Security Experts:

Does A Hybrid Cloud Require Hybrid Security?

While many organizations today are looking to build private cloud infrastructures in-house, the reality is that the majority will end up with a hybrid cloud environment. A hybrid cloud consists of a mixed IT infrastructure -- an internal private cloud infrastructure and one or multiple public cloud infrastructures. If you’re already using some type of SaaS application, you have a simple form of a hybrid cloud.

This mixed IT architecture is appealing because it provides the ability to seamlessly and flexibly extend workloads or applications beyond the internal data center when extra capacity is needed. This helps enterprises prepare for unexpected or unpredictable demand (like seasonal demand or R&D computational intensive tasks) by bursting to the public cloud. This reduces the costs of having to build up a substantial reserve of data center hardware and software infrastructure on-premise. Many enterprises also see the value of a hybrid cloud architecture for disaster recovery due to their geographically distributed architecture.

Securing Hybrid Cloud EnvironmentsIn an utopia hybrid cloud model, public clouds complement and become an extension of the private cloud, and can be managed via the same automation and orchestration framework and with the same consistent security and compliance policies.

However, securing a hybrid cloud environment may be different from your traditional private cloud infrastructure. The challenges from a security perspective include a dependency on networks that are outside your immediate control and may be accessed outside of the normal corporate access methods. However, this certainly does not mean hybrid security is required for hybrid cloud architectures. The same consistent security policies should be implemented across public and private cloud, but the deployment options used may be different because of the diverse architectures.

Here are the top three considerations for a hybrid cloud model.

Which Data To Keep On Premise Versus Cloud

Economics, business and security needs determine the types of data and applications that are ideal for the cloud. As an example, proprietary financial records or healthcare records may be too sensitive for the public cloud. By determining the security requirements for the data in your network, you can make an intelligent decision on which types of data and applications are appropriate to extend to the public cloud. Data with stringent security and compliance needs should be maintained within the private cloud environment.

Finding the right public cloud provider partner

One of the most important considerations in a hybrid cloud model is that your security is now dependent on another party. The public cloud element will introduce security considerations that may be outside your control. This means part your security strategy will be conducting the proper due diligence on the private cloud provider and the security features offered. This spans not only traditional network security features like firewall and IPS but also data security implications such as data privacy, data flow, data storage and the handling and processing of the data. In addition, authentication features and physical security at provider sites need to be considered.

It is important not to tie your security policies to a specific cloud provider. The benefits of a hybrid cloud model is the flexibility to extend to any public cloud environment. Therefore, when economics or performance dictate a move to a different provider, the security policies will be portable.

Security architectures for the hybrid cloud

Another consideration in a hybrid cloud model is how to secure the two cloud environments. The first option is via a private site-to-site VPN tunnel between the private and public cloud. All traffic and all access is routed through the corporate network. This provides a consistent set of corporate security policies for public cloud access, however, there may be latency challenges for certain types of data and applications because all traffic has to backhaul through the corporate network.

Another option is to segregate the private and public cloud environments and leverage the security functions provided by the cloud provider. A firewall (that may be owned by you or provided by the cloud provider) is placed at the public cloud network edge to enable access to your specific applications. This provides flexibility in access and improvements in latency. But, the security options provided by your cloud provider may be different from what you have chosen for your private cloud.

Every hybrid cloud architecture is unique,so while the above considerations can serve as guidelines, they may not be the comprehensive list. The key is selecting the right cloud provider partner and evaluating their security features to complement the on-premise private cloud security features as part of an overall long-term security strategy.

Subscribe to the SecurityWeek Email Briefing
view counter
Danelle Au is head of product marketing at Adallom, a SaaS security company. Danelle has more than 15 years of experience bringing new and innovative security technologies to market, and is a frequent speaker at conferences. Prior to Adallom, Danelle was responsible for solutions marketing at Palo Alto Networks, driving growth in critical IT initiatives like virtualization, network segmentation and mobility. She was also co-­founder of a high-­speed networking chipset startup. She is co-­author of an IP Communications Book, "Cisco IP Communications Express: Operation, Implementation and Design Guide for the Small and Branch Office” and holds 2 U.S. Patents.