Eliminate Cloud Chaos Before It Undermines Your Security

A lot of attention has been lavished upon the pay-as-you-go infrastructure model that has helped fuel the enormous growth of public and hybrid cloud platforms. Much less appreciated is how a related model has transformed the effectiveness of cloud security, without which, we’d been in big trouble.

Within Infrastructure as a Service, there’s a “shared responsibility” model, where cloud service providers protect their clouds and customers protect their workloads — counteracting any vulnerabilities, exploits and data breach attempts. The division of labor is logical, in theory, but enterprises looking to fulfill their responsibility find themselves in a sticky situation. There is no simple solution that integrates and fulfills their portion of the responsibility matrix. Piecing together different solutions often results in chaos.

Cloud chaos is what happens when enterprises, who are looking for ‘best of breed’ solutions, mix and match solutions from disparate cloud security vendors. More often than not these services fail to work in harmony to protect your infrastructure. Indeed, if you’ve taken a patchwork approach to establishing a cloud safety net you may already be familiar with these signs of chaos: misconfigured workloads, malware and lack of automation.

This is why I recommend to enterprise customers that they reduce their chances of failure by taking an integrated security approach from a best-of-breed provider. And now, as Symantec rolls out its Cloud Workload Protection Suite (CWPS) for Oracle Cloud Infrastructure (OCI), one of the leading enterprise cloud platforms, customers have access to an industry-leading solution and can prioritize security as workload #1.

The Meaning of Integration

In the 15 minutes you’ll spend establishing complete visibility of workloads across your clouds, Symantec’s cloud workload protection suite automatically discovers and delivers complete visibility into your cloud workloads. Next, it discovers what software is running on those workloads and identifies the workloads’ security posture.

The key to this automation is our Cloud Workload Protection (CWP) agent — a lightweight software component that runs as a service on each instance. The agent collects telemetry data about the state of instances in the cloud, automating the discovery of potential attacks, and providing real-time visibility into infrastructure changes. This comes in handy when someone spins up an unauthorized instance, intending to “exfiltrate” customer data before your cyber security team might otherwise catch it. Symantec CWP, acting on policies you’ve set, can help you quickly shut down this rogue threat.

One of the basic principles of integrated solutions is teamwork. You’re never alone in identifying threats and defense strategies. Access to the Symantec Global Intelligence Network allows you to protect workloads against the latest global attacks and vulnerabilities, giving CISOs and cloud security teams the extra insight and confidence required to achieve their primary objectives.

Coming into View

Of course, cloud visibility is critical to the success of company’s security in the cloud, no matter where your workloads are located, and even better if it is delivered to a single console. Your cloud security team now has an effective way to identify and prevent unauthorized workloads that may include the sharing of intellectual property or customer data.

Obtaining real-time visibility and protection of these workloads remains an operational imperative across all cloud platforms, just as it is essential to mitigate the risk of IaaS adoption by blocking known and unknown vulnerabilities before they can propagate. 

Unfortunately, a lack of cloud workload visibility is a persistent complaint from security teams. Only 37% of security managers say they can adequately analyze threat data, according to an Oracle and KPMG 2018 Cloud Threat Report.

Your cloud security team now has an effective way to identify and prevent unauthorized workloads that may include the sharing of intellectual property or customer data.

To counteract this, Symantec’s single agent, single console solution provides protection for IaaS, hybrid cloud compute, and containers with services such as:

  • Anti-malware for Compute
  • Real-time file integrity monitoring
  • Operating system hardening
  • Application control
  • Application isolation
  • Application level firewall

The Symantec CWP solution makes cloud security much easier for you by providing tags, auto-scaling groups and other intuitive identifiers that adapt to your Oracle Cloud Infrastructure environment. Cloud provider application programming interfaces (APIs) will enable your DevOps or cloud security teams to create templated security controls into continuous integration and delivery (CI/CD) application deployment workflows for automated workload protection.

Next Steps

Automating security for managing public or hybrid cloud workloads is necessary for businesses looking to scale operations, reduce risk and achieve cost savings. Deploying an industry-leading, Integrated Cyber Defense Platform, combining information protection, threat protection, compliance and other advanced services, will spare you the hassle of repairing the damage caused by chaos in the cloud.

Find out more about getting started using Symantec CWP to secure your Oracle Cloud Infrastructure with an 89-day free trial or 20,000 hours, and then pay only for what you use. There are no contracts or long-term commitments and you can cancel anytime.

About the Author

Simon Moran

VP Cloud Security, Symantec

Mr. Moran works at Symantec Corporation focused on enabling next generation security solutions for Cloud Infrastructure deployments. He has over 30 years of software experience working for the largest and most successful software companies in the world.

Leave a Reply

Your email address will not be published. Required fields are marked *