Wish List: Software-defined Security
Data center and cloud security are technically different. However, security policy is a universal concept.
I’m just as frustrated as you. An AWS VPC looks a lot like a data center network. Also, an Azure VNET seems similar to a VPC which looks similar data center network. Add to these a Google Cloud Platform. In addition, all of the services have different control planes. Add to that, all of the PaaS and SaaS offerings have other constructs. However, data and security policies are the same across all of your data infrastructure.
Wouldn’t it be great to manage all of that via a single tool centrally? A tool that takes your intent and applies it natively to each part of your hybrid infrastructure.
To date, I’ve only seen solutions that ask you to adopt a data center architecture in the public cloud to solve this challenge. So how are you handling applying a consistent security policy across all of your hybrid infrastructures?
Living through managing a large scale cloud team with 1000s of multi-cloud accounts and networks, I would highly encourage looking into CSPM tools to help provide a single pane of glass to manage your networking deployments and controls. We had built our own native tooling which was always tough to keep up with the pace of user requirements and changes with AWS, Azure and GCP.
For CSPM tools I am a bit biased on Turbot as I work for the company, however we have a unique stance on being able to detect and resolve cloud networking configuration issues in seconds plus you can use Turbot to deploy networking stacks across clouds while Turbot ensures there is no configuration drift from the deployment state.
If real-time remediation and deployments are not your requirements, for simple querying and reporting across your cloud services I enjoy our open source project Steampipe (https://steampipe.io). Steampipe works right in your terminal where you can use SQL to explore your cloud resources, build custom security controls and visualize with your favorite SQL client or BI reporting tools.