One of the bigger issues when migrating to the cloud is translating and extending your existing security controls, especially our old friend, network security. While cloud networking may resemble what we are used to, under the covers it behaves, and is managed, very differently.

Over the last few decades we have been refining our approach to network security. Find the boxes, find the wires connecting them, drop a few security boxes between them in the right spots, and move on. Sure, we continue to advance the state of the art in exactly what those security boxes do, and we constantly improve how we design networks and plug everything together, but overall change has been incremental. How we think about network security doesn’t change – just some of the particulars.

Until you move to the cloud.

While many of the fundamentals still apply, cloud computing releases us from the physical limitations of those boxes and wires by fully abstracting the network from the underlying resources. We move into entirely virtual networks, controlled by software and APIs, with very different rules. Things may look the same on the surface, but dig a little deeper and you quickly realize that network security for cloud computing requires a different mindset, different tools, and new fundamentals.

Many of which change every time you switch cloud providers.

This report walks you through these differences, and includes specific examples from major cloud providers to show you what it looks like in the real world.

Our thanks to Algosec for licensing the research so we can offer it for free.

Pragmatic Security for Cloud and Hybrid Networks (pdf)