Cavirin Blog

Control Your Cloud

Security As You Go

This is the fifth blog in a series detailing workload best practices.

The first blog, 'Securing Modern Workloads', is available here

The second blog, 'Control Your Cloud', is available here

The third blog, 'Agility in Security', is available here

The fourth blog, 'Work Everywhere with Hybrid Solutions', is available here


Extrapolating the cloud mindset, security as you go sounds promising. You could start small, sampling a fraction of your workloads, and then scale to accommodate everything that matters to you. The cloud gives you the flexibility to expand your resources as you need them. Your security tools should follow the same trait.

Automatically scaling your security tools help you to maintain their availability and allows you to scale your security tools as you need them without incurring significant costs. Let us understand this with an example. Security tools typically begin with a set of pre-requisite hardware configuration spec. This hardware specification is usually defined by the vendor at an optimum support level. But, you may not need it all the time. There are certain spikes (CPU, Memory or Network) at some stage of the security workflow in your tool. For example, if you are running an anti-virus tool, the resource requirements are high during a full system scan and low when you are just scanning for deltas. This did not “cost” you money if you kept running your anti-virus appliance in your own data center at the same resource allotment levels. But, in the cloud, if you choose a “bigger” instance size, you pay more whether you use it or not.

So, your security tools for the cloud should be “cloud-aware” and be accommodative of the assigned resources. The ability for your security tools to get started with a minimum required hardware specification and then scale out as needed is an important consideration to keep the costs low and maintain your security posture irrespective of your workload fleet size. Scaling vertically may be prudent in certain scenarios but mostly scaling out is preferred. You should prefer tools that can scale out over scale up. Additionally, there are other performance enhancing techniques such as using caches instead of reading data from the databases every time for compute intensive or IO intensive results. Such measures avoid scaling up your security tools and benefit from scale-out operations.



Cavirin provides security management across physical, public, and hybrid clouds, supporting AWS, Microsoft Azure, Google Cloud Platform, VMware, KVM, and Docker.