Here are the core issues about hybrid cloud security that IT leaders should understand – and be able to explain to others in the organization
As with any significant IT change, adopting a hybrid cloud model requires revisiting your security practices. Done right, hybrid cloud should help improve security. The flexibility that comes with multiple environments, each with their own benefits and attendant costs, enables IT leaders to keep some types of sensitive or critical data on-premises, for example, while still embracing the enormous potential of private and public clouds.
However, security must be a visible piece of your overall hybrid cloud strategy, or you might be introducing new risks without taking the appropriate steps to mitigate them.
“There is no denying that hybrid cloud infrastructure is part of the new business reality,” says Guy Peer, VP of R&D and co-founder at Unbound. “Therefore, IT leaders must make hybrid cloud security a priority, if they haven’t already.”
In this post, we examine several fundamental issues IT leaders need to consider (and often, explain to others in the organization.) Think of it as “hybrid cloud security 101.” In a subsequent post, we’ll highlight strategies for managing these issues and strengthening your hybrid cloud security posture.
Let’s examine four key hybrid cloud security issues:
1. Perimeter security approaches fall short
Simply put, the traditional tools and strategies for defending your network perimeter are no longer adequate when you move to a hybrid model that likely includes both private and public cloud environments, as well as on-premises or traditional data center infrastructure.
“IT leaders need to understand that their carefully defined and maintained network perimeters are simply no longer sufficient,” says David Emerson, VP and deputy CISO at Cyxtera. “Hybrid cloud is becoming the new normal for enterprise infrastructures, and those enterprises must adapt, rather than fight change and insist on traditional security measures.”
As hybrid cloud architectures become increasingly common, IT pros will need to reboot their perimeter-oriented approaches, because the “perimeter” has radically expanded and changed.
“Most organizations will use a combination of on-premise with multiple cloud workloads on different public or private clouds,” says Unbound’s Peer. “With this type of environment, perimeter security won’t cut it.”
2. Your threat surface is now distributed
Here’s a fundamental reason why traditional perimeter security is not going to suffice in a hybrid cloud infrastructure: You’re now running workloads in different environments, spanning traditional on-premises infrastructure, private clouds, and public clouds. Given that flexibility is one of the strong appeals of hybrid cloud, you’re also likely moving data between these different environments based on your evolving business and technical needs.
“The attack surface is now distributed, boundless, and ever-changing,” says Brajesh Goyal, VP of engineering at Cavirin.