How To Secure IaaS/PaaS Environments Effectively With Cloud Workload Protection

January 8th, 2019

Securing Infrastructure-as-as-Service (IaaS) and Platform-as-a-Service (PaaS) offerings are about having the right tools and the right managed security provider. Cloud computing offers significant advantages to IT who must continuously meet changing business demands and opportunities. IT can recognize economies of scale, save on overhead and staff resources, and scale up or down near-instantly with as-a-service offerings. Moving to the cloud gives IT/Security the opportunity to refocus limited time and resources on strategic business opportunities instead of managing infrastructure and technology. For most mid-sized organizations and smaller enterprises, freeing-up IT time means faster time-to-market and increased revenue from products and services.

What changes from a security perspective when migrating to IaaS/PaaS?

Fundamentally, none of the security essentials change when migrating to cloud computing. Rather, what changes is the security focus of the IaaS tenant — in other words the enterprise. In the IaaS shared security model, the IaaS provider assures security of the virtual machines, disks & storage and networking, while the IaaS tenant is responsible for security of the operating system, software stack, and data. The IaaS tenant must now focus on what he or she can control, but must also trust (and verify) that the IaaS is doing its job correctly. This bifurcation of responsibilities is good because the IaaS tenant’s limited security resources will now go a lot further in reducing overall risk.

Is IaaS/PaaS more or less secure than on-prem environments?

A few years ago, the enterprise perception was that cloud computing environments were less secure than on-premise environments. The reality is that for all organizations (except perhaps the most well resourced large ones) IaaS has the ready-potential to be substantially more secure than on-premise environments. Security is an overhead cost, and big organizations with big budgets can spend much more money and time than mid-sized organizations to do security correctly. This trend extends to IaaS/PaaS providers who have the most extensive security budgets and world-class security teams with state-of-the-art security tools and processes. As long as the tenant picks a reputable IaaS/PaaS provider and focuses on what they should be controlling, they will improve their security. This last point is critical because if the IaaS tenant does not do their part, the whole security model will fail.

What should IaaS/PaaS customers be doing to secure their part of the shared security model?

There are a number of controls and best practices you should put in place. Here are some key ones (in no particular order):

How should IaaS customers do this?

It starts with a mature, well-defined process for dev-sec-ops: make sure code is architected and developed securely, well tested along the way, and configured correctly. But it also needs real-time security monitoring, which can’t be accomplished with traditional security tools such as software appliances. They don’t have enough visibility into workloads and containers, are prone to misconfigurations which cause security issues, and simply do not scale in dynamic cloud environments.

What do you recommend for securing cloud workloads?

Cloud Workload Protection is a new agent-based technology that is specifically designed for cloud computing environments. It deploys quickly, scales immediately, and is automated to remove human errors. Cloud Workload Protection also offers rigorous security and workload integrity controls and monitoring capabilities to address any and all security risk cases.

What are the drawbacks to Cloud Workload Protection?

None, except that, like with any detection and response tool, it requires continuous monitoring to catch security incidents before they become major issues or breaches. And that’s why Masergy has launched Cloud Workload Protection as a managed service. We’ve extended our Managed Detection and Response ecosystem to cover the best available Cloud Workload Protection technology from our partner CloudPassage. We have integrated it with Masergy’s patented security analytics for rigorous coverage. As a managed service, our certified and tenured security analysts monitor cloud workloads in our 24/7 global Security Operations Centers (SOC). Masergy SOC analysts immediately triage alerts and execute responses in a highly competent manner. Masergy Cloud Workload Protection is a turnkey IaaS/PaaS security managed service.

Why should organizations be interested in Managed Cloud Workload Protection?

Leveraging a managed security service for tenant-side security gives IT/Security teams the opportunity to refocus limited time and resources on strategic business opportunities instead of managing infrastructure and technology. For most mid-sized organizations and smaller enterprises, freeing up the time spent managing IaaS/PaaS alerts and risk means faster time-to-market and increased revenue from products and services. Managed Cloud Workload Protection cost-effectively solves IaaS/PaaS security challenges with automated visibility, control, and 24/7 monitoring from our global team of certified security experts for real-time alerting and incident response. Like with IaaS/PaaS vendors, Masergy customers benefit from our economies of scale and scope for security operations and monitoring without ever losing our industry-leading customer focus. Furthermore, Managed Cloud Workload Protection is a turnkey service, which means that our teams are available to help with security policy configurations, ensuring that each workload type is rigorously protected. Don’t miss out on the opportunity to enhance your cloud security capabilities. Register for the Managed Cloud Workload Protection webinar to learn more about how Masergy is enabling the detection and response mission with this turnkey service.

Additional Resources

Blog: How to Embrace SaaS while Managing Risks with a CASB Solution
White Paper: There’s Help for CISOs Overwhelmed By Security Threats
White Paper: The Managed Security Services Provider Survival Guide

Like this article? Download the eGuide here.

Jay Barbour

Jay brings more than 17 years of security experience to Masergy as Director of Security Product Management. He is responsible for the product vision of Masergy’s managed security services and leads the product team on execution. Previously, Jay was Director of Security Advisory Services for BlackBerry where he advised large enterprises and government agencies on mobile security. Other positions he has held include Vice President of Marketing at Intrusion, and Vice President of Product Management at Scansafe (now Cisco). Jay holds a degree in Engineering Physics from Queen’s University, Canada, an MBA from INSEAD, France, and is a Certified Information Systems Security Professional (CISSP).

Related Content

Transform with Certainty: Masergy’s New Branding Spotlights Confidence in Service Experience

As the pioneer in software-defined networking, Masergy’s new brand crystallizes the value we deliver--helping enterprises transform with certainty.

Read more

How to Invest Wisely in Digital Transformation with Technology Chains

In focusing too narrowly on single technologies, IT leaders miss out on the aggregate benefit of technology chains. The key is to ensure tight integration across all layers of the IT ecosystem with a technology value chain.

Read more

Masergy Announces 2020 STEM Scholarship Opportunities–Students Apply Now!

Masergy supports students with inventions making an impact on society. A new STEM scholarship will award $10,000 in total prizes to innovative college students. Get the application details.

Read more