“Every single system deployed in IT is exactly the same – built for the same purpose, with the same utilization and location in the network. Additionally, these systems have the same risk profile and will get deployed, used and retired with the same lifespan.”
– No One Ever
If this were the case, then one size would actually fit all. IT and the associated security that went along with these systems would also be simple. Now we all know that the real-world is very different. Business’ desire to deliver products and services faster to market coupled with the reality of a global marketplace places a premium on IT’s speed and agility. Security is often viewed as an impediment to progress. Some organizations acknowledge that security is necessary and build it into their development processes, while others view it as an afterthought and bolt it on when systems go live.
Consider the reality of bringing a product or service to market. There are three primary phases in its lifecycle to consider: Development, Testing and Production. Each of these phases pose a different level of security risk to the organization and in turn, necessitate different security controls.
In development, the protection of source code may be a driving factor for the inclusion of security. Production environments are replicated with the goal of providing a sandbox or testbed for creation of new services. Depending on the risk of the intellectual property present in this environment, you may need to dial up the security posture. Some projects pose more risk than others.
When moving on to test, production environments are usually simulated. Here, user access to the environment grows, and in many cases, snapshots of older production data are used as part of the test-harness. In cases like these, while the data isn’t live, it is still governed by compliance mandates. Depending on the industry or region, these could include GDPR, HIPAA, or PCI. In these environments, it would be worthwhile to understand the vulnerabilities before those systems go live. If operating in a public cloud environment, the ability to run CIS benchmarks would provide an added level of assurance. These capabilities are included as part of Alert Logic Essentials.
Finally, we reach production, where the service will finally get exposed to the outside world. Here, the impacts of a breach or attack can be massive, causing both financial and reputational harm to the organization. When a service reaches production, the highest level of security needs to be considered for the asset to not only protect against threats, but to detect and respond to them in the event that protection isn’t enough. Alert Logic Professional delivers all of this, complete with expert log reviews and threat management.
The infrastructure used for each of these could change as the project progresses or could stay the same. Can your organization quickly and easily increase the level of protection for your assets? Do they have a way to visually show your entitlements, giving you the ability to instantly apply more or less protection depending on changing risk profiles?
Within a single organization, some projects can be deployed mostly on-premises, while others are cloud first or cloud-only. To achieve greater speed and agility, more and more organizations are moving to serverless workloads, leveraging container technologies like Kubernetes, Docker or ECS/EKS. When security is built-in, an organization gains the ability to discover and service new assets as they are spun up, ensures the highest levels of protection.
Can your security partner apply the appropriate protection where needed in a complex environment, or are they offering a “one size fits all” approach? Alert Logic gives you the ability to have different levels of protection—the right protection at the right cost—via our Essentials, Professional and Enterprise level offerings. With a single user interface and sharing a common set of benefits like 24/7 support and full hybrid coverage, Alert Logic’s MDR platform can adjust to meet your needs.