Get My Score

Work Everywhere with Hybrid Solutions

Control Your Cloud

Hybrid Solutions that natively work in the Cloud and On-Premise, equally well

This is the fourth blog in a series detailing workload best practices.

The first blog, 'Securing Modern Workloads', is available here

The second blog, 'Control Your Cloud', is available here

The third blog, 'Agility in Security', is available here


As you are juggling between on-premise, cloud-first and cloud-only strategies?  Wouldn’t it be nice if you could just lift-and-shift your current security tools? Hybrid cloud security tools natively work in both environments equally well.

As you are embracing the digital transformation for your organization, you should evaluate your security tools and ensure they have these important criteria: 

  1. Mix and match the workload origin
  2. Product design and security controls
  3. Minimize operational complexity
  4. Pricing 

Let us look at these briefly.

Mix and match the workload origin for a Hybrid Cloud

Digital transformation to migrate workloads to the cloud may take anywhere between 6 months to 24 months. During this time, it is important for you to maintain the security posture of the current on-premise workloads and at the same time begin to look at the security posture of your migrated workloads. It would be great if you could continue to use the same tools that could offer you a monothematic view of both your on-premise and cloud workloads. Adopting new tools might take some time and may not produce composite reports combining your on-premise and cloud workloads.

For example, take this scenario. You have a web server farm with 10 on-premise Red Hat Linux servers. You begin to transition them in the cloud. Mid-way through the complete migration, you have 5 web servers on the cloud and 5 on-premises. Now suppose you need to have PCI security controls report at the OS level for your web farm. What do you do? A tool of your choice should continue to give you a comprehensive PCI security report at the web farm level irrespective of heterogeneity of the web farm composition. 

Product Design of a Hybrid Infrastructure and Security Controls

Products that need to work on both fronts must be conceptualized from design perspective to work with the right set of security controls.  

Let us understand its importance using 2 examples.

First, consider using an agent-based product. The security agility that you have been dreaming about may not be as realizable with that architecture. Installing agents on cloud instances and on-premise machines might turn out to be a nightmare. You might need to keep the agents running all the time (manage ports, services, storage, logs, etc.) to give you a continuous security assessment. With ephemeral workloads, it might take quite a few CPU cycles and a large storage footprint to bring up the agent.

In our second example, consider authentication to the machines. It is quite common to use username and password for authenticating to your on-premise workloads. When you move to the cloud, it is mostly key based authentication. As a security practice, you would want to avoid username and password based authentication to the cloud workloads all together.

Hence, the product design and security controls it offers you are very important considerations. It should work seamless with on-premise methods and cloud processes.

Operational Complexity

Quick time to value is what matters most to you. Any solution you choose should be easy to deploy on-premise as well as on the cloud. Would it not be nice if you have the option to choose how you want to consume your security product instead of vendor pushing you to choose its current deployment methodology? Imagine you had the option to deploy on-premise, in the cloud or just consume the offering as a service. The operational complexity could be totally under your control. If you want to control the application and the data, you choose to ‘own and deploy’ the product either on-premise or in the cloud. If you are interested to just consume the offering, you could do so as well without needing to ‘own and deploy’ your own copy of the product. Imagine an option to deploy as a virtual appliance on-premise and deploy as a cloud resource on the cloud. This is what would ensure that you have complete control over the deployment and operational complexity of the product that you choose. The more options you have, the better.


This is the sweet spot. How would you like to pay for the product - “Pay as you go” or “Annually” model or a “Perpetual license”? Cloud pricing and on-premise pricing varies significantly. A product that can mix and match the fee based on your requirements is what you need. You might want to choose “Pay as you go” for your cloud resources but “Perpetual licenses” for your on-premise needs. Carefully evaluate your pricing options before making a choice.

Hence, you find that the criteria outlined above for choosing your heterogenous workload security are very important consideration in making a rightful decision.




© 2018 Cavirin Systems, Inc. All rights reserved.