![]() ![]() Visibility…or the lack of it…can create many challenges. This makes accurately assessing the compliance and security posture of your workloads, at any given moment, nearly impossible. Cloud environments are constantly expanding, contracting, moving and changing. This feature of the cloud can really play havoc with your compliance aspirations. It’s Ephemeral! (sing to the melody of “It’s Electric” from the Electric-Slide era…) Sure, they keep their side of the bargain the compliance OF the cloud environment they provide…but only OF them…not what’s IN them. This time, in the context of compliance, the cloud providers are not going make sure what is IN their cloud (your stuff!) is compliant. I’ll touch on just a few…Ĭlear Understanding of Shared Responsibility – In and Ofĭespite the fact just about every cloud presentation I see at conferences has a slide highlighting the confusion around the ‘shared responsibility’ model I’m going to bring it up again. There are many issues and concerns you’ll need to address when you move to the public cloud far too many for this blog. When trying to maintain and ensure compliance in the cloud, it can be a challenge. Put another way, the watering hole will always be full…but, always changing…it’s up to you to understand it and know how to securely swim in (use) the environment. You need to focus on what’s IN the public cloud, the cloud provider will take care OF the public cloud. Remember the Shared Responsibility Model? IN and OF. The watering hole is filled for you and is constantly being replenished with new, changing water. Another example is YOU fill the backyard pool and then maintain it. One of the not so subtle being, you likely won’t have to check for things that will eat you, in the backyard pool. But there are many subtle (and some not so subtle) nuances and differences between the two environments. On the right is a photo of a swimming hole at the bottom of a waterfall on a river. On the left is a photograph of a round, backyard, above ground swimming pool. In one of my presentations I use a metaphor to emphasize the subtleties and nuances between the cloud vs on premise. In fact, the top two operational concerns of IT professionals, when moving to the public cloud, are compliance (34%) and visibility (33%) into infrastructure security. If you thought it was difficult to clearly see and know precisely what was happening between to vm’s on a server, just wait. Well, as Yogi Berra famously said, “It’s like déjà vu all over again.” Only now, it’s worse. Remember inter-VM and intra-VM communications or vMotion? These new capabilities threw IT departments’ curve balls and forced the development of new tools to provide visibility and control. When I speak, I’ll often refer to the challenges we all experienced when virtualization initially began being adopted by enterprises. When organizations move their workloads and datacenter functions into the public cloud, not only must they continue to apply and assert all of the same security and operational disciplines employed for their on-premise datacenter there are new challenges introduced and new security concerns requiring new tools and disciplines in order to ensure the cloud is being used securely. Do you know what percentage of enterprises surveyed are either very concerned or extremely concerned about security in the cloud? Considering Gartner is predicting Infrastructure as a Service (IaaS) CAGR will approach 30% through 2022, you would think it’s not too high, right? I’ll share the answer with you a bit later.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |