A Brief History of System Deployment
In technology, systems proliferate. They didn’t always, at least not at today’s pace. Deploying a new system used to be a physical process. It would require approval throughout the organization. You had to consult the data center manager, the network team, finance, and procurement. It required planning and took time which slowed the pace of proliferation – and the pace of business.
Virtualization ended most of that and accelerated the process dramatically. Public cloud providers leveraged virtualization and made it even easier. Now there’s no need to deploy the underlying physical systems that make virtualized systems possible. A VM or container can be deployed in seconds without asking anyone for anything.
Unfortunately, the new system deployment reality is not all upside. With hardly any barriers left (there will always be cost), systems proliferate at a pace that’s nearly impossible to keep up with. Enforcing security standards and controls across all public cloud accounts, environments, and systems becomes a tremendous management challenge leaving IT infrastructure and application security teams in the dark.
We Need Clarity!
Every public cloud account or subscription – and the systems and data in them – are points of exposure. We’ll save the ransomware rant for another post, but put simply, we’re all trying to minimize exposure for obvious reasons.
This starts with awareness. You can’t address exposure if you don’t know it exists. Even if your public cloud footprint is relatively small in scale or has expanded at a manageable pace, it’s not uncommon for a point of exposure to go unnoticed. All it takes is a single admin without MFA, or a single security group with an open database port, and the “keys to the kingdom” can be available for exploitation. It can happen in seconds and go unnoticed for years.
Enter Cloud & Clear
Cloud & Clear is a solution to this challenge offered by p1 Technologies. It doesn’t require a dedicated administrator or a percentage of your cloud spend. It’s a simple, automated service, run and managed by p1. It queries all of your cloud environments and delivers consumable and actionable answers to important questions about your security and compliance posture.
There are dozens of commercial and open source solutions that offer similar promises. We’ve worked with many of them and like many of you reading this, have been frustrated with the results. Their most common short coming is that they generate too much information. They can be powerful, but only if you’re willing to dedicate the time, resources, and money to cut through the noise and uncover what’s important to you. Cloud & Clear does this by coupling these data gathering tools with a service delivered by our cloud engineer experts.
How it Works
The Cloud & Clear engagement delivers a detailed but consumable assessment focused on the four areas that are most important to security executives and admins:
- User access
- Publicly accessible resources
- Network perimeter
- Logging
Once read-only access is granted, p1 employs a variety of systems to scan and collect information across the entirety of your cloud environment. We secure this data, then apply your specific business logic to identify and present only the critical information that matters to you.
The data is presented in both a summary and detailed format and can be presented to a variety of audiences. Reports can be easily customized to incorporate your feedback such as highlighting specific findings or listing more detail on items you want to dig into.
Want to Learn More?
A Cloud & Clear assessment is simple to execute, cost effective, and most importantly, quickly identifies security vulnerabilities in your cloud environments. If you’d like to learn more, please reach out to your p1 account team or contact us directly