- If your AI-generated code becomes faulty, who faces the most liability exposure?
- These discoutned earbuds deliver audio so high quality, you'll forget they're mid-range
- This Galaxy Watch is one of my top smartwatches for 2024 and it's received a huge discount
- One of my favorite Android smartwatches isn't from Google or OnePlus (and it's on sale)
- The Urgent Need for Data Minimization Standards
Multi-Cloud Use Maturity – Cloud Security – Cloud Blog – VMware
This blog on Cloud Security represents part 8 and is the last installment of this multi-part blog series on multi-cloud use maturity. A comprehensive eBook that includes the entire multi-cloud use maturity framework can be found here. At the end of this blog, you can also find links to all the prior blogs in this series.
Security remains a top cloud concern
It seems like no matter what research study you pick up that
involves the cloud, security is always a top concern. I’ve been tracking this for many years now
and while there is plenty of evidence that the public cloud isn’t inherently
more or less safe than an on-premises environment, every year security makes
the list.
The duality of security
Fundamentally doing security well, whether in an on-premises environment
or in the cloud, is extremely challenging.
It is part of nearly every process and there is some security capability
built into almost every technology used in the data center or the cloud. Security is the poster child for needing to
coordinate across people, process and technology.
From a people perspective, everyone has some level of responsibility
but no one person can be fully responsible for everything that must be done to ensure
that applications and data are safe. And
seemingly small things can put an entire organization at risk.
The shared responsibility model that exists in the cloud makes
things even more challenging. Managing a
multi-cloud environment takes this a step further and increases the scale and
complexity challenges of the cloud by orders of magnitude.
So where to begin?
The first step in being able to implement the right security
practices for a single cloud or a combination of clouds, starts with having
visibility into the security posture of the organization across all apps, and
across all environments. Teams need the
ability to understand their security posture at both highly summarized levels
as well as the ability to go deep as needed when higher level summaries
indicate there are deeper problems.
Teams also need to have technologies in place that focus on
collecting massive amounts of data, analyzing that data and then distilling
that data into insights about the risk the organization faces. And you need to be able to this in as near
real time as possible. Finally, you need the ability to take automatic action
to remediate the most concerning risks.
Taking stock of where you are
Making sure that you can secure the applications and data you run
in a multi-cloud environment is a critical area of capability. As such it is important to assess where you
are today and then move to develop strategies that will increase your
capability over time.
Below is a set of capabilities related to security that should be
considered when assessing your level of maturity.
- The
ability to get real time visibility for most cloud-based apps into security and
compliance posture based on best practices and/or industry standards. - The
ability to get real-time alerts for most cloud-based apps for security events,
changes and risks. - The
ability to prioritize security violations based on quantifiable risks to cloud
based apps. - The
ability to automatically remediate a large number of potential risks based on
access, app, infrastructure or any other type of resource misconfiguration.
In terms of assessing multi-cloud maturity in this area,
organizations should first work to define a minimal set of standards that must
be adhered to across all teams. Related
to this, there is a minimum level of visibility that teams should work to
achieve in order to execute on these standards.
Building for the future
Once a baseline is established, teams can then focus on how they
can increase maturity by leveraging ever increasing levels of automation to:
- Establish
operational guardrails that keep app dev and operational team members from
getting into trouble in the first place - Prioritize
issues based on the relative risk of discovered problems - Remediate
discovered issues that pose a level of risk that it too great to wait for any
form of human intervention
Other blogs in the series
Achieving multi-cloud use maturity – new eBook can help
Multi-Cloud Use Maturity – Competency in onboarding the cloud
Multi-Cloud Use Maturity – Leveraging cloud services
Multi-Cloud Use Maturity – Make sure DevOps practices are solid
Multi-Cloud Use Maturity – Data Center Modernization
Multi-Cloud Use Maturity – Cloud Financial Management