In our last blog on cloud controls, we discussed how important it was to have visibility into your cloud. This is the most logical place to start – and the concept we hear the most concern about at industry events – because without visibility into what’s actually happening in your cloud, you can’t do much else with it.
Once visibility is established, though, the next immediate step begins with debunking a common flaw in cloud thinking.
Cloud security and on-prem security are NOT that different
Not at all, really.
They’re both rooted in policy.
Policy (security intent) is the bedrock of all security programs because it distills the most essential statements about security: this is allowed, that is not. When you consider the requirements to refine your cloud security, it will always come down to policies that describe permissions.
That’s the same in on-prem. It’s the same in cloud. It’s the building block of any network security approach.
OK, so now what?
This is a two-step process we need to establish before we get deeper into orchestration (our next post). For now, here’s what we need to think about:
Translation: First — what makes up your desired state? This usually involves a mix of compliance standards, security best practices, industry regulations and government requirements.
Next — what do the different players that might access the cloud need from the cloud? Users tend to want access. Applications tend to share information. IaaS tends to group, parse and support the users and apps. Remember: your one constant is security intent.
So now you need to translate that intent into public, private and hybrid cloud controls. This translation creates consistent policy that calibrates the right rule for the right context to ensure your intentions flow to any cloud.
Automation: You’ve no doubt heard of this by now, right? Here’s what it means in a cloud control context: translation turns your security intent into specific cloud controls, and automation checks the design against all possible contingencies, scores the risk – and, if all cleared, pushes rules to the cloud.
Businesses tend to like this approach because the speed at which cloud tech is adopted can’t truly be kept up with by humans, and it’s a cost savings for the business. You get cloud controls instantly applied based on intent, and you save money. Win-win.
Next time out, we’re going to discuss orchestration in the context of some of FireMon’s core functions: vulnerability management, continuous compliance and the ability to make changes to your cloud controls. In the meantime, take a look at how we’re already helping customers with visualizing and protecting cloud enviornments.
Feel free to reach out with any questions.