It’s the week of Google Cloud NEXT and, as a Google Cloud Technology Partner, we are glad to see our efforts to add Google Cloud Platform (GCP) into the Cavirin family of cloud security products succeed. The March 2017 release of Cavirin's platform will include support for continuous security assessment of workloads on GCP, and marks a major milestone in our company’s vision to be the provider of consistent security solution across workloads running on multiple cloud providers’ platforms.
Regardless of the public cloud platform of choice for the enterprise, the fundamental problems remain, and manifest themselves in the form of the following questions:
- As a CIO or CISO of the enterprise, can I safely migrate my business-critical workloads to the public cloud, and still have the same level of security management built over years of operational experience within my private data center?
- Knowing that, security operations in the cloud is a totally different ball game, particularly with the expectation of the “shared responsibility model” from the cloud providers. Will I have a “security companion” to make migration less risky?
- Once in the cloud, will I continue to be able to run my business-critical workloads securely, with an ability to monitor the risk posture quantitatively, and be able to report to the management and board convincingly about our security?
These are fair questions to be expected and, perhaps at a faster rate, as the trend towards public cloud migration of enterprise workloads are intensifying. This was also confirmed by Diane Greene, the senior VP of Google Cloud, with the announcement this week of major names using GCP that include Disney, Home Depot, Verizon and Colgate-Palmolive.
We, at Cavirin, look at cloud security through a single prism: regardless of what cloud an enterprise may adopt, cloud security assessment/monitoring must be simple, canonical and consistent across the clouds. This seemingly simple objective, when viewed from the multitude of differences in today’s cloud topologies and operational procedures, gains significant importance since it allows us to address the cloud security concerns with a simple model.
Within Cavirin’s cloud security products the security orchestration is straight forward: with a few mouse clicks from our Control Plane User interface (or with the invocation of a few REST APIs, if you are a DevOps or SecOps professional), you can discover your GCP infrastructure assets, identify the resources with comprehensive details, assess & harden the resources against security benchmarks (CIS & DISA), and do this automatically and continuously.
The primary objective of this practice, assisted by Cavirin’s products, is to have a “security companion” for your GCP infrastructure. Fortunately, Cavirin has also the most comprehensive set of OS hardening rules that can automatically test any number of operating system versions that may be installed and operated on GCP running critical workloads. These rules and the automated tests enable the security assessment and continuous monitoring and significantly reduce the attack surfaces of our customers’ infrastructure.