How cloud security scaffolding protects your multi-cloud environment-Nextgov

2021-12-13 14:00:39 By : Ms. Vancey Geng

Local data center, public cloud area, edge: The institutional cloud environment has become very complex. This is of great significance to network security.

Each cloud provider defines its security model differently, and your organization needs to understand these differences. Although the cloud provider is responsible for protecting the infrastructure elements it abstracts from you, all other aspects of the cloud are your responsibility. If there is a configuration knob to be adjusted, it needs to be adjusted. For services such as identity management and access management, each cloud provider has completely different security measures. 

The result is frequent security configuration errors. It is worth noting that according to the 2021 Verizon data breach investigation report, 85% of data breaches involve human factors. Moreover, many vulnerabilities are caused by human error caused by cloud configuration errors.

For many organizations, the adoption of the cloud coincides with the adoption of containers and other open source cloud technologies such as Kubernetes. These technologies not only provide a powerful framework for application and deployment consistency, but also provide a powerful framework for building a universal safety scaffold that can be carried anywhere, and all safety knobs are in the way you want Make adjustments.

Start with good safety and hygiene

Cloud security starts with good safety and hygiene. First record and maintain a strong security strategy. Cloud vendors provide an adoption framework that provides guidance. For example, the AWS Landing Zone contains guidance on issues such as account sharing and incident response.

You should also automate as much security and cloud management as possible to reduce human error and costs. This requires starting with a consistent API to make future automation simple and straightforward.

Other important details to pay attention to include protecting the root account, using least-privileged policies to control operations, data encryption and backup, network policies, and implementing monitoring operations that will not turn into noise. Finally, implementing cost management policies can enable the accounting team to establish a feedback loop with developers to help understand cost peaks, which may be the main indicator of account abuse.

Let the open source platform be your secure scaffolding

Of course, every public cloud deployment, whether on IBM or Google, AWS or Microsoft Azure, has some security settings turned on by default. But these settings are unique for each environment. They do not reflect the specific needs of each of your workloads and user groups. And they do not address the unique compliance requirements of government agencies.

Therefore, your organization needs to configure security based on compliance and risk acceptance for each workload. However, most infrastructure teams lack the resources and expertise to provide the correct settings for each cloud provider. The larger margin of error is the security incident waiting to happen. You need a better way. A common method is to build secure scaffolding on top of the container platform.

The idea behind containers-and one of the key reasons they became popular-is that you can package software code and all its dependencies and run it in the same way in any environment. The container orchestrator goes a step further, enabling multiple containers to run across environments in the same way. Kubernetes is an attractive coordinator because it is not only open source, but also the center of the cloud-native ecosystem.

Cloud providers provide managed Kubernetes solutions. But each provider's Kubernetes platform involves custom hooks and integration with services, and these services cannot be ported to their own services. So when it comes to security, you still have to configure each environment separately.

A better way is to use the open source, cloud-agnostic Kubernetes platform so that your security settings can be ported across clouds. This enables you to build secure scaffolding on top of containers and Kubernetes to set up account management, monitoring, logging, and incident response configurations all at once. Whether your workload is running in multiple public clouds, private clouds, or local virtual machines, you can adjust the security knob once for all environments.

In the end, you will get a true turnkey method to configure cloud security. The result is more consistent and automated cloud security, fewer security misconfigurations, and less time and cost spent on manual security management. You can also reduce the risk of data leakage and better protect the data that your organization relies on to accomplish its mission.

John Osborne is the chief architect of Red Hat's North American public sector and the former director of infrastructure for the Space and Naval Warfare Systems Center.

Next story: Why do government suppliers work hard to meet CMMC requirements 

Do not sell my personal information

When you visit our website, we will store a cookie on your browser to collect information. The collected information may be related to you, your preferences or your equipment, and is mainly used to make the website operate as you expect and provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may affect your experience on the website and the services we can provide. Click on the different category headings to learn more and change our default settings according to your preferences. You cannot opt ​​out of our first-party absolutely necessary cookies, because they are deployed to ensure the normal operation of our website (such as prompting cookie banners and remembering your settings, logging in to your account, redirecting you when you log in) Wait). For more information about the first-party and third-party cookies used, please click this link.

