The attraction of this ‘hybrid cloud’ strategy for digital transformation is compelling. Not only does it dramatically increase an enterprise’s agility, flexibility and reduce its costs; according to a 2019 survey by IDG Research , a hybrid cloud strategy ‘appears to accelerate the IT transformation journey, with 63% of respondents reporting the most progress using a hybrid cloud approach.’
So it’s maybe unsurprising that among the results of Flexera’s 2019 survey2 of cloud computing trends, 84% of enterprises had a multi-cloud strategy, 69% were using hybrid cloud, and on average they were running applications in 3.4 public and private clouds, and experimenting with 1.5 more.
The same survey found 67% of respondents had adopted Amazon Web Services (AWS) and 60% were using Microsoft Azure. A further 15% and 14% respectively were experimenting with them, and 4% and 9% planned to do so. So if you’re using or planning to use a public cloud solution, it’s almost certain to involve AWS and/or Azure.
Why is hybrid cloud security such a major issue?
Research by analysts such as Forrester, IDC, PwC and others has highlighted the diverse challenges faced by enterprises in securing their workloads within a hybrid cloud environment.
Back in 2015, IDC warned that ‘The primary barrier to the adoption and increased usage of public cloud services is security. Typically, an organization’s concerns about security are multifaceted, touching data security, regulatory compliance, external threats to the service provider’s cloud infrastructure and datacenter environments, shadow/rogue IT usage, and issues related to the lack of visibility into the cloud service provider’s infrastructure.’
These concerns were echoed in a 2017 Forrester survey of IT executives4. When asked ‘What challenges have you faced deploying/using multiple cloud platforms/environments?’ the #1 answer was ‘Security concerns’. And in reply to the question ‘Which features of a hybrid cloud infrastructure platform are most important to you?’ the #1 reply was ‘Consistent security across public and private infrastructure’.
Based on these responses, Forrester found ‘The top challenges inhibiting further expansion of hybrid cloud are security/privacy concerns, lack of cloud platform and management skill sets, and lack of consistent monitoring and management tools across platforms. Without consistent platforms and security, current staff skills will be stretched, limiting how much more hybrid companies can safely adopt cloud solutions. These concerns will continue to hold companies back from becoming more hybrid.’
PwC made more wide-reaching recommendations, suggesting that ‘Companies should realize the cloud is unique, a place where distributed data dictates a new way of thinking about security.
‘Companies should have a cloud architecture that is designed with security in mind. Robust processes focused on protecting data loss are also vital. Further, safeguarding cloud-based data from attacks requires not only strong security capabilities, but also routine monitoring and updating.
Optimizing security for hybrid cloud workloads
To address these kinds of issues, you’re going to want a workload protection solution that prevents threats through systems hardening, patching etc.; detects incidents when they occur; and responds effectively, through active defense and mitigation, quarantining, blocking ports, killing infected data streams and severing affected connections.
But you’ll also want a solution that achieves this without compromising performance, maintains your agility, ensures compliance and keeps you audit-ready. An ideal hybrid cloud workload protection solution is therefore one that:
- Provides the necessary level of protection for all the different types of workloads running on your various hybrid cloud platforms.
- Delivers an essential set of technologies including system hardening, exploit prevention, antivirus, firewall and file integrity monitoring.
- Is structured as a comprehensive, multi-layered solution focused on maximizing security and minimizing risk.
- Does not cause performance degradation for services or users, or impose any unnecessary overheads on servers or resources.
- Supports compliance by satisfying a broad range of regulatory requirements related to how baseline technologies are deployed, configured, updated and continuously monitored.
- Enforces consistent security policies throughout all parts of the hybrid infrastructure maintaining visibility and control.
- Enables ‘ongoing’ audit by integrating state of security reports into daily/weekly/monthly IT reporting, and providing the means for this.
- Takes account of continuous infrastructure changes, through broad and timely support for platforms and operating systems, and integration with native APIs, third-party technologies such as SIEM, etc.
However, organizations should exercise caution: The rapid adoption of hybrid cloud technologies requires a security strategy that runs parallel. But, why is hybrid cloud security so important & how can I address the concerns?
In this white paper, find answers to these questions, in addition to:
- The 5 elements of digital transformation
- Top 4 cloud security concerns
- How to optimize security for hybrid cloud workloads