Cloud computing is a well established part of almost every organization’s IT infrastructure, but the proliferation of these cloud platforms, as well as increased focus on cloud platforms by hackers, the ongoing cybersecurity skills shortage and teams spinning up cloud applications without involving the IT department (so called ‘shadow IT’) has led to an unwieldy, de facto multi-cloud environment that is increasingly difficult to manage and secure consistently.
In fact, recent figures show that organizations leverage almost five different cloud platforms on average, making it clear that simplifying authorization and authentication in a hybrid multi-cloud is critical for success.
Usually spanning public and private deployments, multi-cloud environments are essential for developing enhanced products and services and staying competitive in today’s digital era. Add in the increasing scale and speed of application deployment led by the growing adoption of containerized applications and DevOps methodologies, and it becomes clear that securing access and data is a rapidly evolving challenge. This is further complicated by the general lack of specific mandates driving multi-cloud security.
Addressing this requires a unified framework for security and compliance including centralized authentication, authorization, and audit control to reduce both risk and operational overhead.
Entrust CloudControl 6.5 introduces support for VMware Tanzu container runtime platform, enabling customers to add and view their inventory of microservices, containers, and Kubernetes for greater control and enhanced security. The new functionality enables CloudControl to manage the customer’s container environment, providing in-depth visibility of all objects in the container cluster, as well as related tags and policies to ensure that a robust cloud security posture with governance can be established, managed, and maintained.
Together, Entrust CloudControl and VMware can add control over what applications are allowed to be deployed, based on characteristics, enforce access rules across the organisation, centralising access policies and logs, in a consistent way to deliver:
- Protection for the full technology stack from the underlying cloud infrastructure (AWS or vSphere) to the Kubernetes cluster
- Unified management dashboards which allow administrators to see an all-in-one view of the organization’s security posture across the full stack and management systems
- Improved understanding of where workloads are located with a centralized view of workload inventory across private clouds (VMware Cloud Foundation, vCenter, ESXi, VMs, and datastores) and public clouds (EC2 and S3)
The best part is that this can be delivered as a cohesive solution that is seamless to users. Customers authenticate via their preferred Identity Provider (eg Azure AD) through Single Sign-On and all the work happens in the background. The solution can be deployed and set up in minutes and no new training or processes are required.
The previous iteration of CloudControl added support for VMware Cloud Foundation (VCF), thereby assuring our joint customers that their security needs are fully met. This means that those enterprises using the VCF platform for their Kubernetes development and deployment can integrate Entrust CloudControl to add centralized role-based access control, visibility and compliance.
Additionally, the solution solves security and compliance requirements by monitoring applications regardless of where they run, providing management log monitoring. This unified policy provides:
- Consistently enforced security controls in AWS, vSphere and Kubernetes environments
- The ability to segment workloads into different security and compliance zones with a patented tagging mechanism
- Detection of security vulnerabilities and configuration issues to prevent cyber attacks
- Continuous compliance
This is a big step forward – the first on a journey to address the increasing complexities of managing secure multi-cloud deployments. The goal is to enable customers to manage workload encryption across multi-cloud infrastructures, allowing administrators to apply consistent security practices to prevent misconfiguration of VMs and container ecosystems while managing encryption keys and container secrets throughout their lifecycle.
Competing offerings are focused on either key management and encryption or cloud security posture management and cannot enable the wide security coverage that Entrust can provide through its combination of data protection, certificate, and identity solutions. As a trusted advisor, leveraging expertise in data protection and encryption, certificate solutions, and identity, Entrust is building an enterprise grade platform that combines cryptographic key management of VMs and containers with robust compliance management to prevent inadvertent misconfigurations that can lead to malicious attacks and ensure that a robust cloud security posture can be established and maintained.
Entrust will be at VMware Explore 2022 (booth #1814) in San Francisco from 29 August – September 1, 2022 discussing this and other challenges surrounding multi-cloud, as well as partaking in several breakout sessions and panel discussions at the show.
Find out more about CloudControl and Entrust multi-cloud security here: https://www.entrust.com/digital-security/cloud-security-posture-management