I left off the last blog, with the security capabilities to have on your cloud checklist to cover your operating system, network, apps and data in the cloud.
The list doesn’t end there – one of the keys to successful security deployments is the ability to embed security into your cloud architecture and operational processes. This will not only ensure you have your protection bases covered, it will ensure security is easy to deploy and manage.
Let’s start with what you need to get security up and running quickly
We see customers who are taking different approaches to their cloud deployments. On one hand, there are organizations that begin and end with cloud environments or have isolated use cases for the cloud. In both scenarios, security is required only for this environment, and they are basically starting from scratch to figure out what policies make sense. For these cases, look for a security solution that has a large pre-configured set of rules and the ability to recommend what protection measures make sense for your environment to meet your corporate security standards and compliance requirements.
On the other hand, there are organizations that live in a hybrid world and are figuring out how to extend their architectures to use the cloud. In these cases, there are often security policies and measures already in place, and the goal is to maintain corporate standards. Here, the key is to get up and running quickly and avoid duplicate effort with the ability to have consistent policy and security across all your environments – cloud, virtual and physical.
Securing the dynamic day-to-day
We all know one of the most important value propositions in moving to the cloud is the ability to match infrastructure to demand with elastic scale. In some cases, this means your workloads will be changing on a daily basis. With instances automatically scaling up and down, what do you need from a security solution so that security doesn’t somehow get in the way?
Your security solution should include the ability to instantly apply protection as you add instances to your environment, regardless of how—manually or automatically. The protection should also be able to be specific to how the instance will be used. For example, instances used for production will likely have different requirements than those used for development.
As your environment becomes more and more automated with the use of management tools like Chef, Puppet or OpsWorks, your security solution should also be able to be used seamlessly with those tools.
Finally, one of the keys to effectively managing your security will be real-time visibility into what is happening in your environment. This means a view across hybrid architectures and also a view that brings together multiple capabilities. Look for a security solution that can provide easy-to-use dashboards and alerts to manage multiple capabilities, the ability to tune to remove false positives to reduce remediation effort, and built-in reporting to easily address audit requirements.
To ensure security is easy-to-deploy and manage, add the following to your cloud security checklist:
- Recommendations to fit your security policies to your instances to reduce deployment effort
- Ability to leverage security policies across your hybrid environment to avoid duplicate effort
- Instant-on security to apply policies automatically as you scale up and down your instances
- Ability to automatically match the appropriate security policy to your instances
- Integrations with cloud management tools like Chef and Puppet to further embed security into operational processes
- Dashboards, reports and alerts to provide real-time visibility into environment with focus on where you need to pay attention
The cloud security checklist is coming together – from what protection you need to what to look for to make security part of your cloud architecture and operation. What’s left on the list? Let’s discuss deployment options – are you looking for software or SaaS? Annual subscription or Pay-as-you-go? Coming soon – I‘ll pull together the completed security checklist with options to how you might want to buy and deploy.