Securing Hybrid Clouds
As seen in the pasts years the cloud and the “cloud first” approach have been the ideology for enterprises when we talk about Datacentres. Nowadays needs require the IT infrastructure to be dynamic and flexible to be able to response to users demands efficiently. But going full public cloud has been proven on many cases to not be cost-effective at the end. That is why many enterprises are opting for the hybrid cloud solution.
The hybrid cloud offers the best of both worlds the dynamism of the public cloud and the customizability and control of the infrastructure on premise.
What we are doing is interconnect two different environments into one, the way these two are used by the enterprise may vary. For example, some may opt for minimal interaction with the datacentre portion of their cloud solutions, while others may use it for most of their operation, using only the public cloud for storing nonessential data.
The fact that we are interconnecting these two environments and we are operating and sharing information between them, creates new variable security requirements for the datacentre.
It is important to understand that the threads in the cloud are not only cloud-specific threads. Ransomware attacks, phishing or zero days, for example, are also security risks that we have to be taken into account.
Another important aspect is to not make the mistake of assuming that the service provider is going to handle all the aspects of the cloud security. Securing the hybrid cloud is a shared responsibility, while the service provider offers security for the underlying infrastructure, the enterprise is responsible for securing their data and software.
Some of the key challenges of hybrid clouds security are:
- Encryption: Data is constantly shared in this environments so protecting it with a good encryption method is key.
- Correct cloud configuration: 70% of all cloud data breaches at cloud come from misconfigurations.
- Security in the supply chain: Hybrid cloud environments often include products and software from multiple vendors creating a complicated ecosystem.
Multiple vendors have already solutions built to protect this kind of environments. For example, if we take a look at the solutions proposed by Fortinet we can see what type of devices are used: FortiGate NGFWS, FortiGate-VMs, manager and analyser purpose software, etc. Both physical devices and virtualized systems are needed to protect each part of the hybrid cloud.
Albert Ribas Sanchez.