So, you have a private cloud built on platforms such as VMware or OpenStack and use public clouds such as Amazon Web Services and Microsoft Azure. You realize that your hybrid clouds need the same level of protection as your legacy physical servers and are hoping to get a single solution to secure them.
You begin your search and quickly locate options that claim hybrid cloud support and are eager to begin evaluation. Before you sign on the dotted line, I’d like to explain what you need to know so that you don’t get stuck with a solution that’s going to cause you a lot of extra time and effort and deliver a lot less cloud security.
Most, if not all, hybrid cloud security vendors have connectors and use them to communicate with clouds. While it’s a good first step to find out if connectors are available for the clouds that you have deployed, this is just one of many features that you will need to consider.
The 5 “C”s of Hybrid Cloud Security
The “C” stands for consistency. Without it, you won’t achieve complete hybrid cloud protection, your cloud compliance will be at risk and you’ll never be able to keep up with your dynamic cloud workloads. Below, I’ve identified 5 “C”s of hybrid cloud security, a blueprint for safer clouds.
Consistent Visibility – You can’t secure what you can’t see. Hybrid cloud security requires visibility without borders to reduce the risk of security issues from blind spots in private or public clouds. End-to-end visibility into infrastructure, workloads, traffic and threats across private and public clouds helps ensure that you’re getting continuous and comprehensive protection. Connectors provide access to clouds in isolation; they don’t provide multi-cloud visibility. No wonder that 58% of organizations cite lack of visibility as their greatest cloud operations issue. 1
Consistent Management – If you choose to use multiple vendors to manage your hybrid cloud security you will certainly have to use multiple management consoles. Even if you select one vendor to manage all your clouds, you may still wind up with separate consoles to manage different security controls or non-cloud infrastructure. A single-console gives you consistent management for all your security capabilities – policy management, deployment, visibility and threat information across all clouds and physical deployments.
Consistent Policies – Creating and managing policies in a centralized console not only makes this work easier and faster, it also helps to ensure consistency because users can apply policies to multi-cloud workloads. Suppose you have a corporate security policy that requires change control for all customer data and it is on physical servers, AWS, and a VMware private cloud. Without centralized management, you’d have to create and apply the policy in three different consoles and you’d increase the likelihood that the standard policy is not applied to certain workloads. This complexity may help explain why 72% of organizations point to cloud compliance as their greatest concern. 2
Consistent Threat Intelligence – Connectors give security solutions access to clouds, but they don’t integrate security. One form of security integration is the ability to share consistent local threat intelligence among security tools. This enables automation with faster and more accurate detection, faster remediation and closed loop protection.
Consistent Protection – Public cloud workloads require protection that auto-scales as they are spun up or down. Similarly, private clouds need scanning that scales elastically with demand. Without auto-scaling, public clouds can go unprotected and private cloud protection can result in poor resource utilization. Connectors give you access to clouds, but can leave you unprotected or make inefficient use of your private cloud resources.
Blog originally published on Mcafee.com.