One of the most common best practices for managing security in the cloud is policy-based management. Policy-based management optimally prevents security breaches or at least alerts you to their presence. Additionally, it alieviates the need for as many manual reviews and approvals, which slow down development of new business capabilities. That said, policy-based management presents many challenges. This post details common challenges and tactics to overcome them.
Challenge #1: Introducing New or Changed Policies
Challenge #2: Policies with Automatic Remediation
Challenge #3: Adapting Policies to Advances in Technology
- Assuming that cloud vendor capabilities for securing network access remains the same. Often, these capabilities advance.
- Assuming VM IP addresses are static can safely be used in firewall rules. In the cloud, IP addresses can change quite frequently.
- Assuming that VM images are changeable (vended provided images might not be)
- Assuming that there will be no needed exceptions to security policies