There’s no one-size-fits-all cloud. This reality has caused many organizations to move to a hybrid model, with different applications and workloads running across on-premise servers, private cloud, and multiple public cloud environments. A 2017 survey by RightScale found that 85% of enterprises have a multi-cloud strategy. IDC predicts that worldwide revenues for hybrid cloud data services will grow 20% annually over the next few years, reaching nearly $69 billion by 2021.
These increasingly complex environments put an additional strain on security strategies. Managing security policies, compliance requirements, and service-level agreements across all of these environments becomes an almost impossible task, particularly if security teams are not involved up front as IT and business users spin up new cloud environments.
Workloads are far more fragmented, decentralized, and elastic than ever before. The distributed nature of modern datacenter and cloud workloads also increases the challenge of defining the network perimeter, with workload instances constantly starting, stopping, and inheriting new IPs across multi-cloud environments.
Rather than managing a single consistent set of security policies, most organizations are resigned to working with a combination of cloud-native and commercial tools to apply and manage different policies based on the underlying workload architecture. But managing security controls for each environment is time consuming and prone to mistakes that increase vulnerabilities across the business. From a security perspective, organizations need a centralized view of all workloads, regardless of where they are running.
Security and risk professionals “must find centralized, automated, and auditable ways to monitor and secure cloud workloads reliably,” Forrester analyst Andras Cser says in a recent Forrester report, Vendor Landscape: Cloud Workload Security Solutions, Q3 2017.
Centralized security management across multiple cloud environments, whether AWS, Azure, or VMware in a private cloud, is a critical part of a holistic security strategy. Security teams need to improve visibility into cloud operations and workloads in order to apply and manage a single, consistent set of policies regardless of where or how a workload manifests itself.
Consider these features when evaluating multi-cloud security tools:
Continuous workload discovery to provide a centralized perspective of all instances across public and private cloud deployments, supported by automation templates ensure workloads are protected from the start.
A single-pane console that consolidates security policy management across physical endpoints, servers, virtual servers and desktops, and public multi-cloud environments.
Cloud-native network visualization, prioritized risk alerting, and micro-segmentation, which enhance awareness and control to prevent lateral attacks in the data center as well as external threats.
Integrated countermeasures – spanning machine learning, application containment, virtual machine-optimized anti-malware, whitelisting, file integrity monitoring, and micro-segmentation – to protect workloads from threats like ransomware and targeted attacks.
While the operational and business benefits of the cloud are undeniable, the growing complexity of distributed environments has introduced new security challenges. Gaining better visibility into and control over multi-cloud environments is an important step toward reducing risk as organizations continual their digital transformation journey.
To learn more about improving security in ever-expanding cloud environments, visit https://www.mcafee.com/us/solutions/data-center-cloud-defense.aspx.