Simplify security in the cloud

As cloud adoption grows, security continues to be a leading concern for organizations of all sizes. In fact, 85% of organizations cite security as a top cloud challenge.¹ This concern is with good reason — 45% of breaches in 2022 occurred in the cloud.² 

Consistency is at the core of security and compliance best practices in any environment. To protect your business, you need the same level of security policy and access controls in the cloud that you have on-site in your datacenter. Standardizing on an operating system that provides consistent security controls across all infrastructure footprints can help you improve security and compliance across your organization. Using Red Hat® Enterprise Linux® as your operating foundation across environments helps you create the consistency needed to maintain security and compliance in the cloud. 

Red Hat Enterprise Linux makes it simpler to maintain security and compliance across on-site and cloud environments. Security is a key part of the Red Hat Enterprise Linux architecture and life cycle. Built-in security features and compliance with industry and government regulations protect your systems in the cloud. Best practice-based default settings configure your systems for increased security from the start. Minimized package sets for prebuilt cloud images reduce your cybersecurity threat attack surface. Security upgrades and live patches are also provided as part of your Red Hat Enterprise Linux subscription.

With Red Hat Enterprise Linux, you can mitigate security risks, implement and maintain layered security, and streamline compliance across hybrid and multicloud environments. This overview describes key features and capabilities for adopting a consistent security approach across hybrid and multicloud environments.

The average time to identify and contain a data breach in 2022 was 277 days.² Finding and stopping a breach in 200 days or less can reduce its resulting cost by an average of 24%.² Consistent, daily monitoring can help you identify vulnerability and compliance risks before they interrupt business operations or result in a breach.

Included with Red Hat Enterprise Linux, Red Hat Insights is a suite of hosted services on the Hybrid Cloud Console that continuously analyze platforms and applications to help you better manage and optimize your hybrid cloud environments. Red Hat Insights uses predictive analytics and deep domain expertise to identify, assess, and recommend remediation for security and compliance risks, as well as other operational risks. It also helps you prioritize remediation actions based on the severity, type of risk, and impact of the change. Red Hat Insights works across on-site and cloud environments, allowing you to manage all of your Red Hat Enterprise Linux systems from a single interface. You can even link your Red Hat account to your cloud provider account to automatically connect your cloud-based systems and workloads to Red Hat Insights and other Red Hat services when you provision them.

Red Hat Insights includes services that help you protect hybrid and multicloud environments.

1. Vulnerability service: Scan your systems for Common Vulnerabilities and Exposures (CVEs), collect scan information, and access remediation guidance using a single interface.
2. Malware service: Identify systems that contain active malware signatures quickly to prevent long-term exposure.

Noncompliance can result in fines, damage to your business, and loss of certification, in addition to security breaches. The average cost of a data breach for organizations with high levels of compliance failures was US$5.57 million in 2022.² High levels of compliance failures increased the cost of a data breach by US$258,293 on average in 2022.² 

Red Hat Enterprise Linux is certified to key government and industry standards, allowing you to use it confidently in highly regulated environments. Red Hat Insights includes services that help you more easily maintain compliance in hybrid and multicloud environments.

• Compliance service: Audit compliance with OpenSCAP policies, remediate systems that are out of compliance, and generate reports for regulatory compliance and security audits. You can also tailor the default policies to your environment and operations to generate more accurate results. Key built-in baselines include:
  • Payment Card Industry Data Security Standard (PCI-DSS).
  • Enhanced Operating System Protection Profile (Common Criteria).
  • Australian Cyber Security Centre (ACSC) Essential Eight.
  • Center for Internet Security (CIS) Benchmark.
  • Health Insurance Portability and Accountability Act (HIPAA).
  • Defense Information Systems Agency Secure Technical Implementation Guidelines (DISA STIG).
• Policies service: Define custom security policies, monitor systems for compliance, and alert teams when a system is out of compliance. 

89% of organizations have a multicloud strategy in place today.1 While a multicloud approach lets you choose the right cloud for each workload, it also creates complexity and increases your risk of inconsistencies that can lead to security and compliance issues.

The Red Hat Insights image builder service helps you create, manage, and deploy Red Hat Enterprise Linux operating system images across hybrid cloud environments more quickly and easily. You can build customized, security-hardened images, save them as templates, and push them to multiple cloud provider inventories to simplify provisioning. As a result, you can be sure that your systems are configured consistently across multiple clouds.

Ensuring system integrity is essential in large-scale, highly distributed environments. Untrusted and compromised systems can leave your organization vulnerable to attack by malicious actors.

Red Hat Enterprise Linux includes remote attestation capabilities for verifying the state of systems at boot and continuously monitoring the integrity of remote systems. Based on the Keylime open source project, remote attestation uses embedded Trusted Platform Module (TPM) hardware and the Linux kernel Integrity Measurement Architecture (IMA) to monitor systems at scale. You can also send encrypted files to the monitored systems, and specify automated actions that are performed whenever a monitored system fails the integrity test.

Your data is a key asset for your business, and protecting it in the cloud is critical.

Red Hat Enterprise Linux includes support for network-bound disk encryption (NBDE) to simplify the protection of data at rest. NBDE automatically unlocks storage volumes via connections to one or more network servers. This allows you to decrypt volumes without manually managing encryption keys and ensures that volumes are only available when they are secured. Red Hat Enterprise Linux also supports NBDE via TPMs to ensure system integrity before unlocking encrypted volumes.

Traditional perimeter-based security approaches cannot effectively protect new, widely distributed, cloud-based environments. Zero trust architectures can help by applying security to each asset, rather than exclusively at a network perimeter. In fact, implementing zero trust reduces the cost of data breaches by 20.5% on average.² Identity and access management is at the core of zero trust architectures.

Included with Red Hat Enterprise Linux, Red Hat Identity Management can help you centralize identity management, enforce security controls, and comply with security standards across your entire environment. It delivers the capabilities needed to implement zero trust best practices while simplifying your identity management infrastructure. Authenticate users and implement policy-based or role-based access controls (RBAC) via a single, scalable interface that spans your entire datacenter. Red Hat Identity Management integrates with Microsoft Active Directory, lightweight directory access protocol (LDAP), and other third-party solutions through standard interfaces. Red Hat Identity Management also supports certificate-based authentication and authorization techniques.

As the size and complexity of your infrastructure grows, it becomes harder to manage manually. Cloud misconfigurations were the initial attack vector for 15% of data breaches, resulting in an average cost per breach of US$4.14 million in 2022.² Automation can help you configure and manage your systems faster, more consistently, and with less effort.

Red Hat Enterprise Linux system roles — powered by Red Hat Ansible® Automation Platform — use automation to help you install and manage security settings at scale in less time. System roles work with multiple Red Hat Enterprise Linux releases across infrastructure footprints, so you can configure new security settings and maintain them on all your systems with a single command or workflow.

A consistent approach to security and compliance across hybrid and multicloud environments can help you better protect your organization. Red Hat Enterprise Linux gives you a security-focused foundation for running applications on any infrastructure footprint, in your datacenter, in the cloud, or at the edge.