nobeastsofierce - Fotolia

Are enterprise cloud management tools a security risk?

A tool that manages hybrid cloud environments can benefit enterprises, but there are also security risks to consider. Expert Dan Sullivan explains what those risks are.

Hotlink's recently released Cloud Management Express tool allows enterprises to manage workloads across multiple clouds, including Amazon EC2 and Microsoft Azure, via a single VMware vCenter access point. It sounds promising, but are there any security drawbacks to using a hybrid cloud management tool and accessing disparate cloud environments?

Hotlink Cloud Management Express will appeal to cloud administrators who need to manage resources and workloads on premises in a VMware environment, as well as in a public cloud, like Amazon Web Services or Microsoft Azure. The ability to unify administration and deployment functions, convert workloads to alternate platforms, and automate jobs and workflows are all benefits of streamlining hybrid enterprise cloud management. Centralized management across cloud tools, however, raises a number of security issues, regardless of the tool used because it increases the attack surface. If an attacker gained access to a centralized management tool, then she could abuse administration functions, workflows and security controls of not just one cloud, but of multiple cloud environments.

A centralized enterprise cloud manager will have access to on-premises resources, as well as accounts in one or more clouds. How will the centralized tool manage authentication with each of the cloud platforms? Consider if it will work with an on-premises key management application if you have one. Also review any requirements with regards to compliance issues, such as HIPAA Business Associate Agreements (BAA). It's best to know early on if there is anything in a BAA that is relevant to using a centralized management tool.

Also consider the authorizations required by the centralized enterprise cloud management tool. Will it require full administration privileges in all of your cloud accounts? This may sound out of the question at first pass, but if the same people with full privileges to on-premises resources also have privileges to existing cloud accounts, there may not be additional risks from a separation-of-duty perspective. Consider the time and resources needed to manage roles and privileges for the centralized tool and each of the cloud platforms it integrates with

Understand how you will log and monitor actions taken by the centralized tool. Does the tool offer a sufficient level of logging of the events that are most important to you? If you are working in an enterprise environment, there is a good chance you have a security event and incident management (SEIM) application in place. Does the SEIM natively support the logs generated by the centralized management tool, or will you need a custom solution?

A centralized enterprise cloud manager is becoming increasingly necessary, but this new requirement brings with it an array of security issues that will have to be addressed to avoid introducing vulnerabilities into your on-premises or cloud infrastructures.

Next Steps

Find out more about challenges and myths of hybrid enterprise cloud management

Read about how some cloud migration tools can fall short of expectations

Learn more about hybrid enterprise cloud management of AWS/VMware clouds

Dig Deeper on Hybrid and Private Cloud Computing Security