Key Security Focus Areas for Managing
Hybrid IT Security
Access Control
Who has access to what in your IT environment? And how
do you control it? Knowing these answers about your cloud
environment is essential to scaling and managing across
multiple cloud environments. Unfortunately, most enter-
prises have multiple sources of identity and access control.
Minimizing the sources of identity and streamlining role-
based access control (RBAC) models are key. You will want
to centralize and standardize these as much as possible
across environments. Having separate identity and access
models in different environments adds unnecessary com-
plexity, and can result in mistakes made in managing access.
Keep in mind that while adopting infrastructure as code
(IaC) practices and incorporating them into your RBAC
strategy support effective scaling, these also add complex-
ity. However, this is necessary complexity, and well worth
the effort. Both adopting IaC and minimizing the sources of
identity are essential to managing across multiple cloud
estates, but you will still need to solve for places where
functionality differs between environments. For example,
you may want to adopt a cloud agnostic orchestration tool
like Terraform, on top of CSP tools such as CloudFormation
and ARM Templates.
You must also understand that once you start packaging
identity and RBAC models alongside application code, you
are changing how security and operational teams need to
monitor and manage the environment. With privileged
access effectively being managed through code, it is critical
that teams are aware of the process for handling this, and
remain vigilant in monitoring repositories where this code is
stored for any unauthorized changes.
This approach represents a totally different vector that may
not have been considered by identity and security manage-
ment professionals new to public cloud or IaC, so they will
need to update their monitoring and management
concepts.
Logging and Monitoring
Effective logging and monitoring are essential for visibility
into any environment. CSPs such as AWS, Azure and GCP,
offer robust logging and monitoring capabilities with each
of their platforms, but you will need to centrally aggregate
these pools of activities. In any Hybrid IT model, visibility
across all environments is critical for securely managing the
estate. Most companies already have a security information
and event management (SIEM ) system in place to monitor
their data center based environments. When they move to
the cloud, they need to centralize and aggregate all their
monitoring activities, understand the difference between
valuable signals and noise and pull these elements into a
unified SIEM platform. While cloud providers all offer tools
FALL 2019 | THE DOPPLER | 15