Did you lock the door? Did you shut the blinds? What about the lights in the bathroom, do you think they’re still on? In my household, we end up asking these questions all too often sitting in the car before heading off. In most cases, we remember, but if someone forgets to do their part there may be consequences. Each scenario has different risks and consequences. If you live in the city, locking the door can be crucial. Leaving the blinds up allows the outsiders to know what's in the house. Keeping the lights on… well that's fairly minor, but still something that would be good to know. Depending on the risk you may decide to take action. Also, the bigger the house, the greater the risk as you have more things to check and you rely on more people to do their part.
In the cloud, the house is big and with many individuals trusted with the keys. The ramifications can be financially significant as recent breaches have shown. So how does a household, keep the house safe and secure?
As more companies rely on the cloud to deliver their revenue-critical digital assets and applications, security continues to be a paramount priority. In a recent Gartner article, Gartner sited emerging cloud security posture management (CSPM) and cloud workload protection (CWPP) account for key security needs.
VMware Secure State performs both common and more advanced security posture checks to ensure your cloud environment is secure. We do so in near real time, to limit exposure and allow you to integrate the detection into your existing development and operational processes and tools. We also allow you to create custom security checks and automate remediation. After all, no house is exactly the same.
Taking the home analogy one step further, you often need to trust various individuals in your family to be mindful of protecting the home. In a recent road trip, a couple hours after leaving our home, my wife and I had a hunch that we might have left the door unlocked. We called a trusted friend to go check. Sure enough, it was unlocked. They were able to secure the house. When these circumstances happen, you can't always be the one that detect and fix them. You need a team.
Building a durable and effective security program requires a strong sense of security culture and engagement throughout the organization. The central information security (InfoSec) team needs to educate and bring awareness to the issues, while the service teams need to be empowered with the information so they can take action. This isn't new, of course. I’ve heard this story play out in numerous companies—it’s probably not the first time you have heard this narrative written in a blog. At the core of Secure State, we have been working towards this vision of an engaged and empowered security organization. Recently, we took another step forward towards helping our customers meet this goal.
We've been working with both service teams and central security teams to surface configuration vulnerabilities in their cloud environments. They’ve been able to take advantage of the insightful findings that VMware Secure State has been able to surface. If the user is the service team, they're embedded with engineering and are able to directly take action. However, when it comes to central security, there are additional steps in the workflow to share information including educating users on security issues and the additional steps they need to take to resolve the findings. Central security is outnumbered in just about every organization and need the Service teams to contribute for success. How can Infosec provide the visibility and education and ensure service teams see and fix the findings?
VMware Secure State developed Projects to help enable organizations and remove friction. It's a foundational capability in the platform that allows owners to define groupings of cloud accounts and provide RBAC to account owners. There are three core principles we've built into Projects:
- Ensure central security definition and governance
- Foster collaboration and reduce Mean Time to Resolution (MTTR)
- Enable InfoSec and Service teams to use their tools of choice
Ensure central security definition and governance
Infosec owns the security charter and is responsible for ensuring that security policies are identified, communicated, and that findings are ultimately resolved. In this model, Infosec must be—or become—the subject matter expert. They must provide the education for why a policy is important, be alerted to when it’s violated, and work to have the alert resolved. In this case, rules are owned by InfoSec who work with service owners to resolve findings. While InfoSec maintains the centralized control of the security posture, individual service teams have ownership of the findings for their cloud accounts.
Foster collaboration and reduce MTTR
InfoSec and Service Teams alike must be aware of violations and have a common way of investigating them. Granting the Service team rights to VMware Secure State allows them to see their assets and findings for their accounts. This is critical. This enables the Service team to self-service and participate in the resolution of findings. They can use Explore to understand their environment and how resources are interconnected. They can request suppressions of a finding or a rule for their specific accounts. The InfoSec team can review and makes decision on the validity of the suppression request. Service teams will also be able to define remediations in the future. This will then allow InfoSec to either auto remediate findings or allow Services Teams to address remediations on demand.
Enable InfoSec and Service teams to use their tools of choice
In most organizations, teams often have different tooling and processes already in place. Whether it's a communication tool, CI/CD, or even policies about who's notified in different circumstances, we want to allow each team to be able to create alerts, integrations, and reports based on their existing tools and processes. Furthermore, VMware Secure State's powerful Findings and EDS APIs allow you to extend this data sharing further.
This blog is just scratching the surface. To be successful in using the cloud, you must have a robust security program. VMware Secure State, with the introduction of Projects, will help you build that collaborative and scalable security program to protect your cloud environment. If you’re an existing platform user, get started with Projects now! If you’re new and looking to learn more about VMware Secure State, request a trial now.