This post was originally published here by casey pechan.
The Enterprise Strategy Group consistently produces some of the most thorough research the security industry. Their latest solution showcase, Automating server workload security with CloudPassage Halo, is an excellent sample of their in-depth work. The report begins by delving into the the various infrastructure, platform, and software models, (including containers), which have sprung up in order to provide organizations with improved agility and speed as they continue to adopt DevOps processes.
But with this explosive growth of infrastructure comes a price. Security continues to be a challenge as businesses expand their container and cloud footprint, all while employing DevOps processes. As ESG calls out, these modern environments require a “hybrid approach to security, one that centralizes policy and monitoring across disparate infrastructures to enable the agility provided by adding elastic, on-demand cloud services into the IT mix.”
The key concerns for this new security landscape include:
- Vulnerabilities: Out those surveyed by ESG, top two concerns reported we’re discovering vulnerabilities: both software-related and workload-configured, at 30% respectively.
- Auditing: Most organizations cited auditing as an important way to gain greater visibility, with 27% of organizations citing an audit trail of all system level activity, 26% citing an audit trail of user account activity, and 24% citing the use of IaaS APIs as being most important to improve visibility.
- Anomaly detection: There’s also a consistent need for auditing. 26% of respondents indicated a need for detecting anomalous system-level workload activity in order to improve visibility.
- Network traffic flow discovery: Given the best practice of funneling external traffic via a host, identifying workloads that are externally facing will uncover a configuration issue that could allow for malicious traffic and/or outbound communication with a remote control server. Gaining visibility into inter-workload traffic can also reveal unintended and potentially problematic network traffic flows such as a workload that should not have had access to a database server. Views into inter-workload east-west traffic also help provide the basis for microsegmentation policies to control which workloads can communicate with one another.
Photo:Security Magazine