Extending Security to the Public Cloud is the Easy Part

By on

“The biggest challenge of securing the public cloud isn’t technical.”

That’s the opinion of an IT security analyst at a large U.S. government contractor. He should know. In the last year, his company rolled out a multi-tiered cloud environment, with instances in Amazon Web Services (AWS) as well as on premises.

For this company, which administers federal and state programs that directly assist a broad sector of the American population, leveraging the public cloud made sense. Using the cloud would reduce total cost of ownership (TCO), provide clients and end users with easier access to their information via web-based portals, and enable quickly ramping up or scaling down bandwidth requirements to support the widely fluctuating number of users across projects. However, cybersecurity was a critical concern.

Fast, easy deployment of cloud protection and highly granular policies

Before launching its first contracted project using a public cloud, the company thoroughly researched its cloud security options. Based on its research, the company decided to implement McAfee Cloud Workload Security to bolster the security of data within AWS. “With McAfee Cloud Workload Security, we can get very granular with our policies,” the systems analyst said. “It is a very powerful tool in [the cloud] environment. We are able to be very proactive in pushing out to endpoints [in the cloud] what they need.”

By bridging native AWS API driven data sources such as GuardDuty with a cloud workload protection platform like McAfee Cloud Workload Security (CWS), tenants of AWS can use the data-rich sources of AWS within CWS manage and secure mission critical workloads with advanced security from a single console.

Since the company’s security team already relied on the McAfee integrated security platform and McAfee ePolicy Orchestrator (McAfee ePO) management console, deploying McAfee Cloud Workload Security was simple and took less than a week. Once the solution and its components were implemented, the company had end-to-end visibility into all cloud workloads and their underlying platforms plus insights into weak security controls, unsafe firewall and encryption settings, and indicators of compromise (IoCs).

Small IS team easily adds management of cloud protection

The company supports its 15,000 professionals and 35,000 endpoints with an information security team of only five people spread across three locations. Such a lean staff is possible primarily thanks to McAfee ePO. Adding cloud protection to the company’s security arsenal required no additional staff. The team simply extended its ability to easily set policies and monitor and manage endpoint protection from on premises into the cloud.

“Whether on premises or in the cloud, we can easily add or customize policies to meet the security needs of each specific contract and project,” the systems analyst said. “McAfee has made it very easy to bring in new workloads.” For example, one of the company’s projects involves multiple federal agencies and multiple types of workloads. These workloads include SQL and Oracle databases, imaging software (since volumes of documents must be stored digitally for years), and agency-specific and contract-specific applications.

The real challenge of securing the cloud

So, what is the difficult part of securing the public cloud?

According to the systems analyst, “The biggest challenge is overcoming the perception that the cloud can’t be secured. We have had to educate both internally and externally that we can extend our existing threat defenses beyond our physical infrastructure to the public cloud. Education is ongoing, but our success thus far at securely leveraging the public cloud is converting the naysayers.”

To read a case study and learn about how the company relies on McAfee to secure the cloud, click here. To watch a video of the systems analyst talking about his experience with McAfee, please view below.

Leave a Comment

Similar articles

Crozer-Keystone Health System in Pennsylvania comprises five hospitals and operates several outpatient centers, a sports club, and a comprehensive physician network of primary-care and specialty practices. Systems Engineer Michael Mize works daily to protect the sensitive data of thousands of patients served by more than 1,000 physicians and 6,000 total employees. Mize has seen first-hand how the threat ...
Read Blog
MGM Resorts International operates 27 resort properties worldwide, including more than 420 bars and restaurants and 282 retail establishments. SVP, Chief Information Security Officer Scott Howitt oversees security for the entire global enterprise, which encompasses 20,000 endpoints, various operating systems, and applications that span the gaming, hospitality, entertainment, food and beverage, retail and hotel industries. ...
Read Blog
Pharmacy benefits management company Prime Therapeutics is responsible for the safety of personal health information for more than 27 million Blue Cross Blue Shield members nationwide. As employees and systems handle this sensitive data in daily interactions with Blue Cross Blue Shield, pharmacists, Medicare and Medicaid and employees, a reliable defense system is critical. With ...
Read Blog