Connect with us

Hi, what are you looking for?


Cloud Security

Looking for the Silver Lining: Making the Move from Hybrid to Public Clouds

They say you need to look for that silver lining in the cloud. You may have thought you found it when you adopted a hybrid approach to cloud computing. And for a time you probably did.

They say you need to look for that silver lining in the cloud. You may have thought you found it when you adopted a hybrid approach to cloud computing. And for a time you probably did.

A hybrid approach, having some applications in the public cloud and others in data centers and private clouds, is the most common. But now much of the innovation and change is happening in the public cloud and the silver lining is shifting. According to Gartner, by 2019 more than 30% of the 100 largest vendors’ new software investments will have moved to cloud-only. With more leading-edge IT capabilities available only in the cloud, companies that can migrate more of their applications accordingly stand to gain even greater agility, scalability, and efficiencies required for business success.

So what’s keeping organizations from transitioning more of their hybrid computing environments to public clouds? There are three main reasons:

1. Locked in tradition. It’s human nature to resist change and IT teams are no different. Making the migratory leap can be overwhelming and scary. In addition, some IT capabilities are only available in traditional formats, reinforcing the need for many IT teams to protect their internal clouds.

Making the Move from Hybrid to Public Clouds2. Security concerns. Some security professionals and regulators feel that moving to the cloud compromises security posture. Some of this mistrust is based on geography – where the company is located vs where the cloud is hosted. A lack of clarity from cloud service providers on security practices also contributes to security concerns.

3. Transition ease. Some applications are easy to move to the cloud and some are more difficult. For example, apps that rely heavily on mainframes for core backend processing and up to hundreds of servers require a multi-step approach.

Many companies want to take advantage of all the benefits of moving to cloud, and industry pundits point to a shift to greater public cloud usage. Research from Gartner finds that overall demand for cloud computing in all its forms will grow 18% in 2017 to $246.8 billion in total worldwide revenue from $209.2 billion. Of that total, demand for the subset of public cloud infrastructure is expected to grow 36.8% this year to $34.6 billion.

Forrester concurs; public cloud services are a force to be reckoned with. They project that revenue from public cloud platforms, business services, and SaaS applications will grow at an overall CAGR of 22% between 2015 and 2020, reaching $236 billion (up from $146 billion in 2017), which is 23% higher than their previous forecast.

Advertisement. Scroll to continue reading.

Clearly it is no longer a question of “if” a company will move to public clouds but “how fast.” Some are cloud-first and others are more measured. But to take advantage of the significant business benefits, there’s a growing movement to public cloud services.

Here are three tips to help you prepare.

1. Recognize the knowledge gap and work to close it. There’s a dearth of IT and security professionals with a deep understanding of cloud today. Even with various certifications, there’s no substitute for specific knowledge of the actual service. Get to know the best practices for your particular cloud provider. Documentation is also approached differently in the cloud, using scripting language that may not be familiar to security management and architecture teams. It’s time for a refresher on JSON and Python.

2. Understand how security operating models must change. The cloud is a dynamic environment and our approach to security likewise must become more agile. Gone are the days of releases every six months and governance run by committee with manual reviews on a monthly basis. When multiple releases a day are the norm, security decisions must be distributed real-time throughout the organization. This will require mechanisms for better security accountability and visibility.

3. Adopt security frameworks built specifically for the cloud. Frameworks from NIST or ISO only mention the cloud and many of the controls still assume the traditional way IT is managed. You need a cloud security framework that can serve as a lens for planning cloud security and that you can use to help develop your cloud security architecture. For example, solutions that allow you to control and discover SaaS apps and protect data usage in the cloud, while enabling employees to get their work done from wherever they are, must be part of your architecture.

Many organizations are comfortable right now in their hybrid environments. But as more IT innovation happens in the public cloud and the enabling infrastructure continues to mature, organizations need to put themselves in a position to benefit from the latest cloud services. Beginning to lay the groundwork now, you can confidently shift to the cloud that offers the greater silver lining.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility