The benefits of doing business in the cloud are well-documented and widely accepted; indeed, it is no longer a question of whether organizations should leverage the cloud, but rather to what extent and degree the cloud must be part of the operational plan.
Today most organizations adopt a hybrid-cloud model, which allows them to have more flexibility and at the same time avoids being locked-in with one vendor. Other benefits of a hybrid-cloud environment include speed, cost savings and business continuity.
Still, hybrid-cloud models come with their own challenges, security typically being foremost among them. Indeed, according to the RightScale 2018 State of the Cloud Report, security is the biggest issue among cloud beginners.
Sadly, for many organizations, the journey upwards into the virtual ether has been neither smooth nor streamlined. Too often it's riddled with unforeseen hybrid-cloud security challenges stemming from the need to extend existing on-premise security policies to a distributed hosting environment.
Don’t Support Tomorrow’s Infrastructure with Yesterday’s Technology
Obviously, the cloud is here to stay, and its impact on everything from back-end data centers to front-facing customer communications will only grow bigger in the years ahead.
As such, organizations must rapidly — but thoughtfully and strategically — fill the gaps in their policies, so that they are both robust and enforceable. To that end, here are three best practices to help ensure the hybrid-cloud’s profitable benefits are not undermined by costly security vulnerabilities:
1. Choose an Advanced Security Platform
Avoid trying (and inevitably failing) to support tomorrow’s infrastructure with yesterday’s technology. Organizations need to adopt an advanced security platform that:
- Is designed for today’s complex multi-cloud, multi-account, multi data center environment.
- Integrates with all combinations of legacy and emerging compute systems like containers, hypervisors and serverless.
- Uses automation to rapidly and accurately manage ongoing security changes.
2. Manage Security Policies From Your Comfort Zone
Instead of having SecOps, DevOps, engineersm and security fight for policy dominance, organizations should adopt a Bring Your Own Security Policies (BYOSP) arrangement.
A "mega" dashboard that gathers, monitors, and manages all policies will allow all relevant stakeholders to contribute their must-have requirements, which can then be streamlined and standardized across the organization and can be easily implemented by the security team.
3. Enable Multi-Level Visibility
As the adage goes, “you can't manage what you don't measure”. In a similar sense, organizations cannot effectively enforce security policies that they cannot clearly and constantly see.
As such, they need multi-level visibility that provides both an aerial view of operations (big picture), and isolation on the lower levels (granular details). In other words, they need both clarity and control.
The Bottom Line: Hybrid-Cloud Security Challenges Are Surmountable
As observed by Enterprise Security Group’s senior principal analyst Jon Oltski:
“A few years ago, CISOs were concerned about the conceptual security of the cloud. Now, they are anxious about the practical realities around how they can extend their existing cyber security skills, processes, and controls to enforce security policies and monitor activities in the cloud”.
Indeed, CISOs are not the only ones who are concerned about security in the cloud. Given the massive costs and lingering consequences of data breaches — triggered by either external cyber criminals or internal rogue users — achieving a strong, stable and enforceable hybrid-cloud environment is everyone’s responsibility; regardless of team designation or job title.
Following the best practices described above will go a long way to helping organizations ensure that their journey through the cloud is safe and profitable.