As cloud environments take increasingly complex shapes — with elements both public and private and elements spread out over multiple providers — it can prove challenging to manage those environments in a cost-effective way.
It can be equally challenging to secure them. A recent study from BPI Network on multicloud technology found that more than half of all respondents (52 percent) were making progress toward adopting the cloud at their organizations, with roughly 30 percent stating that at least half of their enterprise applications were now in the cloud.
However, the report also found that 63 percent of respondents said that they faced challenges ensuring security across clouds, with other major concerns including management complexity (around two-thirds of respondents said they were using at least two public clouds), centralized visibility and gaining the skills needed to properly manage the technology.
During a recent session at VMworld 2020, Jason Needham, the senior director of product management at VMware, noted that this added complexity can create security problems down the line.
DISCOVER: Learn how to protect multicloud environments while empowering a distributed workforce.
“Suddenly, it’s not just one set of application owners with lock and key to a data center or access credentials to a certain set of application servers,” Needham said. “It’s a whole army of developers and DevSecOps teams or DevOps teams that are provisioning and maintaining more of a stack.”
How to Keep Strategy, Configuration and Security Aligned
The benefits of multicloud implementation are well documented, but they come with real security challenges. According to the Cloud Security Alliance, the second-biggest security concern facing cloud installations, after data breaches, is misconfiguration. The third-biggest is a lack of security architecture and strategy.
These three issues interact with one another in complex ways. A poorly configured cloud security architecture can foster misconfigurations that leave your infrastructure exposed in dangerous ways, putting you at greater risk of a data breach.
The alliance notes that building a strong foundation around cloud security can help, and that software offerings can aid in managing that foundation as it expands across platforms.
“Leveraging cloud-native tools to increase visibility in cloud environments will also minimize risk and cost,” the report adds. “Such precautions, if taken, will significantly reduce the risk of compromise.”
Monitoring Tools Help Ensure Cloud Security
With cloud platforms such as Amazon Web Services and Google Cloud representing a level of sophistication that often requires abstractions such as Infrastructure as Code to manage, concerns will arise about access management.
While AWS and other cloud platforms allow for the use of identity and access management (IAM) policies to minimize the amount of access an individual user or tool may have, it’s important for infrastructure teams to get a full understanding of who has access to what.
This is where security monitoring tools such as VMware’s CloudHealth Secure State can come in handy. During his VMworld session, Needham noted that Secure State can help monitor potential vulnerabilities as they surface on cloud accounts in real time.
“This faster-to-detect approach provides not only a way to keep up with every change and configuration shift in your cloud account but also provides a smarter approach to cloud detection,” he said. “We call this an interconnected cloud security model that looks at the services and relationships that are happening and changes that are happening inside of your public cloud accounts.”
The tool allows full visibility of your cloud infrastructure both now and over time so you can understand how the infrastructure is being used. To help minimize access, Secure State only maintains the level of access it needs to do its job, nothing more.
“So, we remain a read-only account — read-only privileges in your account to grab and understand what’s happening within your infrastructure — but allow you to coordinate and schedule the responses that you want to take in your cloud account,” he added.
Brought to you by:
