Though companies can’t affect the security of a container or cloud (i.e., where the data is stored or processed), control over the data in the cloud—how data is accessed—remains in the hands of the data owner (i.e., the cloud/container consumer). Unfortunately, tools built to protect traditional, on-premises data centers don’t scale well in modern environments. They don’t adapt well to change or elasticity, and depending on the environment, each deployment could require different governance. This is time consuming and complex, two things security organizations don’t need more of.
Security that’s independent of the environment
What’s required for today’s hybrid cloud is security that is independent of the environment, that can be centrally applied and managed, and which scales alongside the business. Implementing a centralized solution that offers uniform control and manageability across data center deployment types will remove the complexity and effort that burdens most organizations. As hybrid cloud usage increases further (and computing environments we haven’t dreamed of yet emerge and find their way into corporate environments), keeping difficulty to a minimum will be even more important.
Though it might seem obvious, data centers are rich with data! In the majority of cases, threat actors are after that data: personally identifiable information, intellectual property, trade secrets, and the like. With this in mind, security teams need to hone their focus on protecting the data rather than the environment. Looking at the major data breaches that have been reported over the years, it’s easy to see that security fundamentals, or what some call “basic security hygiene,” have fallen through the cracks. One of the reasons for this is that security tooling generally falls into one category or the other: access controls, data loss prevention, or “gateways” like firewalls or email security. This patchwork of technology doesn’t alleviate operational effort or complexity. Instead, what security and network teams end up with is disparate systems to manage and miles-long logs to triage.
To ease the pain, organizations should look to implement solutions that address the security basics in one centralized management plane. In the second part of this post, we’ll dive into how this can be accomplished.