Summary of Risk-Based Hierarchy of Workload Protection Controls by Gartner

Summary of Risk-Based Hierarchy of Workload Protection Controls by Gartner

Here’s an expanded explanation of the points in the graphic above, to help you figure out how best to incorporate these strategies into your hybrid cloud or multi-cloud data center protection program. 

Hardening, Configuration, and Vulnerability Management: Properly configure systems to reduce risks. Use automated vulnerability management tools to identify and fix software issues that could be exploited.

Identity-based Segmentation and Network Visibility: Implement network segmentation and ensure comprehensive visibility in cloud environments. Use advanced micro-segmentation technology to automatically discover applications, traffic, and dependencies, and create context-driven segmentation rules to enhance security and compliance.

System Integrity Assurance: Utilize File Integrity Monitoring to detect unauthorized file changes. Maintain an inventory of systems, software, and configurations to establish relevant alert procedures.

Application Control/Whitelisting: Enforce policies to control traffic between application components, ensuring security throughout the cloud transition. Employ granular control features, such as micro-segmentation, to limit lateral movement and use whitelist/blacklist models to manage application traffic effectively.

Exploit Prevention/Memory Protection: Focus on exploit prevention through breach detection and response tools. Maintain visibility and mapping of the network to identify unpatched vulnerabilities and abnormal communications, establishing a baseline for legitimate traffic to highlight suspicious activities.

Reference