17% of enterprises have 1000+ virtual machines on public cloud and 28% of enterprises have 100-1000 virtual machines on public cloud[i]. As per Verizon’s 2016 Data Breach Investigations Report, server workloads are amongst the prime targets for cyber criminals. If we correlate these two facts, then we realize the importance of having a strong security strategy for cloud server workloads. A reliable security solution for cloud server workloads will empower enterprises to confidently migrate their data centers to the cloud.
Below are seven values every business should look for in a public cloud workload security solution.
- Integrated security architecture for Sustainable advantage: Enterprises will continue to have complex IT environments. Users, endpoints, data, on-premises workloads and cloud workloads keep increasing or changing. With this, needs around on-premises and cloud security become complex. It is important to have an integrated and extensible security architecture that provides a sustainable advantage in the long-term. Threats can enter organizations from any source and can move laterally targeting key assets such as servers. Effective security controls are those that integrate and share information so that each security layer is intelligent to provide defense against latest threats.
- Granular visibility and control on cloud workloads: ‘You can’t control what you can’t see’. In a dynamic cloud environment where you have limited control on creation and termination of workloads, it becomes extremely challenging to provide right security policies to workloads. An ideal solution should allow you to easily discover, assess, and remediate emerging threats targeting cloud workloads. It should offer granular details such as DNS Name, IP Address, instance name, instance ID, virtual network ID for the cloud workloads to quickly identify the exact location of threats for faster remediation.
- Single management platform for on-premises and cloud security solutions: A single management platform that caters to all your security needs reduce costs drastically. Imagine having a single pane of glass to deploy multiple security features, manage and enforce multiple policies across numerous assets that are on-premises or in the cloud. Using a single console, security teams can automate a lot of tasks, detect incidents in minutes and allocate fewer resources to manage security. Such experience is hard to beat and it equips security teams to perform their tasks faster.
- Built for the cloud and should scale up or down as per need: Comprehensive protection is important but not at the expense of a non-scalable solution. Auto-elasticity is key for a cloud security solution wherein protection can be enforced easily in the dynamic cloud environment where workloads are mainly stateless. Cloud workloads are short-lived and need to scale up or down as per business needs. An ideal security solution for such workloads should also scale up or down as per business needs.
- DevOps tools support: 81% of enterprises have DevOps processes[ii]. DevOps tools such as Puppet and Chef are extensively used to accelerate application deployment and management. A good security solution should meet DevOps standards and should support DevOps tools.
- Flexible buying options to reduce security costs: Apart from agility, the reason enterprises are adopting cloud is to reduce costs. Similarly, they should have licensing options to reduce costs associated with security. For persistent workloads enterprises might require perpetual licensing, while for stateless workloads enterprises might need pay-as-you-go hourly pricing.
- Ensure compliance requirements are met: Demonstrating security compliance is a key requirement for many enterprises. The solution should help businesses meet compliance requirements around HIPAA, PCI, etc. as per their industry needs.
Check out this video on how McAfee can help you with cloud workload security: Complete security solution for AWS and Azure workloads
This blog post was written by Paresh Joshi.