Cavirin Systems today announced the availability of Cavirin Hybrid Cloud CyberPosture Intelligence. CyberPosture intelligence is the ability to deliver risk, cybersecurity and compliance management by providing visibility and actionable intelligence to the CISO and other stakeholders across hybrid environments. The Cavirin platform delivers this through real-time visibility, predictive analytics, and intelligent remediation through DevSecOps integrations.

In a new study of 250 hybrid cloud security leaders, "Cyber Security Posture: The Challenges and Strategies of Hybrid Cloud," the two top concerns identified were verification that public cloud accounts are secure (69%) and confirmation that workloads in the cloud are secure as well (69%). This lends credence to the reality that both account and workload security are critical.

However, security is still a key issue and barrier to adopting a hybrid cloud architecture, with specific concerns including increased complexity (55%), a lack of visibility into cloud endpoints (32%), difficulty instituting security controls (37%), and a clear need for more assessment tools (29%). Additional noteworthy findings are listed below.

"Though our research shows that over 81% of enterprises are adopting a hybrid cloud approach, only 30% are using unified security tools that span on-premise and the cloud," stated Doug Cahill, ESG's lead cybersecurity and cloud analyst, quoting related research by ESG on hybrid cloud security. "The fact that this will grow to 70% over the next two years speaks well of Cavirin's hybrid cloud approach, helping address a key barrier to hybrid cloud adoption - security and visibility."

Traditional solutions provide siloed, delayed visibility, and require manual security remediation and testing which is not well suited for the flexibility and velocity that the hybrid cloud model offers. Cavirin's CyberPosture Intelligence for the Hybrid Cloud eliminates these limitations and removes the barrier to the cloud with:

• Continuous Risk & Cybersecurity Posture Management
  A central ‘CISO Dashboard' depicts exactly what organizations have at each moment and where they are located. This includes cloud account security posture, as well as virtual machines and container instances.

• Integrating Security into DevOps
  Bridges the gap between DevOps and SecOps by automatically injecting security into the DevOps cycle - development, staging, and deployment - through CI/CD integration.

• Continuous Compliance Management
  Removes security compliance as a barrier to cloud adoption through automation and customization via the broadest set of customizable frameworks, benchmarks and guidelines.

Supporting Customer Quotes:

"We choose Cavirin because it is the only product in the industry that can effectively inspect and report on non-compliance issues against a wide range of security frameworks and regulatory standards in both cloud workloads and AWS security," said Kin Kwan, Security Officer, Telus Health.

"Our deployments across AWS and GCP are a good match for the hybrid cloud capabilities of the Cavirin platform," said Peter Bierfeldt, Chief Information Security Officer, Reltio. "Their support for frameworks and regulations including ISO and SOC2 will help us maintain continuous compliance across our cloud deployments."

"Cavirin's support for Azure will permit us to address both aspects of cloud security - the security posture of the cloud itself, as well as the individual workloads," said Ray Espinoza, VP and Chief Information Security Officer, Atmosera. "Their vision of a CISO dashboard extending across the hybrid infrastructure is where we see the market going, and will help us deliver a more comprehensive and competitive service."

"Given the sensitive nature of HLI's data, we deploy the Cavirin platform as it helps ensure continuous compliance with government regulations," said Ernesto Ruy Sanchez. DevOps Manager, Human Longevity, Inc.

"Cavirin's ability for real-time visibility across the infrastructure permits organizations to accurately assess risk, security posture, then automatically remediate," said Jack Kudale, COO, Cavirin. "This is the first platform available for organizations to easily migrate and achieve continuous security and compliance of their hybrid cloud deployments, knowing they are safe and secure."

New Technical Capabilities include:

• "Golden Posture" and ‘Top 25' recommendations for guided remediation.
• Container runtime monitoring delivering on Cavirin's ‘full-stack' container security that already includes image scanning, CIS container and Kubernetes hardening, and guest OS hardening.
• Custom policy creation and compensating controls based on a Cavirin Domain Specific Language.
• Availability of the new, Cavirin-authored CIS Azure Foundation Benchmark.

Some additional noteworthy survey findings include:

• 62% use separate tools to secure their on-premise and cloud environments, and less than half of respondents currently use a security solution spanning on-premise and cloud. A concerning finding was that 40% of respondents only use the tools provided by the cloud provider, which are considered by most to be incomplete.
• 50% have deployed on Azure as part of a hybrid cloud strategy, demonstrating the strong momentum it's experiencing as an equal to AWS in services offered, as well as traction within Microsoft's account base.
• When asked about the security technology they currently use, the survey found strong uptake of Cloud Workload Protection Platforms (48%), Cloud Access Security Brokers (37%), and Security Information and Event Management (39%).
• 39% of respondents cited that DevOps and development teams care greatly about their cybersecurity posture, showing that the silo between security/IT and development teams is diminishing.

The full Cavirin survey results along with an infographic summarizing ESG's observations are available here.