How enterprises approach security in the cloud
depends, in large part, on what kind of deployment
model they choose. Many enterprises start with a
private cloud where the security approach changes
minimally. However, once workloads get moved to a
public cloud provider, the need for automation
demands that security approaches evolve. There are
a number of deployment models from which to
choose: Hybrid IT, where some workloads move
from an on-premises data center to a public cloud
provider; Hybrid Cloud, where workloads are run in
both private and public clouds; and Multicloud,
where the organization adds a second or third public
cloud for running workloads.
Just as each of these environments offers different
business advantages, each also presents different
security challenges. Security strategies should take
into account a variety of factors, starting with the
needs of the organization, and the risk profile of the
industry. Strategies should focus on key issues, such
as access control, encryption, logging and monitor-
ing, threat and vulnerability management, and the
differing approaches each type of cloud environ-
ment requires for deploying these capabilities. Suc-
cess hinges on four disciplines, which are key to
effectively managing security in these environ-
ments: standardization, instrumentation, training
and automation. Addressing these security disci-
plines enables you to develop a control plane that
works across heterogeneous cloud models.
Exploring the Four Key Security
Disciplines
Looking more closely at each security discipline,
standardization is the critical foundation for all cloud
deployment types. Standardizing architectures and
controls across cloud environments is required to
support scale, automation and reuse across deploy-
ment types. Therefore, standardization should occur
not just within a particular cloud environment, but
also across environments as much as possible. If you
FALL 2019 | THE DOPPLER | 13