For decades Red Hat has helped bring the power of open source to companies around the world. Partnering with Thales, Red Hat takes the latest in open source innovation and crafts that into secure, enterprise-ready solutions.
I was invited to the 2021 Thales Cloud Security Summit to discuss modern cloud security architecture with Alex Hanway. Our discussion covered the shift from data centers to a hybrid cloud environment, security threats and risks, the DevSecOps framework, Zero Trust and solutions for enabling modern cloud security.
The Enterprise Journey to a Hybrid Cloud Model
Enterprises are on a migration journey to a hybrid cloud model and are concerned about the impact this journey has on their security. The underpinning challenge is how to have a hybrid cloud posture that will work both in data centers that organizations have already significantly invested in, and with hyper scalers like Microsoft Azure, Amazon Web Services (AWS) and Google Cloud.
Organizations are always seeking to get the maximum value out of the investments they’ve already made. While they see the benefit of performing workloads in the cloud, businesses are concerned that they may not receive a return from their on-premises investment.
The journey to the hybrid cloud model should include a unified approach to security so that both on-premises and cloud environments are afforded the same security posture. For example, Red Hat OpenShift allows users to create a unified Kubernetes solution that runs seamlessly in a hybrid environment to leverage the investments on-premise while planning a smooth transition to the cloud.
On the one hand, moving to a containerized environment involves more individual moving components, which creates a challenge. The benefit of having an enterprise ready container orchestration platform is that it makes this orchestration easy and scalable for strategic initiatives like adopting a Zero Trust approach by helping to create policies that restrict access to other containers by default.
Security Threats, Zero Trust, and Compliance
Organizations will encounter various risks migrating to a hybrid cloud environment. The threat surface is only expanding and businesses will face greater risks if they fail to secure their software supply chain against advanced attacks.
Adopting Zero Trust helps organizations manage security threats and mitigate risks. The adoption of a Zero Trust approach, however, is not easy and requires additional resources – time, effort, skills. To this end, automating processes and controls with an enterprise automation platform will certainly enable a successful implementation of Zero Trust.
Another example of adopting a Zero Trust posture is mitigating risks associated with moving data to the production environment by implementing data tokenization. Tokenization is an easy win for lowering the overall risk to your data by maintaining compliance to Zero Trust and demonstrates how the zero trust approach should be applied to all aspects of the infrastructure.
Compliance is an important step to reducing overall business risks in the cloud. When planning for meeting specific security and privacy requirements, it is useful to consider that implementing such controls for data security may be more cost effective in a hybrid cloud environment that on-premises.
The Benefits of Adopting DevSecOps
Adopting a DevSecOps framework can help organizations tackle some of the risks in software development. Integrating security into the DevOps agile processes comes with many benefits as it allows organizations to:
- Iterate and identify security issues earlier in the process making them easier to remediate.
- Create more secure code earlier in the process by shifting the security posture left.
- Accelerate software development cycles increasing the ROI of development work.
For teams to appropriately collaborate and support the DevSecOps process they need to make sure that developers are aware of all the tools available at their disposal. This will lessen the burden of security for developers which is increasing by the day and allow them to focus on developing applications that create value for the organization.