Each infrastructure service has its own security and best practices. These should continue to be followed when migrating to VMware Cloud, but also in evaluating any update and new security capabilities.
When operating in a hybrid cloud model, it is important to assess existing firewall rules and access control lists to determine if additional or new configurations are required for connectivity to and/from an on-premises environment.
Cloud-native services also have their own security and best practices. Infrastructure service providers also offer network-based access-control lists (ACLs) and granular role-based access control (RBAC) for their services and in some cases, the ability to control access down to an individual API call. Most infrastructure services will have predefined roles, which typically map to different personas within an organization. Organizations should also assess the different personas that will be managing the infrastructure services as well as the workloads that will be consuming these services. Using this information, fine grain access control and least privilege accounts should be implemented. Audit logs can be configured to track all changes and access to infrastructure services for both compliance and troubleshooting purposes.