by: VMware Head of Security Engineering and Architecture Brad Doctor; VMware Staff II Engineer – Cloud Security Casey Lems; and VMware Senior Security Architect Craig Savage
In part one of our blog series about how to maintain security across a multi-cloud environment, we discussed the need to identify the assets that need protection. In this blog, we share more details about asset visibility.
Here are four questions to consider when you start planning your asset collection:
- What assets should we track?
- How often do we need to update the inventory?
- How will the asset inventory be collected?
- Where and in what system(s) will we store and maintain this information?
There is a wide range of asset types to consider when deciding what assets to collect. Some examples include: What servers are instances of virtual machines? What endpoints are public? What load balancers or databases exist? What cloud data lake buckets do we have? How do we inventory configuration parameters?
Further complicating these decisions is the fact that the cloud accounts themselves are new assets that don’t fit the mold of a traditional resource. Ultimately all resources within that account are owned by the cloud account owner. It is important to determine who to contact when an issue arises.
Once you decide on what needs to be collected, the next step is to determine the frequency of the collection. Given the speed of deployment capabilities available in the cloud, real-time tracking and visibility are critical. If someone can hijack a cloud account and spend hundreds of thousands of dollars in a short time, ensuring real-time visibility to stop the intrusion as quickly as possible is critical.
With the multitude of tools available to help manage asset-visibility problems, one area to address is how to collaborate across teams. Collecting the same information multiple times using multiple tools can result in paying for the same cloud APIs to access the same data. It can even potentially disrupt operations and deployments by triggering throttling limits enforced by the cloud provider. Decide if you need to collect the data. Perhaps just knowing where it is automatically maintained is sufficient, and you can overlay enhanced metadata.
VMware IT uses VMware Secure State™, a security and compliance platform, for real-time visibility into our cloud inventory. It leverages cloud APIs, change events, and native threat feeds to build an intermediate cloud data layer that provides relationship-based context into inventory and associated security risks. We utilize the service APIs to query insights as needed. Its event-based monitoring approach helps us automatically monitor rate-limiting and scale efficiently across our massive cloud deployments. This data is updated in real-time and provides a relationship-based context with related assets.
Stay tuned for the last blog in this series, where we will discuss the importance of detecting vulnerabilities quickly, implementing automated issue remediation, and being proactive in detection.
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. Contact your sales rep or email@example.com to schedule a briefing on this topic. Visit the VMware on VMware microsite and follow us on Twitter.