Cavirin Blog

Control Your Cloud

This is the sixth blog in a series detailing workload best practices.

The first blog, 'Securing Modern Workloads', is available here

The second blog, 'Control Your Cloud', is available here

The third blog, 'Agility in Security', is available here

The fourth blog, 'Work Everywhere with Hybrid Solutions', is available here

The fifth blog, 'Security as you Go', is available here

-------------------

You have often heard about companies budgeting for compliance certifications. Each year, businesses budget for audits and achieving vertical specific compliance certification and authority to operate. These budgets are non-trivial and usually are spent in short-periods of time rather than throughout the year.

There is a confusion over agility and reality.


Businesses demand a rapid pace (agility) but at the same time must deal with compliance (reality).


A typical scenario is that during audits, the budgets are spent in a hurry to ensure that security controls are in place and not to miss the compliance certificate. This approach is potentially flawed. Compliance should be treated as a by-product of security. Good security measures and spending ensure that you have the necessary controls in place and those controls are functioning as intended. Such security measures help you get compliance certificates. Additionally, it ensures a uniform security posture throughout the year and not spikes at audit times to avoid fines and problems.

Your hybrid cloud strategy demands that you pay attention not only to on-premise workloads but also to your extended or shadowed datacenters.


You quickly tend to acquire cloud-specific tools (agility) and then invest in staff to maintain two set of tools (reality).


The applications and tools that you use for on-premise workloads may not deal with the realities of cloud. The flux and dynamicity of the cloud demands tools that can match the realities of hybrid workloads. Today your compute/storage/networking resources are fragmented between cloud and on-premise. This is your new reality. Your legacy as well as modern applications have security requirements and it is pointless to maintain footprint specific tools anymore. You benefit from streamlining your tools that work seamlessly on both the footprints.

You have convinced the management to transform your security tools and processes to match cloud and on-premise needs and you are ready to evaluate your options.

Control Your Cloud

This is the fifth blog in a series detailing workload best practices.

The first blog, 'Securing Modern Workloads', is available here

The second blog, 'Control Your Cloud', is available here

The third blog, 'Agility in Security', is available here

The fourth blog, 'Work Everywhere with Hybrid Solutions', is available here

-------------------

Extrapolating the cloud mindset, security as you go sounds promising. You could start small, sampling a fraction of your workloads, and then scale to accommodate everything that matters to you. The cloud gives you the flexibility to expand your resources as you need them. Your security tools should follow the same trait.

Automatically scaling your security tools help you to maintain their availability and allows you to scale your security tools as you need them without incurring significant costs. Let us understand this with an example. Security tools typically begin with a set of pre-requisite hardware configuration spec. This hardware specification is usually defined by the vendor at an optimum support level. But, you may not need it all the time. There are certain spikes (CPU, Memory or Network) at some stage of the security workflow in your tool. For example, if you are running an anti-virus tool, the resource requirements are high during a full system scan and low when you are just scanning for deltas. This did not “cost” you money if you kept running your anti-virus appliance in your own data center at the same resource allotment levels. But, in the cloud, if you choose a “bigger” instance size, you pay more whether you use it or not.

Control Your Cloud

Hybrid Solutions that natively work in the Cloud and On-Premise, equally well

This is the fourth blog in a series detailing workload best practices.

The first blog, 'Securing Modern Workloads', is available here

The second blog, 'Control Your Cloud', is available here

The third blog, 'Agility in Security', is available here

-------------------

As you are juggling between on-premise, cloud-first and cloud-only strategies?  Wouldn’t it be nice if you could just lift-and-shift your current security tools? Hybrid security tools natively work in both environments equally well.

As you are embracing the digital transformation for your organization, you should evaluate your security tools and ensure they have these important criteria: 

  1. Mix and match the workload origin
  2. Product design and security controls
  3. Minimize operational complexity
  4. Pricing 

Let us look at these briefly.

Mix and match the workload origin

Digital transformation to cloud may take anywhere between 6 months to 24 months. During this time, it is important for you to maintain the security posture of the current on-premise workloads and at the same time begin to look at the security posture of your migrated workloads. It would be great if you could continue to use the same tools that could offer you a monothematic view of both your on-premise and cloud workloads. Adopting new tools might take some time and may not produce composite reports combining your on-premise and cloud workloads.

For example, take this scenario. You have a web server farm with 10 on-premise Red Hat Linux servers. You begin to transition them in the cloud. Mid-way through the complete migration, you have 5 web servers on the cloud and 5 on-premises. Now suppose you need to have PCI security controls report at the OS level for your web farm. What do you do? A tool of your choice should continue to give you a comprehensive PCI security report at the web farm level irrespective of heterogeneity of the web farm composition. 

Control Your Cloud

This is the third blog in a series detailing workload best practices.

The first blog, 'Securing Modern Workloads', is available here

The second blog, 'Control Your Cloud', is available here

-------------------

A lot is being talked and written about agile practices and how they are transforming various aspects of modern IT. Agility in security, a.k.a. SecDevOps or DevSecOps or SecOps or Security Orchestration or Security Automation, is getting called out as well.

Let’s see what we are doing in this space. 

  • Security Assessment of CloudFormation Deployments
  • Vulnerability and Compliance assessments for Docker Containers
  • API endpoints for integrating with backward-integration and forward-integration 

Security Assessment of CloudFormation Deployments

AWS CloudFormation is the cornerstone of IT stack deployments. You may leverage  AWS Quick Starts to build a secure and compliant cloud infrastructure. Quick starts, such as PCI Quick Start, come with a pre-built-in template that you may use to deploy a PCI compliant infrastructure. AWS lays out the Shared Security Responsibility Model for PCI.

Control Your Cloud

This is the second blog in a series detailing workload best practices.

The first blog, Securing Modern Workloads, is available here

The Cloud Security Alliance has done a phenomenal work in defining various cloud controls you should act upon or at least be aware of when determining your responsibility and choosing qualified vendors or training in-house personnel. One such work is a Cloud Controls Matrix that highlights the Shared Security Responsibility Model and provides architectural references.

Securing Modern Workloads

This is the first blog in a series detailing workload best practices.

Per WikipediaA workload is the amount of work an individual has to do. There is a distinction between the actual amount of work and the individual's perception of the workload. Workload can also be classified as quantitative (the amount of work to be done) or qualitative (the difficulty of the work)”.

Cavirin provides security management across physical, public, and hybrid clouds, supporting AWS, Microsoft Azure, Google Cloud Platform, VMware, KVM, and Docker.

 

Address

5201 Great America Pkwy Suite 419  Santa Clara, CA 95054

- 1-408-200-3544

  sales@cavirin.com

  press@cavirin.com

  info@cavirin.com

Cavirin US Location