Strictly necessary cookies-always active

We do not allow you to opt-out of some of our cookies, as they are necessary to ensure the normal operation of our website (such as a cookie banner that reminds us and remember your privacy choices) and/or to monitor website performance. According to the CCPA, the way these cookies are used does not constitute a "sale" of your data. You can set your browser to block or remind you about these cookies, but if you do, certain parts of the website will not function as expected. You can usually find these settings in the "Options" or "Preferences" menu of your browser. Visit www.allaboutcookies.org for more information.

Sales of personal data, positioning and social media cookies

According to the California Consumer Privacy Act, you have the right to choose not to sell your personal information to third parties. The information collected by these cookies is used to analyze and personalize your targeted advertising experience. You can use this toggle switch to exercise the right to choose not to sell personal information. If you choose to opt out, we will not be able to provide you with personalized advertisements, nor will we pass your personal information to any third party. In addition, you can use this "Exercise My Rights" link to contact our legal department to learn more about your rights as a California consumer

If you have enabled privacy controls (such as plug-ins) on your browser, we must treat it as a valid request to opt-out. Therefore, we will not be able to track your activities through the Internet. This may affect our ability to personalize advertising based on your preferences.

Our advertising partners may set targeted cookies through our website. These companies may use them to build a profile of your interests and show you relevant ads on other websites. They do not store personal information directly, but are based on uniquely identifying your browser and Internet device. If you do not allow these cookies, you will experience poorly targeted advertisements.

Social media cookies are set by a series of social media services that we add to the website, enabling you to share our content with your friends and the Internet. They can track your browser across other sites and create profiles of your interests. This may affect the content and messages you see on other websites you visit. If you do not allow these cookies, you may not be able to use or view these sharing tools.

If you want to opt-out of all our main reports and lists, please submit a privacy request on our "Do Not Sell" page. Save Settings

A cookie is a small piece of data (text file) that a website requires your browser to store on your device when a user visits it in order to remember information about you, such as your language preference or login information. These cookies are set by us and are called first-party cookies. We also use third-party cookies-these cookies come from a domain different from the domain of the website you are visiting-for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

We do not allow you to opt-out of some of our cookies, as they are necessary to ensure the normal operation of our website (such as a cookie banner that reminds us and remember your privacy choices) and/or to monitor website performance. According to the CCPA, the way these cookies are used does not constitute a "sale" of your data. You can set your browser to block or remind you about these cookies, but if you do, certain parts of the website will not function as expected. You can usually find these settings in the "Options" or "Preferences" menu of your browser. Visit www.allaboutcookies.org for more information.

We do not allow you to opt-out of some of our cookies, as they are necessary to ensure the normal operation of our website (such as a cookie banner that reminds us and remember your privacy choices) and/or to monitor website performance. According to the CCPA, the way these cookies are used does not constitute a "sale" of your data. You can set your browser to block or remind you about these cookies, but if you do, certain parts of the website will not function as expected. You can usually find these settings in the "Options" or "Preferences" menu of your browser. Visit www.allaboutcookies.org for more information.

We do not allow you to opt-out of some of our cookies, as they are necessary to ensure the normal operation of our website (such as a cookie banner that reminds us and remember your privacy choices) and/or to monitor website performance. According to the CCPA, the way these cookies are used does not constitute a "sale" of your data. You can set your browser to block or remind you about these cookies, but if you do, certain parts of the website will not function as expected. You can usually find these settings in the "Options" or "Preferences" menu of your browser. Visit www.allaboutcookies.org for more information.

We also use cookies to personalize your experience on our website, including determining to show you the most relevant content and advertisements, and monitoring website traffic and performance so that we can improve our website and your experience. You can use this toggle switch to choose not to use such cookies (and related "selling" of your personal information). No matter what you choose, you will still see some ads. Since we will not track you across different devices, browsers, and GEMG assets, your choice will only take effect on this browser, this device, and this website.

We also use cookies to personalize your experience on our website, including determining to show you the most relevant content and advertisements, and monitoring website traffic and performance so that we can improve our website and your experience. You can use this toggle switch to choose not to use such cookies (and related "selling" of your personal information). No matter what you choose, you will still see some ads. Since we will not track you across different devices, browsers and GEMG assets, your choice will only take effect on this browser, this device, and this website.

We also use cookies to personalize your experience on our website, including determining to show you the most relevant content and advertisements, and monitoring website traffic and performance so that we can improve our website and your experience. You can use this toggle switch to choose not to use such cookies (and related "selling" of your personal information). No matter what you choose, you will still see some ads. Since we will not track you across different devices, browsers and GEMG assets, your choice will only take effect on this browser, this device, and this website.

Help us tailor content specifically for you: