correlation of incidents affecting edge devices with other security activity happening in your network. Why Protecting Assets on the Edge Is Critical As discussed in Chapters 1 and 2, multicloud environments are complex and require careful planning, and this planning extends to implementing proper security controls. A misconfigured firewall rule, poorly deployed VPN, or lax API access control can result in the exposure of thousands or millions of customers' data. These vul‐ nerabilities can also give attackers more ways to access your net‐ work. Strong edge security can also help protect organizations against potential development security flaws. For example, protecting against cross-site scripting (XSS) attacks at the edge means sensitive customer data is less likely to be exposed. Protecting edge assets is not just about ensuring that the rest of the cloud infrastructure is secure. It also means securing the edge devi‐ ces themselves. Securing the edge in the cloud begins with securing the edge devices that protect that cloud infrastructure. You need to closely monitor and quickly patch systems deployed at the edge of cloud environments. An attacker who manages to exploit and gain access to one of these systems will potentially have access to not just the multicloud infrastructure, but possibly the entire network. Organizations need to treat edge devices in the cloud as critical assets, just as they would edge devices in the network. Taking the necessary steps to secure and monitor the newly defined edge goes a long way toward building on the work that the develop‐ ment team did when building security into their process. This cre‐ ates a multilayered security strategy and means that one mistake won't necessarily result in a breach, because other security measures will kick in and compensate for those failures. API Gateways as a Mechanism for Centralizing Security Policies One way to better manage security at the edge is through the use of API gateways. An API gateway is a system that sits in front of serv‐ ices deployed in a multicloud environment and acts as an aggrega‐ tor. Rather than have each service talk directly to each other, they 30 | Chapter 3: Security in Multicloud Environments

Articles in this issue

view archives of eBooks - OreillyMultiCloudFinalEBOOK