How are you securing your hybrid cloud environment?

The benefits of hybrid cloud are no secret, and it's tempting to pour resources into taking advantage of these as quickly as possible. However, it's also vital to avoid letting security and compliance slide onto the back burner. With the right information at hand, knowing what’s essential for hybrid cloud security and how to put this in place doesn’t need to be overwhelming.?So what's most important when it comes to hybrid cloud security?

1) Shared responsibility model

For organisations whose hybrid cloud infrastructure is comprised at least partially of public cloud resources, the concept of shared responsibility is crucial. Shared responsibility means that the public cloud provider secures their own cloud (e.g., they will ensure the physical security of their data centre(s)). The exact components protected by the cloud provider varies depending on the provider. In contrast, whatever customers run or store within the public cloud is their own responsibility. Therefore, endpoint protection, network security, access management and data accountability all need to be managed by the customer. With security responsibilities divided this way, statistics reveal that most security failures involving public cloud are found to be the fault of the customer rather than the provider. It’s therefore all the more essential to put the correct measures in place for the portions of this model that an organisation itself is responsible for.

2) Governance/compliance

Although security responsibilities are shared between cloud providers and their customers, compliance and governance lie solely with the customer. The first step for an organisation is to research whether it is affected by industry- and country-specific compliance regulations. These (in addition to standard regulations like ISO or GDPR) should be considered while mapping out a strategy for their accommodation within a cloud environment. Maintaining compliance is a twofold challenge. On the one hand, regulations and standards change frequently — so if an organisation doesn’t have a role dedicated to keeping track of developments, it can be tedious to stay on top of the latest changes. On the other, without the proper tools in place it is often necessary to manually analyse and report whether infrastructure complies with the latest policies. This process takes time and can be prone to error.

3) Centralised security orchestration

Many challenges presented by both the shared responsibility model and governance/compliance can be addressed through consolidated security operations and security monitoring. A centralised security orchestration enables visibility over the entire infrastructure, regardless of cloud type. It ensures compliance standards are met without requiring a human to constantly monitor (and implement solutions for) the latest developments. This solution can allow the visibility that is so essential to maintain across clouds. For a hybrid cloud environment, there are several additional requirements that need to be considered:

? Tools must be scalable in order to accommodate a growing architecture. They should be capable of inspecting cloud native, PaaS and SaaS functionalities.?

? New components of the infrastructure must be monitored immediately alongside the rest of the environment. It is important to monitor every layer of the infrastructure.

The fragmented nature of a hybrid cloud environment – coupled with an often piecemeal-approach to cloud security in general – results in many organisations having a collection of different tools at their disposal. To successfully implement truly centralised security orchestration, it’s vital to take stock of what technologies can be applied to a hybrid cloud environment and which can’t.

How can these challenges be addressed?

Read our white paper, "Developing a hybrid cloud security strategy" for information about concrete measures – in the form of frameworks, tools and workflows – you can take to mitigate threats while making the most of hybrid cloud.