By Josh WIlliams, Senior Sales Engineer, Cloud and Automation Solutions at FireMon
Anyone who works in enterprise technology has heard the joke that the cloud is just someone else’s computer. But if we’re being serious, there’s some logic to letting security professionals see cloud instances as just another computer to be viewed as part of their growing network infrastructure.
We also know the public cloud is different when it comes to security. A key theme from our annual State of Hybrid Cloud Security survey two years running is there’s a lack of clarity around shared security responsibility for public cloud platforms that are being rapidly adopted at the pace of business. Every platform, including Amazon Web Services (AWS), Microsoft Azure or Google Cloud, does security configuration differently, and every FireMon customer is unique when it comes to what they opt to put in the cloud — computing, storage and networking — and what they keep on-premise.
For the foreseeable future, most enterprises are going to have a hybrid environment, and security professionals want to see any public cloud instance as a piece of the overall puzzle, not a separate puzzle, or worse yet, several puzzles. They need complete visibility, especially as hybrid clouds continue to scale, so they can keep a handle on complexity.
Public cloud adds security pain points that must be solved
Extending FireMon’s capabilities to the cloud is a necessary and inevitable next step for addressing the pain points security executives must address as organizations embrace cloud-first strategies and their own digital transformation agenda.
Security professionals are tasked with applying controls and enforcing governance in public clouds to meet compliance obligations and mitigate risk just as they do with legacy and on-premise infrastructure. Security teams are also expected to enable access to cloud applications without becoming a barrier to the business while still maintaining network and security hygiene. The frequent and rapid changes that are today’s norm must also be managed and documented within budget and resources constraints, including staff that are often stretched too thin.
These pain points impact several members of the C-suite, including CISOs and CIOs focused on security and compliance in the public cloud, CIOs focused on network infrastructure and operations, and the Chief Digital Officer driving digital transformation efforts. More broadly, the growing complexity and scale of hybrid clouds affect network operations leaders, DevOps, application teams and lines of business, who all face pressure to increase their speed of delivery.
The proliferation of public cloud instances adds even more complexity and diversity to an infrastructure that now encompasses on-premise data centers, virtualized environments, software defined networks and the public cloud. Visibility across this dynamic environment is paramount if security teams are to enforce policy-driven control continuously across the entire hybrid environment as frequent changes are made.
Right now, customers find themselves doing all this with multiple tools with no unified user interface for managing different deployments, and little to no automation. They are constantly having to find the right piece to a puzzle that’s always changing as workloads migrate to the public cloud, often quickly and without the proper guardrails in place because it’s so easy for business users to spin up a new application. Even with automation, checks and balances must be put in place to make sure the organization isn’t exposed to new security risks. Most of all, applying security can’t be an afterthought; customers are looking to automate their entire policy management workflow continuum, not just the last mile policy push.
View public cloud security with context
FireMon’s solution to the pain points amplified by the growing scale and complexity of hybrid cloud doesn’t mean we’re shifting our focus to cloud only, nor is it to introduce products specifically for cloud platforms. Rather, our strategy is to extend visibility to the commonly deployed public cloud platforms our customers need to see and manage. In all seriousness, a public cloud instance must be seen as just someone else’s computer on the network, but with the context security teams need.
FireMon is essentially extending intelligent security automation so customers can see the cloud the way they’ve been able to see their on-premise infrastructure. But because each public cloud is different when it comes to configuring security, we’ve done the necessary remodeling work behind the scenes to give customers the visibility they want with the context they need. We support workload migrations to public cloud platforms such as Azure and AWS by normalizing and unifying security policies, so customers are compliant throughout any change process.
FireMon didn’t need to become a cloud vendor to offer a single, infrastructure-agnostic platform to design, implement, and validate security policies across the environment. Not only does extending our security management platform for on-premises and the data center to public cloud make it unique, it also negates the need for customers to license multiple products for different deployment models.