In the world of digital transformation, hybrid cloud and its usage is of paramount importance considering the benefits enterprises are deriving while they embrace the same. This is in terms of agility, cost saving and also added the benefits derived from digital transformation.
Hybrid clouds offer the benefits of both public and private clouds by taking advantage of existing architecture in a data centre. There is also an optimum security and privacy to the data, ensuring the flexible environment to the workloads. The architecture is such that it allows on-premises data centre, private and public cloud resources and workloads all tied together under common data management, keeping its identity intact.
But the question is how far enterprises are gearing up to take the security aspect of hybrid cloud while moving to expand their business initiatives. The 2019 State of Hybrid Cloud Security survey found that enterprises are inadvertently introducing complexity into their environments by deploying multiple solutions on premise as well as across multiple private and public clouds.
Firemon survey found that 60% of respondents say cloud business initiatives are accelerating faster than security teams’ ability to secure them in the 2019 State of Hybrid Cloud Security Survey.
The research findings also point that only 56% of respondents indicated that network security, security operations or security compliance teams are responsible for cloud security. In the remaining 44% of cases, IT/cloud teams, application owners or other teams outside the security organization are responsible for cloud security.
Threats are not specific to cloud environment and can be of various types ranging from ransomware to data breach in cloud environment. Enterprise using cloud based email services can be susceptible to everything from simple spam, phishing attacks and business email compromises scam. Therefore organizations should implement proper security measures to protect their networks and systems.
Taking hybrid cloud security as a shared responsibility is a very important aspect on part of organization and its not only on the onus of service providers who will be looking after all aspect of cloud security.
Challenges to Hybrid Cloud Security Faced by Organisations.
The hybrid cloud is designed such a way that it there is a constant transfer of data from one cloud environment to another. This data that is getting transferred from one cloud environment to another is susceptible to cyber-attack. It is a well-known fact that data has a huge capability to provide insight in decision making process. Data in private cloud is supposed to have highest security in comparison to public cloud. The biggest threat happens when data is in motion are intercepted and altercated.
Following compliance and guidelines by industry rules is one of the key challenges faced by hybrid cloud. One cloud environment may not support the same set of guidelines as the other as hybrid cloud environment also has its share of complexity.
“Data leakage is possible and prone to attack if not secured properly. The reason being the most secured data when shared in a public environment can be susceptible to attack. Data security is also the responsibility of whoever owns the data. Therefore third party using public cloud to access customer’s data through their own devices, which may not be secured, can pose challenges to data security and risk of getting leaked” say Dipesh Thakkar, Head – Information Security & Digital Transformation, of Waaree Energies Ltd.
Other significant challenges would be the supply chain. If proper scrutiny is not conducted before implementing infrastructure systems supply chain can be the weakest link. To secure data in hybrid model the customers may have to give up some amount of control to govern them. In that scenario they are dependent on vendors service level agreement. Paying close attention to all details of agreement can save customers.
Vasudevan Nair of Writer corporation, Head IT and CISO, says that the most important challenge is to get complete visibility of hybrid cloud environments including the layers controlled by the service providers.
Most of the enterprises have robust policy processes deployed for their native environment and it’s challenging to extend native security (on prem) tools and solutions to cloud environments.
Fixing Hybrid Cloud Security Challenges
Data transition from one cloud platform to another platform should be protected by strong encryption to avoid security breach. Cryptographic protocols with endpoint authentication are ways to stop random attacks.
Supply chain can be the weakest link if vendor’s source of procurement from where they are procuring the product is not assessed properly. Also public service provider’s service level agreement should be assessed and have clarity in regards to what services they will be providing and the requirements as a customer they expect in terms of security measures.
“Integrated dashboards become impractical and hence end-up with different solutions or versions which would ultimately increase the spend.
This will be steadily addressed in the long-run when increased penetration of various HCI solutions coupled with solutions like CASB becomes the standard” says Nair.
If everything is clear from the very beginning enterprise managers can be prepared to understand the security levels that are available to cover hybrid cloud in enterprise. Vendors who cannot provide reasonable ownership and fulfill expectation as what is required from them needs to be avoided.
Compliance forms a very important part in securing data in hybrid environment. Ensuring full compliance in a hybrid cloud environment will require evaluation as both the environment is separate. Coordinating the two clouds is important in order to follow compliance and ensure data protection at all cost. As data moves back and forth in hybrid environment following strict compliance can be challenging in hybrid cloud.
Security management of hybrid cloud is a challenge and maintaining that falls in priority list. People at workplace have access to consumer data, that can fall into wrong hands if leaked knowingly or unknowingly through their own devices like BOYD which may not be secured. Therefore enforcing security protocols, following guidelines and identifying timely threats must be a part of rigorous process. API keys must be must be secured in the same way as encrypted information is. An important point is that third parties mostly the developers must be sure to handle keys securely
(Image Courtesy: biztechmagazine.com)