Free Trial

DevOps

Control Your Cloud

This is the fifth blog in a series detailing workload best practices.

The first blog, 'Securing Modern Workloads', is available here

The second blog, 'Control Your Cloud', is available here

The third blog, 'Agility in Security', is available here

The fourth blog, 'Work Everywhere with Hybrid Solutions', is available here

-------------------

Extrapolating the cloud mindset, security as you go sounds promising. You could start small, sampling a fraction of your workloads, and then scale to accommodate everything that matters to you. The cloud gives you the flexibility to expand your resources as you need them. Your security tools should follow the same trait.

Automatically scaling your security tools help you to maintain their availability and allows you to scale your security tools as you need them without incurring significant costs. Let us understand this with an example. Security tools typically begin with a set of pre-requisite hardware configuration spec. This hardware specification is usually defined by the vendor at an optimum support level. But, you may not need it all the time. There are certain spikes (CPU, Memory or Network) at some stage of the security workflow in your tool. For example, if you are running an anti-virus tool, the resource requirements are high during a full system scan and low when you are just scanning for deltas. This did not “cost” you money if you kept running your anti-virus appliance in your own data center at the same resource allotment levels. But, in the cloud, if you choose a “bigger” instance size, you pay more whether you use it or not.

0
0
0
s2sdefault
Control Your Cloud

Hybrid Solutions that natively work in the Cloud and On-Premise, equally well

This is the fourth blog in a series detailing workload best practices.

The first blog, 'Securing Modern Workloads', is available here

The second blog, 'Control Your Cloud', is available here

The third blog, 'Agility in Security', is available here

-------------------

As you are juggling between on-premise, cloud-first and cloud-only strategies?  Wouldn’t it be nice if you could just lift-and-shift your current security tools? Hybrid cloud security tools natively work in both environments equally well.

As you are embracing the digital transformation for your organization, you should evaluate your security tools and ensure they have these important criteria: 

  1. Mix and match the workload origin
  2. Product design and security controls
  3. Minimize operational complexity
  4. Pricing 

Let us look at these briefly.

Mix and match the workload origin for a Hybrid Cloud

Digital transformation to migrate workloads to the cloud may take anywhere between 6 months to 24 months. During this time, it is important for you to maintain the security posture of the current on-premise workloads and at the same time begin to look at the security posture of your migrated workloads. It would be great if you could continue to use the same tools that could offer you a monothematic view of both your on-premise and cloud workloads. Adopting new tools might take some time and may not produce composite reports combining your on-premise and cloud workloads.

For example, take this scenario. You have a web server farm with 10 on-premise Red Hat Linux servers. You begin to transition them in the cloud. Mid-way through the complete migration, you have 5 web servers on the cloud and 5 on-premises. Now suppose you need to have PCI security controls report at the OS level for your web farm. What do you do? A tool of your choice should continue to give you a comprehensive PCI security report at the web farm level irrespective of heterogeneity of the web farm composition. 

0
0
0
s2sdefault
Control Your Cloud

This is the third blog in a series detailing workload best practices.

The first blog, 'Securing Modern Workloads', is available here

The second blog, 'Control Your Cloud', is available here

-------------------

A lot is being talked and written about agile practices and how they are transforming various aspects of modern IT. Agility in security, a.k.a. SecDevOps or DevSecOps or SecOps or Security Orchestration or Security Automation, is getting called out as well.

Let’s see what we are doing in this space. 

  • Security Assessment of CloudFormation Deployments
  • Vulnerability and Compliance assessments for Docker Containers
  • API endpoints for integrating with backward-integration and forward-integration 

Security Assessment of CloudFormation Deployments

AWS CloudFormation is the cornerstone of IT stack deployments. You may leverage  AWS Quick Starts to build a secure and compliant cloud infrastructure. Quick starts, such as PCI Quick Start, come with a pre-built-in template that you may use to deploy a PCI compliant infrastructure. AWS lays out the Shared Security Responsibility Model for PCI.

0
0
0
s2sdefault
Control Your Cloud

This is the second blog in a series detailing workload best practices.

The first blog, Securing Modern Workloads, is available here

The Cloud Security Alliance has done a phenomenal work in defining various cloud controls you should act upon or at least be aware of when determining your responsibility and choosing qualified vendors or training in-house personnel. One such work is a Cloud Controls Matrix that highlights the Shared Security Responsibility Model and provides architectural references.

0
0
0
s2sdefault
Securing Modern Workloads

This is the first blog in a series detailing workload best practices.

Per WikipediaA workload is the amount of work an individual has to do. There is a distinction between the actual amount of work and the individual's perception of the workload. Workload can also be classified as quantitative (the amount of work to be done) or qualitative (the difficulty of the work)”.

0
0
0
s2sdefault

© 2018 Cavirin Systems, Inc. All rights reserved.