Hybrid Cloud Headaches: Securing a Complex Environment

{authorName}

Tech Insights for ProfessionalsThe latest thought leadership for IT pros

Wednesday, June 23, 2021

The longer businesses leave it to take ownership of their current cloud environment and expansion plans, the more complex and dangerous it becomes. Here are a few hybrid cloud security challenges you need to tackle.

Article 5 Minutes
Hybrid Cloud Headaches: Securing a Complex Environment
  • Home
  • IT
  • Cloud
  • Hybrid Cloud Headaches: Securing a Complex Environment

As growing numbers of enterprises adopt public or private cloud models, some IT leaders are already combining these solutions. Our cloud security survey shows that 64% of organizations currently operate a hybrid cloud model.

A hybrid model provides the benefits of choice and flexibility, allowing decision makers to keep data in the most suitable environment for that data, be it from a compute or security perspective. However, concerns remain about data protection, security and compliance. How can IT leaders secure their hybrid cloud environments?

After the rush to cloud, most businesses view the hybrid route as the most pragmatic solution to meeting their business needs and securing valuable corporate data in the face of growing cloud breach risks.

However, this approach adds some complexity while delivering those benefits across supply chain, marketing, operations and other business areas. Recent IBM/Forrester research highlights that “One of the key findings is the continued importance of on-premises infrastructure, with 85% of IT decision-makers agreeing it is a critical part of their hybrid cloud strategy.”

Strong cloud security requires strong leadership

Equip your team with the right tools to improve visibility, reduce risk & respond to threats faster.

VISIT THE HUB

The same research shows that 89% of IT decision makers also “believe a hybrid cloud environment can both easily and securely store and move data and workloads, providing a secure and flexible strategy for today and tomorrow.”

They recommend adopting a hybrid cloud infrastructure strategy, while maintaining on premises as part of a hybrid strategy for the foreseeable future. The key to success is managing a mix of public cloud, private cloud and on premises as a holistic whole and maintaining on-premises viability through regular infrastructure refreshes.

Having backed the right horse in hybrid cloud, with typical examples mixing OpenStack and Amazon AWS, there are issues around hybrid clouds that must be managed as the provided services and data collide with reality. Hectic workplaces, hypergrowth of data among teams, the human factor and the risk of failing to understand who’s responsible for what across increasingly complex cloud footprints all create risk.

Hybrid cloud security challenges to overcome

To fully secure your data, apps and infrastructure, there are a few hybrid cloud security challenges you need to address.

1. Maintaining visibility and control

Adoption of cloud services across the hybrid cloud creates complexity fast. The business needs to know what data is where, who has ownership of it and which services access it. Applying security and compliance rules across a hybrid cloud creates a challenge for CISOs, while CIOs need to paint a realistic picture to leaders who view the cloud as a digital panacea.

Ensuring visibility creates the ability to control the hybrid cloud and plan for future expansion. Creating a hybrid cloud based on a well-designed strategy will limit the chaos, but many companies find their cloud footprint growing in an ad hoc fashion, creating risks.

If it’s too late into the cloud adoption process, then an urgent cloud audit is essential to establish which services the business uses, how they’re managed and updated and who’s responsible for configuration, security and updates.

Most cloud services come with automation tools to simplify many of these tasks, and dashboards to highlight key metrics and issues, but verification of security aspects and compliance issues must be done manually to ensure the business is in control of its services and data from an audit perspective.

2. Ensuring compliance and governance

Once the audit is done, compliance and governance procedures can be assigned across the business to protect it from breaches and ensure all applicable laws and industry regulations are being followed.

When it comes to data sovereignty, the business must ensure that data doesn’t end up on foreign-based cloud servers unless they take appropriate safeguards. Where data is at risk or data standards are insufficient compared to the home country, severe penalties under GDPR rules or other schemes could be enforced.

Done manually, the combined compliance and governance effort is a major one, but hybrid cloud management tools are available to deliver largely automated governance, visibility and compliance and help support optimization across multiple clouds that can stretch over public and private environments.

Request your copy

3. Delivering data security

With the business aspects of hybrid and multi-cloud assured and under constant monitoring, the CISO and IT leaders can turn to data security. Check every cloud provider service level agreement (SLA) to see where responsibility lies and what your obligations are.

Some cloud providers provide a range of security tools to protect data, access and applications, but it’s up to the business to ensure data in transit across clouds or networks is secure. Some providers expect their clients to use their own choice of security tools that integrate with services, and these need to be kept up to date.

Encryption across services and networks is essential with trusted platform modules or other methods and on-device encryption to ensure that data can’t be accessed even if it’s intercepted in some way.

4. Mitigating human error

With the best hybrid cloud infrastructure and strongest security, there’s still the human element to be considered. People can make mistakes, internal actors could have malicious intent or users can perform actions they think help the business without authorization to do so.

Among the most challenging of these is shadow IT, where users start using cloud services on their own initiative which can create compliance risks, duplication of data and unmanaged use of services.

Training from on-boarding through to regular refreshers is essential to remind all workers of the risks of the actions, teaching them how to spot hybrid cloud security risks and ensuring colleagues are performing their work safely can all be imparted to build knowledge and reduce the risk of individual errors threatening the business.

As cloud adoption expands, and businesses integrate their data with a wider number of providers, the cloud environment will only get more complex. The earlier a business takes full control of the current systems and plans for expansion, the less risk there is of breaches and problems across the environment.

Further reading:

 

Access the latest business knowledge in IT

Get Access

Tech Insights for Professionals

The latest thought leadership for IT pros

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.

Comments

Join the conversation...