Hybrid cloud is the best way to go, say IT specialists. Research is steadily backing up the theory. In its fifth annual State of the Cloud survey, RightScale found hybrid cloud adoption grew 13 percent, year-over-year. This growth occurs after public cloud users decided to dip their toes into private cloud resource pools.
The idea behind hybrid cloud computing is combining on-premise resources with public cloud platforms. Doing this, you can dynamically alternate workloads between both environments. In a perfect world, it results in greater flexibility and more efficient IT services. You know what they say about perfect worlds, though. They simply don’t exist in real life. Something always gets in the way. Hybrid cloud security might be the biggest roadblock.
Hybrid Cloud Security: On-prem Protection Primes
Hybrid cloud security means that all on-premise resources are fully protected. This includes securing the various mobile devices that connect to both the private and public sides of the cloud. All the while you have to hope your service provider comes through on maintaining a secure, compliant-friendly service on their end of the deal. With so many angles to cover, there simply is no one-size-fits-all solution.
Here’s a list of what you should consider, when looking at hybrid cloud security.
1. IT Security Skills
IT security specialists require a specific skillset in order to thrive in a hybrid environment. Transparency and visibility are critical in this setting. Experts must adopt unconventional skills. For example, IT experts who can thoroughly monitor and audit third-party cloud systems with compliance in mind can be worth their value in gold. Getting the right balance between traditional and forward-thinking expertise is a tremendous luxury to have.
A public cloud platform should function much like you’d expect your own infrastructure to operate. Vendors monitor the environment and maintain detailed logs of all activities. If a security breach or even suspicious activity is detected, the vendor alerts the customer, who can follow up accordingly.
Vendor alerts are one thing. Acting on what you see is another. The customer needs to follow up on the findings and alert their own security team. Looking at analytics, organizations can pair logs, alerts and data from other applications for a more comprehensive view. Hybrid cloud security tightens another couple notches when you routinely monitor both sides of the fence.
3. SLA Flexibility
Service level agreements have long been a hot potato in cloud computing talk. Between the vague language and confusion over what “99.95 percent uptime” really means, users are understandably frustrated. But things are looking up, thanks to hybrid cloud. More vendors are taking custom SLAs into consideration. No two implementations are identical, and this has created a bit of leeway customers can bring to the negotiating table.
Custom SLAs make sense for three reasons:
1. Data: Your company data is invaluable. You want to know who has it, who controls access to it, and what steps must be taken for it to be released in your possession.
2. Compliance: A study by Evolve IP shows compliance is a major barrier to cloud adoption, according to 40% of respondents. The complexities of hybrid cloud make compliance even harder.
3. Compliance management: Putting data in the hands of a third-party provider doesn’t absolve you of compliance-related responsibilities. Organizations can benefit from arrangements that will ensure service providers meet compliance.
Custom SLAs offer some visibility into a cloud provider’s security infrastructure. Organizations are able to audit whether the vendor remains compliant with security policies demanded by industry or government-mandated regulations. When that option exists, security and IT must collaborate in negotiating SLA terms. These SLAs must create hybrid clouds that are both secure and compliant.
Organizations and vendors share the burden when it comes to hybrid cloud security. Vendors are usually responsible for:
- System security: Monitoring files and reporting security events. This ensures system integrity and helps customers with regulatory compliance.
- Application security: Monitoring access control, encrypting data with keys managed by the customer. In addition, they need to prevent disclosure of sensitive information.
- Virtualization security: Implementing security controls at the hypervisor level. This means customers can optimize data center operations, resource utilization and system performance.
- Network security: Around the clock management of firewalls and intrusion detection. Vendors can guarantee network security by protecting each server.
On the customer end, leaders must implement security policies that protect sensitive data and prevent security breaches. Organizations need to review both cloud vendor security, as well as their own in-house policies before moving to the hybrid cloud.
Most cloud vendors look the part on the surface. They’ve got the state of the art data center, sophisticated management tools, and impressive credentials all bundled into one affordable package. All this is appealing to the eye. But massive feature lists and all the compliance certifications in the world are not proof of reliability. A customer needs much more for be confident.
Merely being aware of the regulatory standards, this should be viewed as the bear minimum. Decision makers should look for vendors that not only verify their certifications, but also show how their security architecture helps customers achieve and maintain compliance. They need to go into detail about challenges they’ve faced and how they were overcome.
Some might say that hybrid cloud computing introduces new security risks. Others might say that lackluster IT management practices, insufficient security policies, and poor execution are to blame for those challenges. Whatever the case, effective security is the key to unlocking benefits of the hybrid cloud.