Aug 23 2023

How to Surmount Hybrid Cloud’s Biggest Security Challenges

Proper cyber hygiene in a hybrid cloud environment includes identity and access management, data governance and visibility into threats.

With data traveling freely between private data center infrastructure and public and private cloud resources, organizations will inevitably face security and privacy challenges. Those challenges are accelerating along with the popularity of hybrid cloud environments, which more than 70 percent of organizations now embrace, by one estimate.

Among hybrid cloud’s biggest security hurdles, experts say, are identity management within the context of zero-trust environments; secure management of multiple data environments; data sovereignty as information moves around the world; and data visibility as it moves from platform to platform.

Security policies that worked in an on-premises environment may not work when an organization shifts to hybrid cloud. Organizations experience “disaggregating infrastructure” that could increase security threats when moving data, according to Will Townsend, vice president and principal analyst for networking and security practices at Moor Insights & Strategy.

“Anytime you disaggregate any sort of infrastructure, it just expands the threat surface,” Townsend says.

Balancing older legacy infrastructure with cloud platforms creates a data management challenge for organizations. Townsend notes that companies such as Fortinet, Palo Alto Networks and others offer virtual firewalls, operating systems and fabrics to allow companies to manage a single set of policies across multiple domains, including on-premises data centers and the cloud.

“When you get up into the cloud and shared domain environments where you're running on somebody else’s infrastructure, that’s where your security posture is absolutely critical,” says Brian Brockway, global CTO and vice president at Commvault. “Ensure you have the right level of security, privacy, encryption, controls and access, and everything else wrapped around the data set.”

Hybrid Cloud


Hybrid Cloud Requires Zero Trust

With data residing on (and moving between) multiple platforms, zero trust is a key strategy to help organizations centrally manage identity and verify credentials, Brockway says. The security model is based on least-privilege access.
Brockway suggests that credentials should be verified on a temporary basis rather than being granted a persistent connection that remains open after a data exchange.

John Yeoh, global vice president of research at the Cloud Security Alliance, says zero trust works well in securing many types of environments, including hybrid and multicloud, because of its simple approach.

“The zero-trust approach gives you those basic principles you can apply across all those environments, and then the next thing you need is people who understand how to implement that across those technologies in those different environments,” Yeoh says.

Many organizations are adopting a central security management approach (including identity authentication) across cloud and on-premises environments, with help from solutions from Okta, SentinelOne, CrowdStrike, IBM and others.

A central authority that monitors and provisions access to a hybrid cloud environment can help an organization avoid data breaches, Brockway suggests. “You want to enable different teams to be able to jump in the cloud and do fast projects, but you also want to make sure your security services and rights and privileges are centrally coordinated and managed so mistakes are not made,” Brockway says.

Click the banner to learn how your institution can benefit from a hybrid cloud environment.

How To Manage Data Sovereignty In Multiple Domains

One security issue related to hybrid cloud that’s discussed less frequently relates to geography. Transporting data across national boundaries raises concerns about data sovereignty, according to Brockway.
Cloud providers must comply with the regional jurisdictions where their data resides. Companies such as VMware offer tools that can ensure that data stored in the cloud satisfies local regulations.

Encrypting data is key to protecting it as it moves into a hybrid cloud, Brockway says. As data is transported from one environment to another, it must be encrypted to ensure that no exposure points exist, he explains. Companies must also ensure that no personally identifiable information is exposed as data sets move from one domain to another. In certain jurisdictions, encryption is another way to satisfy data governance requirements.

DIVE DEEPER: Discover the basic steps to optimize your organization’s hybrid cloud environment.

How To Maintain Visibility in a Hybrid Cloud Environment

Visibility across on-premises data centers and the public cloud is another challenge organizations face. Orchestration- and infrastructure-as-code tools allow companies to gain this visibility, experts say.

In addition, observability tools from companies such as AppDynamics, Cisco Systems and Splunk can expose blind spots on multiple networks, Townsend says.

Townsend also suggests that organizations use single-policy engines across multiple cloud and on-premises environments. Policy engines enable companies to develop rules and enforce them on a network using analytics and role-based permissions.

Visibility should take into account the microservices needed to manage cloud platforms. Integrating infrastructure will require securing the application programming interfaces for these microservices, Townsend suggests.

“Integration often relies on API calls, and many Software as a Service apps make hundreds to thousands of calls daily that are often not monitored and could be thwarted,” he says.

Logging security alerts in a single platform can help organizations manage incident response and maintain threat visibility across a hybrid cloud. Auto-remediation of violations will also be helpful, according to Yeoh.

“Having new systems that can help auto-detect and auto-remediate some of your policy violations are going to be really key going forward,” he says.

Getty Images: ibnjaafar, baranozdemir

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.