One Pane (of Glass) Makes Many Clouds Work

Originally published by Entrust here.

Written by Tushar Tambay of Entrust and Mark LaRoche of VMware.

Cloud computing is a well established part of almost every organization’s IT infrastructure, but the proliferation of these cloud platforms, as well as increased focus on cloud platforms by hackers, the ongoing cybersecurity skills shortage and teams spinning up cloud applications without involving the IT department (so called ‘shadow IT’) has led to an unwieldy, de facto multi-cloud environment that is increasingly difficult to manage and secure consistently.

In fact, recent figures show that organizations leverage almost five different cloud platforms on average, making it clear that simplifying authorization and authentication in a hybrid multi-cloud is critical for success.

Usually spanning public and private deployments, multi-cloud environments are essential for developing enhanced products and services and staying competitive in today’s digital era. Add in the increasing scale and speed of application deployment led by the growing adoption of containerized applications and DevOps methodologies, and it becomes clear that securing access and data is a rapidly evolving challenge. This is further complicated by the general lack of specific mandates driving multi-cloud security.

Addressing this requires a unified framework for security and compliance including centralized authentication, authorization, and audit control to reduce both risk and operational overhead. The solution should ideally enable users to add and view their inventory of microservices, containers, and Kubernetes for greater control and enhanced security.

It should also add control over what applications are allowed to be deployed, based on characteristics, enforce access rules across the organisation, centralising access policies and logs, in a consistent way to deliver:

• Protection for the full technology stack from the underlying cloud infrastructure (AWS or vSphere) to the Kubernetes cluster
• Unified management dashboards which allow administrators to see an all-in-one view of the organization’s security posture across the full stack and management systems
• Improved understanding of where workloads are located with a centralized view of workload inventory across private clouds (VMware Cloud Foundation, vCenter, ESXi, VMs, and datastores) and public clouds (EC2 and S3)
• A cohesive solution that is seamless to users, in which customers authenticate via their preferred Identity Provider (e.g. Azure AD) through Single Sign-On and all the work happens in the background

Additionally, the solution would help solve security and compliance requirements by monitoring applications regardless of where they run, providing management log monitoring. This unified policy should provide:

• Consistently enforced security controls in AWS, vSphere and Kubernetes environments
• The ability to segment workloads into different security and compliance zones with a patented tagging mechanism
• Detection of security vulnerabilities and configuration issues to prevent cyber attacks
• Continuous compliance

The end goal is to enable users to manage workload encryption across multi-cloud infrastructures, allowing administrators to apply consistent security practices to prevent misconfiguration of VMs and container ecosystems while managing encryption keys and container secrets throughout their lifecycle.

Many offerings are focused on either key management and encryption or cloud security posture management and cannot enable the wide security coverage that is needed to properly address this emerging . By combining data protection and encryption, certificate solutions, and identity, it becomes possible to build an enterprise grade platform that combines cryptographic key management of VMs and containers with robust compliance management to prevent inadvertent misconfigurations that can lead to malicious attacks and ensure that a robust cloud security posture can be established and maintained.