How to Surmount Hybrid Cloud’s Biggest Security Challenges

Hybrid Cloud Requires Zero Trust

With data residing on (and moving between) multiple platforms, zero trust is a key strategy to help organizations centrally manage identity and verify credentials, Brockway says. The security model is based on least-privilege access.
Brockway suggests that credentials should be verified on a temporary basis rather than being granted a persistent connection that remains open after a data exchange.

John Yeoh, global vice president of research at the Cloud Security Alliance, says zero trust works well in securing many types of environments, including hybrid and multicloud, because of its simple approach.

“The zero-trust approach gives you those basic principles you can apply across all those environments, and then the next thing you need is people who understand how to implement that across those technologies in those different environments,” Yeoh says.

Many organizations are adopting a central security management approach (including identity authentication) across cloud and on-premises environments, with help from solutions from Okta, SentinelOne, CrowdStrike, IBM and others.

A central authority that monitors and provisions access to a hybrid cloud environment can help an organization avoid data breaches, Brockway suggests. “You want to enable different teams to be able to jump in the cloud and do fast projects, but you also want to make sure your security services and rights and privileges are centrally coordinated and managed so mistakes are not made,” Brockway says.

Click the banner to learn how your institution can benefit from a hybrid cloud environment.

One security issue related to hybrid cloud that’s discussed less frequently relates to geography. Transporting data across national boundaries raises concerns about data sovereignty, according to Brockway.
Cloud providers must comply with the regional jurisdictions where their data resides. Companies such as VMware offer tools that can ensure that data stored in the cloud satisfies local regulations.

Encrypting data is key to protecting it as it moves into a hybrid cloud, Brockway says. As data is transported from one environment to another, it must be encrypted to ensure that no exposure points exist, he explains. Companies must also ensure that no personally identifiable information is exposed as data sets move from one domain to another. In certain jurisdictions, encryption is another way to satisfy data governance requirements.

DIVE DEEPER: Discover the basic steps to optimize your organization’s hybrid cloud environment.

How To Maintain Visibility in a Hybrid Cloud Environment

Visibility across on-premises data centers and the public cloud is another challenge organizations face. Orchestration- and infrastructure-as-code tools allow companies to gain this visibility, experts say.

In addition, observability tools from companies such as AppDynamics, Cisco Systems and Splunk can expose blind spots on multiple networks, Townsend says.

Townsend also suggests that organizations use single-policy engines across multiple cloud and on-premises environments. Policy engines enable companies to develop rules and enforce them on a network using analytics and role-based permissions.

Visibility should take into account the microservices needed to manage cloud platforms. Integrating infrastructure will require securing the application programming interfaces for these microservices, Townsend suggests.

“Integration often relies on API calls, and many Software as a Service apps make hundreds to thousands of calls daily that are often not monitored and could be thwarted,” he says.

Logging security alerts in a single platform can help organizations manage incident response and maintain threat visibility across a hybrid cloud. Auto-remediation of violations will also be helpful, according to Yeoh.

“Having new systems that can help auto-detect and auto-remediate some of your policy violations are going to be really key going forward,” he says.