Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Does A Hybrid Cloud Require Hybrid Security?

While many organizations today are looking to build private cloud infrastructures in-house, the reality is that the majority will end up with a hybrid cloud environment. A hybrid cloud consists of a mixed IT infrastructure — an internal private cloud infrastructure and one or multiple public cloud infrastructures. If you’re already using some type of SaaS application, you have a simple form of a hybrid cloud.

While many organizations today are looking to build private cloud infrastructures in-house, the reality is that the majority will end up with a hybrid cloud environment. A hybrid cloud consists of a mixed IT infrastructure — an internal private cloud infrastructure and one or multiple public cloud infrastructures. If you’re already using some type of SaaS application, you have a simple form of a hybrid cloud.

This mixed IT architecture is appealing because it provides the ability to seamlessly and flexibly extend workloads or applications beyond the internal data center when extra capacity is needed. This helps enterprises prepare for unexpected or unpredictable demand (like seasonal demand or R&D computational intensive tasks) by bursting to the public cloud. This reduces the costs of having to build up a substantial reserve of data center hardware and software infrastructure on-premise. Many enterprises also see the value of a hybrid cloud architecture for disaster recovery due to their geographically distributed architecture.

Securing Hybrid Cloud EnvironmentsIn an utopia hybrid cloud model, public clouds complement and become an extension of the private cloud, and can be managed via the same automation and orchestration framework and with the same consistent security and compliance policies.

However, securing a hybrid cloud environment may be different from your traditional private cloud infrastructure. The challenges from a security perspective include a dependency on networks that are outside your immediate control and may be accessed outside of the normal corporate access methods. However, this certainly does not mean hybrid security is required for hybrid cloud architectures. The same consistent security policies should be implemented across public and private cloud, but the deployment options used may be different because of the diverse architectures.

Here are the top three considerations for a hybrid cloud model.

Which Data To Keep On Premise Versus Cloud

Economics, business and security needs determine the types of data and applications that are ideal for the cloud. As an example, proprietary financial records or healthcare records may be too sensitive for the public cloud. By determining the security requirements for the data in your network, you can make an intelligent decision on which types of data and applications are appropriate to extend to the public cloud. Data with stringent security and compliance needs should be maintained within the private cloud environment.

Finding the right public cloud provider partner

One of the most important considerations in a hybrid cloud model is that your security is now dependent on another party. The public cloud element will introduce security considerations that may be outside your control. This means part your security strategy will be conducting the proper due diligence on the private cloud provider and the security features offered. This spans not only traditional network security features like firewall and IPS but also data security implications such as data privacy, data flow, data storage and the handling and processing of the data. In addition, authentication features and physical security at provider sites need to be considered.

Advertisement. Scroll to continue reading.

It is important not to tie your security policies to a specific cloud provider. The benefits of a hybrid cloud model is the flexibility to extend to any public cloud environment. Therefore, when economics or performance dictate a move to a different provider, the security policies will be portable.

Security architectures for the hybrid cloud

Another consideration in a hybrid cloud model is how to secure the two cloud environments. The first option is via a private site-to-site VPN tunnel between the private and public cloud. All traffic and all access is routed through the corporate network. This provides a consistent set of corporate security policies for public cloud access, however, there may be latency challenges for certain types of data and applications because all traffic has to backhaul through the corporate network.

Another option is to segregate the private and public cloud environments and leverage the security functions provided by the cloud provider. A firewall (that may be owned by you or provided by the cloud provider) is placed at the public cloud network edge to enable access to your specific applications. This provides flexibility in access and improvements in latency. But, the security options provided by your cloud provider may be different from what you have chosen for your private cloud.

Every hybrid cloud architecture is unique,so while the above considerations can serve as guidelines, they may not be the comprehensive list. The key is selecting the right cloud provider partner and evaluating their security features to complement the on-premise private cloud security features as part of an overall long-term security strategy.

Written By

Danelle is CMO at Ordr. She has more than 20 years of experience in bring new cybersecurity technologies to market. Prior to Ordr, she was CMO at Blue Hexagon (acquired by Qualys), a company using deep-learning to detect malware, and CMO at SafeBreach where she helped build the marketing organization and define the Breach and Attack Simulation category. Previously, she led strategy and marketing at Adallom, a cloud security company acquired by Microsoft. She was also Director, Security Solutions at Palo Alto Networks, driving growth in critical IT initiatives like Zero Trust, virtualization and mobility. Danelle was co-founder of a high-speed networking chipset startup, co-author of a Cisco IP communications book and holds 2 US patents. She holds an MSEE from UC Berkeley.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.