Wednesday 13 July 2016

Hybrid cloud security: What it is and best practices


A virtualized hybrid cloud infrastructure comes with the assurance of better business outcomes but the rapid transformation that accompanies cloud also leaves the infrastructure vulnerable to cyber attacks. This makes risk management critical for every enterprise. Since no two enterprises work exactly the same way, a standard risk tolerance profile cannot sustain the potential risks posed by technical hurdles.


Despite a cloud service provider’s best possible efforts, security issues are inevitable. With hybrid-cloud deployments you will also need to ensure that sensitive business data remains secure between private and public cloud. This is why hybrid cloud environment strategies need to take into account the possibility of regular movement of data between private and public clouds. Here are security issues to take into account when handling hybrid cloud security:


  • Cloud Security Skills -- Some of the skills are applicable across all public cloud aspects. An example of this is in-house expertise that is complete with data loss prevention and encryption when dealing with applications that are content rich. Your teams need to not only know, but also be able to track where the enterprise data is within the cloud and what your service providers are offering to protect your data. They also need to know how they can integrate policies that address the protection of data with company policies. They will require identity and access management that sophisticated coupled with multifactor authentication that may include tokenization irrespective of whether you are using IaaS, PaaS, SaaS or a combination of these cloud infrastructures.



  • Secure and Compliant Components of your Cloud Environment -- Most of the soft skills that are required for success in hybrid cloud security arise out of the need for organizations to attain more visibility in the hybrid environments that are getting more complex even as IaaS, PaaS and SaaS are combined with private clouds and with each other. To attain visibility within the security structure of third party providers, it is paramount for IT teams to secure audit rights to be able to examine the practices of the providers as well as ensure the certifications that are appropriate are in place. The audit rights may be structured at a service level agreement to ensure compliance with government or industry regulations as well as corporate security policies. As such there is a need to develop a wide-ranging service level agreement with service providers. In addition, security and IT teams will be required to work together in negotiating terms that offer visibility, maximum protection for the third party services so that all applications, data and the various components of the cloud environment are not only compliant but also secure.

No comments:

Post a Comment