Secure hybrid cloud: What to do and why

public://pictures/mukul.jpeg
Mukul Kumar, CISO, Cavirin Systems

[ Webinar: What’s New in Network Operations Management (Dec. 11) ]

A major challenge for companies transitioning to the cloud has been maintaining multiple management and security platforms for on-premises, public cloud, and private cloud components. Where the IT team has full access to on-premises infrastructure, the cloud is managed by cloud providers—limiting the control a company's own IT department may have.

Some of the difficulty in unifying multi-platform security derives from the very simplicity of cloud. Where an IT department in the past would have to install, connect, provision, configure, and integrate new storage hardware to expand capacity, staffers now simply request more storage, for instance, from a simple self-service console.

It would be understandable to anticipate that the newly requested storage would be secured by the cloud provider, but this alone would not be sufficient. No matter which cloud provider is involved, the client still owns responsibility for the security and privacy of its own data. It must have visibility into how the data is backed up, encrypted, and protected.

IT managers using a cloud service are compelled to ask themselves who would lose their job in the event of data loss. The answer to that question clearly drives the need for visibility at all times. This also increases the concern about having to consult multiple consoles and create multiple reports to maintain the required visibility. 

Here's why you need to give this problem your attention, and what you can do.

Multicloud Monitoring: How to Ensure Success the First Time

An alternative approach

Hybrid clouds redefine the core and edge of your network. The existence of servers and storage on premises as well as in public and private clouds creates multiple cores instead of one. Leveraging the Internet extends the edge globally. 

The one thing that remains consistent is the concept of the workload. The shift to public clouds creates a new server-workload perimeter that, in turn, requires a workload-centric approach. Such an approach must include gaining visibility via the following best practices:

  • Continuously updating an inventory of all types of both on-premises and cloud-resident workloads
  • Assessing the risk profile of all server workloads to enable security and compliance use cases
  • Reducing the attack surface area by identifying and remediating software and configuration vulnerabilities
  • Auditing and alerting on anomalous system activity and inter-workload east-west data communications

This "workload-centric" approach to securing your hybrid environment provides a unified approach to workload security, independent of server type and location. It also assures policy consistency, improving an organization's cybersecurity posture across its hybrid cloud.

How to securely transition to a hybrid cloud

Develop a plan detailing how you will transition to the cloud securely while maintaining full regulatory compliance. The inability to assure parity in on-premises and cloud has caused several companies to migrate back to on-premises resources until sufficient security solutions could be determined.

As you assess your applications, you will need to determine which can be transitioned directly to cloud-based servers, which apps will require modification or customization prior to migrating, and which will need to be rewritten or ported to another platform that is cloud-compatible.

Similarly, you must determine a new destination for each data asset. Some may be assigned to a near-line archive, with others going to storage on slower, less expensive commodity storage devices. The rest will be transitioned to live, full-speed, full-access storage on the cloud storage facility of your choice.

That's my suggestion. Share your team's best practices for securing your hybrid cloud systems in the comments below.