Minimum Viable Security
Risk Management
Your Cloud ?
Integrated Tools
• Correlation
• Situational context
• Common management
Layered Tools
• Help people react faster
Proactive
• Threat and business risk context
• Help identify & remediate risks
• Automated responses
Predictive
• Advanced analytics to identify potential attacks via patterns and external data
Basics
• Reactive
• Point products
Agility
Figure 3 : Security Program Maturity
Vendor Management
Multi-cloud strategies introduce a new dynamic for vendor management . Many cloud providers will offer credits tied to the level of spend on their specific platform . By choosing a multi-cloud strategy , you risk splitting the credits or losing them entirely . Multi-cloud strategies must constantly be evaluated against the potential spend of all IT capacity needs , to ensure that if additional spend comes from using multiple vendors , it will be offset by additional capabilities valuable to the business .
In addition to vendor management for platforms , many cloud implementations require using new third-party tools and services . These third party tools provide organizations with the ability to manage capabilities across vendors , as well as add additional governance and management features not natively available on providers ’ platforms .
Third-party tools should be carefully assessed to ensure they have a pricing model that fits with organizational usage patterns . This pricing model should complement a strong set of capabilities and a long-term roadmap to continue to add value to the product , post initial investment . The most common thirdparty tools are used to support financial management and visibility to individual business units , and governance and enforcement of security policies .
Adopting a multi-cloud strategy should be a methodical process for an organization . A careful assessment of the added cost and complexity should be weighed against the added benefits a new or specialized provider will bring to the organization through greater agility and added capabilities . Prior to deploying a second cloud platform , you should architect an MVC to ensure parity for functional capability and the strong enforcement of security policies . Multi-cloud adoption can enable an organization to leverage best of breed technologies from a variety of highly capable and innovative vendors , while ensuring stability , scalability and data protection .
FALL 2016 | THE DOPPLER | 81