The same research shows that 89% of IT decision makers also “believe a hybrid cloud environment can both easily and securely store and move data and workloads, providing a secure and flexible strategy for today and tomorrow.”
They recommend adopting a hybrid cloud infrastructure strategy, while maintaining on premises as part of a hybrid strategy for the foreseeable future. The key to success is managing a mix of public cloud, private cloud and on premises as a holistic whole and maintaining on-premises viability through regular infrastructure refreshes.
Having backed the right horse in hybrid cloud, with typical examples mixing OpenStack and Amazon AWS, there are issues around hybrid clouds that must be managed as the provided services and data collide with reality. Hectic workplaces, hypergrowth of data among teams, the human factor and the risk of failing to understand who’s responsible for what across increasingly complex cloud footprints all create risk.
Hybrid cloud security challenges to overcome
To fully secure your data, apps and infrastructure, there are a few hybrid cloud security challenges you need to address.
1. Maintaining visibility and control
Adoption of cloud services across the hybrid cloud creates complexity fast. The business needs to know what data is where, who has ownership of it and which services access it. Applying security and compliance rules across a hybrid cloud creates a challenge for CISOs, while CIOs need to paint a realistic picture to leaders who view the cloud as a digital panacea.
Ensuring visibility creates the ability to control the hybrid cloud and plan for future expansion. Creating a hybrid cloud based on a well-designed strategy will limit the chaos, but many companies find their cloud footprint growing in an ad hoc fashion, creating risks.
If it’s too late into the cloud adoption process, then an urgent cloud audit is essential to establish which services the business uses, how they’re managed and updated and who’s responsible for configuration, security and updates.
Most cloud services come with automation tools to simplify many of these tasks, and dashboards to highlight key metrics and issues, but verification of security aspects and compliance issues must be done manually to ensure the business is in control of its services and data from an audit perspective.
2. Ensuring compliance and governance
Once the audit is done, compliance and governance procedures can be assigned across the business to protect it from breaches and ensure all applicable laws and industry regulations are being followed.
When it comes to data sovereignty, the business must ensure that data doesn’t end up on foreign-based cloud servers unless they take appropriate safeguards. Where data is at risk or data standards are insufficient compared to the home country, severe penalties under GDPR rules or other schemes could be enforced.
Done manually, the combined compliance and governance effort is a major one, but hybrid cloud management tools are available to deliver largely automated governance, visibility and compliance and help support optimization across multiple clouds that can stretch over public and private environments.
3. Delivering data security
With the business aspects of hybrid and multi-cloud assured and under constant monitoring, the CISO and IT leaders can turn to data security. Check every cloud provider service level agreement (SLA) to see where responsibility lies and what your obligations are.
Some cloud providers provide a range of security tools to protect data, access and applications, but it’s up to the business to ensure data in transit across clouds or networks is secure. Some providers expect their clients to use their own choice of security tools that integrate with services, and these need to be kept up to date.
Encryption across services and networks is essential with trusted platform modules or other methods and on-device encryption to ensure that data can’t be accessed even if it’s intercepted in some way.
4. Mitigating human error
With the best hybrid cloud infrastructure and strongest security, there’s still the human element to be considered. People can make mistakes, internal actors could have malicious intent or users can perform actions they think help the business without authorization to do so.
Among the most challenging of these is shadow IT, where users start using cloud services on their own initiative which can create compliance risks, duplication of data and unmanaged use of services.
Training from on-boarding through to regular refreshers is essential to remind all workers of the risks of the actions, teaching them how to spot hybrid cloud security risks and ensuring colleagues are performing their work safely can all be imparted to build knowledge and reduce the risk of individual errors threatening the business.
As cloud adoption expands, and businesses integrate their data with a wider number of providers, the cloud environment will only get more complex. The earlier a business takes full control of the current systems and plans for expansion, the less risk there is of breaches and problems across the environment.
- A CISO's Guide to Hybrid Cloud Security
- How to Manage Multiple Cloud Providers
- How the Hybrid Cloud is a Game Changer for Security
- 4 Common Multi-Cloud Security Challenges (and How to Solve Them)
Join the conversation...