Cavirin Blog

Control Your Cloud

Business Agility Over Reality - Truth or Myth?

This is the sixth blog in a series detailing workload best practices.

The first blog, 'Securing Modern Workloads', is available here

The second blog, 'Control Your Cloud', is available here

The third blog, 'Agility in Security', is available here

The fourth blog, 'Work Everywhere with Hybrid Solutions', is available here

The fifth blog, 'Security as you Go', is available here

-------------------

You have often heard about companies budgeting for compliance certifications. Each year, businesses budget for audits and achieving vertical specific compliance certification and authority to operate. These budgets are non-trivial and usually are spent in short-periods of time rather than throughout the year.

There is a confusion over agility and reality.


Businesses demand a rapid pace (agility) but at the same time must deal with compliance (reality).


A typical scenario is that during audits, the budgets are spent in a hurry to ensure that security controls are in place and not to miss the compliance certificate. This approach is potentially flawed. Compliance should be treated as a by-product of security. Good security measures and spending ensure that you have the necessary controls in place and those controls are functioning as intended. Such security measures help you get compliance certificates. Additionally, it ensures a uniform security posture throughout the year and not spikes at audit times to avoid fines and problems.

Your hybrid cloud strategy demands that you pay attention not only to on-premise workloads but also to your extended or shadowed datacenters.


You quickly tend to acquire cloud-specific tools (agility) and then invest in staff to maintain two set of tools (reality).


The applications and tools that you use for on-premise workloads may not deal with the realities of cloud. The flux and dynamicity of the cloud demands tools that can match the realities of hybrid workloads. Today your compute/storage/networking resources are fragmented between cloud and on-premise. This is your new reality. Your legacy as well as modern applications have security requirements and it is pointless to maintain footprint specific tools anymore. You benefit from streamlining your tools that work seamlessly on both the footprints.

You have convinced the management to transform your security tools and processes to match cloud and on-premise needs and you are ready to evaluate your options.


You may quickly pick some choices (agility) but you need to ensure that these tools work with a spectrum of options (reality).


 

Courtesy - https://www.youtube.com/watch?v=KuOy63yzc8c

In brief, if you are on the bottom left of the spectrum, you don’t have much to do about the data that these security tools churn on daily basis. But, if you are on the top right corner, it depends upon your maturity level to consume data from security tools. You should carefully pick tools that provide you choices and options that match your top right corner spectrum capabilities. If the tools that you choose just provide measurement capabilities and do not have alerting, remediating and preventing capabilities, perhaps you might want to search for other options.

To conclude, you find that agility in business is a good thing but you need to carefully deal with realities specially when it comes to security and compliance. Treat compliance as a by-product of good security practices and products and carefully evaluate potential options and methodologies.

0
0
0
s2sdefault

Cavirin provides security management across physical, public, and hybrid clouds, supporting AWS, Microsoft Azure, Google Cloud Platform, VMware, KVM, and Docker.