Q
Manage Learn to apply best practices and optimize your operations.

Are enterprise cloud management tools a security risk?

A tool that manages hybrid cloud environments can benefit enterprises, but there are also security risks to consider. Expert Dan Sullivan explains what those risks are.

Hotlink's recently released Cloud Management Express tool allows enterprises to manage workloads across multiple...

clouds, including Amazon EC2 and Microsoft Azure, via a single VMware vCenter access point. It sounds promising, but are there any security drawbacks to using a hybrid cloud management tool and accessing disparate cloud environments?

Hotlink Cloud Management Express will appeal to cloud administrators who need to manage resources and workloads on premises in a VMware environment, as well as in a public cloud, like Amazon Web Services or Microsoft Azure. The ability to unify administration and deployment functions, convert workloads to alternate platforms, and automate jobs and workflows are all benefits of streamlining hybrid enterprise cloud management. Centralized management across cloud tools, however, raises a number of security issues, regardless of the tool used because it increases the attack surface. If an attacker gained access to a centralized management tool, then she could abuse administration functions, workflows and security controls of not just one cloud, but of multiple cloud environments.

A centralized enterprise cloud manager will have access to on-premises resources, as well as accounts in one or more clouds. How will the centralized tool manage authentication with each of the cloud platforms? Consider if it will work with an on-premises key management application if you have one. Also review any requirements with regards to compliance issues, such as HIPAA Business Associate Agreements (BAA). It's best to know early on if there is anything in a BAA that is relevant to using a centralized management tool.

Also consider the authorizations required by the centralized enterprise cloud management tool. Will it require full administration privileges in all of your cloud accounts? This may sound out of the question at first pass, but if the same people with full privileges to on-premises resources also have privileges to existing cloud accounts, there may not be additional risks from a separation-of-duty perspective. Consider the time and resources needed to manage roles and privileges for the centralized tool and each of the cloud platforms it integrates with

Understand how you will log and monitor actions taken by the centralized tool. Does the tool offer a sufficient level of logging of the events that are most important to you? If you are working in an enterprise environment, there is a good chance you have a security event and incident management (SEIM) application in place. Does the SEIM natively support the logs generated by the centralized management tool, or will you need a custom solution?

A centralized enterprise cloud manager is becoming increasingly necessary, but this new requirement brings with it an array of security issues that will have to be addressed to avoid introducing vulnerabilities into your on-premises or cloud infrastructures.

Next Steps

Find out more about challenges and myths of hybrid enterprise cloud management

Read about how some cloud migration tools can fall short of expectations

Learn more about hybrid enterprise cloud management of AWS/VMware clouds

This was last published in January 2016

Dig Deeper on Hybrid and Private Cloud Computing Security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Can a hybrid enterprise cloud management tool support all the features needed in a hybrid cloud infrastructure?
Cancel

-ADS BY GOOGLE

SearchSecurity

  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close