The cloud offers much promise for enterprise organizations. But, as they dive head-first into this new frontier, enterprises are realizing that securing the cloud is not quite as straight forward as traditional environments due to two things: the cloud’s shared responsibility model, in which the cloud provider is responsible for security of the cloud, but the enterprise is responsible for security in the cloud, and the cultural challenges of managing the cloud within the dual context of operations and security.
Even as organizations overcome those challenges, they quickly realize that the there is something much bigger than merely having to share responsibility with a third party — they must do it with multiple third parties and then integrate it all together, aka the multi-cloud.
Organizations are increasingly employing these so-called multi-cloud strategies, in which they use multiple public cloud environments, and then take a workload-centric architectural view as they integrate workflows across traditional on-premises, private cloud and multiple public cloud environments — what we call Hybrid IT.
As these hybrid environments are becoming the de facto production state, organizations are realizing that both the operational and security challenges are growing exponentially. The question that every IT leader must now tackle is how to leverage the power of this new approach without introducing security risks that will undermine their forward progress.
Modern IT is no longer systems-centric, but is, instead, becoming workload-centric. Today’s new business and operating models demand that organizations deploy complex architectures in which workloads traverse the organization’s newly hybrid environments — spanning traditional on-premises, private cloud, and multiple public cloud architectures.
One of the results of this transition is that there is no longer a conventional enterprise perimeter — the primary, traditional focus of enterprise security. This lack of a classic perimeter and the complexity that hybrid IT environments introduce, require that organizations take a fresh look at how they approach securing the modern technology stack.
This phenomenon also increases the importance of getting security right in the context of the shared responsibility model, as doing so becomes one of the primary tools in the new security toolbox.
The challenge, of course, is that every public cloud provider and private cloud technology platform has its own unique characteristics. So, while public cloud providers reference a common shared responsibility model, the implementation of the model varies wildly from provider to provider.
As Jason Bloomberg pointed out in the first blog post in this series, the answer to dealing with this challenge is taking an abstracted, policy-centric approach to security. It’s essential that these policies address both the enterprise’s and cloud provider’s responsibilities so that the organization can manage security and operations both strategically and holistically.
Moreover, organizations must adapt the implementation of these policies to the various private and public cloud architectures that make up their hybrid environment — and then, as I discussed in the second post in this series, do so in close coordination with the organization’s operational teams and their performance requirements.
Finally, enterprises must recalibrate these combined and abstracted security and operational policies around the workload. Using operational data, organizations can then create workload-focused visibility to identify anomalous behavior across their hybrid environment.
In practice, this all comes down to data. When there is no reliable perimeter on which to ‘stand your ground,’ organizations must identify anomalous behaviors wherever they may occur anywhere across this new workload-centric architecture – whether those anomalies occur while data is moving between servers (so-called east-west traffic) or between the client and server (north-south traffic).
In order to properly adapt the security posture to this new hybrid and multi-cloud reality, therefore, organizations must capture data holistically to create real-time visibility into their dynamic environment.
Rightfully so, security is a top-of-mind concern for any business and IT executive today. But as organizations are moving more workloads to the cloud and deploying these hybrid architectures, the complexity and security challenges grow exponentially.
While organizations are acutely aware of the stakes, many enterprise leaders are significantly underestimating the challenges facing them as these hybrid environments become a reality. Most significantly, many organizations continue to rely on traditional security approaches that are ill-equipped to help them simultaneously secure and optimize performance as they make the transition to this highly fluid and perimeterless state.
Organizations must transform their security posture from a systems-centric, perimeter-focused approach to one that is policy-driven and which relies on data, real-time visibility, and anomaly detection as their primary security modalities. Doing so is the surest way for organizations to simultaneous deliver performance and security in these dynamic and rapidly evolving architectures.
Copyright © Intellyx LLC. Gigamon is an Intellyx client. Intellyx retains full editorial control over the content of this paper.