What Gartner’s new Cloud Management Wheel means to Security

Once again Gartner has released some interesting documents concerning the management of cloud infrastructures. In their Blog Post “The New Cloud Management Wheel Is Here” they described, that cloud management is made of seven functional areas and five cross-functional attributes.

In fact, Gartner put the Identity, Security and Compliance aspect at the very bottom. It seem to be connected to Monitoring and Observability and to Cloud Migration, Backup and DR, but not directly related to the other areas and attributes.

We strongly believe, this is not the best way to go. Security, for sure, formerly was a separate groundwork, on wich other areas relied on. In our view, in modern and agile operated cloud infrastructures, security should be inherent part of most of the other aspects.

Cloud security, has to follow the #SecurityAsCode paradigm. Therefore it really touches Provision and Orchestration. #ShiftLeft and #ContinousSecurity require to be reflected in CI/CD pipelines and is obviously part of the Life Cycle of cloud infrastructure and applications.

The Gartner cloud management wheel is a somehow unfortunate portrayal of security in cloud infrastructures.

This all is already reflected by all public cloud ecosystems. AWS currently has 199 ready-to-consume services. More the 45 of these services – this means nearly one quarter of all services – are security related. These security related services are tightly integrated into each other. And built-in management tools already reflect this.

And additionally, there is a whole 3rd party ecosystem. This directly integrates with those services, too. Security is already been seen, with a more holistic view.

Our partner Aqua Security, for example offers a cross-platform Cloud Security Posture Management platform, that helps to secure general cloud service, but also Containers (i.e. ECS, EKS, Fargate & plain K8s) and Serverless (i.e. Lamda, Functions).

Areyou interested in learning more about #Shiftleft, #SecurityAsCode, #SecurityAutomation and #CloudSecurity. Do you need some help with #ContainerSecurity?

Get in touch with us!