Hybrid cloud computing enables organisations to segregate their resources and workloads on-premise, in a private cloud, or a public cloud. But despite its many benefits, the hybrid environment also creates security concerns.

AlgoSec’s co-founder and CTO, Prof. Avishai Wool shares his expert insights on some of these concerns and offers best practices to boost hybrid cloud security.

Hybrid cloud computing

Hybrid cloud computing combines on-premises infrastructure, private cloud services, and one or more public clouds.

Going hybrid provides businesses with enhanced flexibility, agility, cost savings, and scalability to innovate, grow, and gain a competitive advantage. So, how can you simplify and strengthen security operations in the hybrid cloud?

It all starts with visibility – you can’t protect what you can’t see

Hybrid environments are highly complex, which can create security blind spots

Security teams need to know what these assets are and where they reside to protect their entire hybrid infrastructure, applications, workloads, and data. They also need to see the entire hybrid estate and not just the individual elements.

However, complete visibility is a serious hybrid cloud security challenge. Hybrid environments are highly complex, which can create security blind spots, which then prevent teams from identifying, evaluating, and most importantly, mitigating risk.

No fragmented security approaches

Another hybrid cloud security concern is that you cannot implement a fragmented security approach to control the entire network.

With thousands of integrated and interdependent resources and data flowing between them, vulnerabilities crop up, increasing the risk of cyberattacks or breaches. For complete hybrid cloud security, you need a holistic approach that can help you control the entire network.

Is DevSecOps the panacea? Not quite

In many organisations, DevSecOps teams manage cloud security because they have visibility into what’s happening inside the cloud. However, in the hybrid cloud, many applications have servers or clients outside the cloud, which DevSecOps may not have visibility.

Also, the protection of data flowing into and out of the cloud is not always under their remit. Other teams are required to manage security operations and minimise hybrid cloud risks to compensate for these gaps. These additional processes and team members must be coordinated to ensure continuous security across the entire hybrid network environment. But this is easier said than done.

IaC-based security

IaC-based security defines security best practices in template files, which minimise risks and enhance security posture

Using IaC to balance automation with oversight is key, but you shouldn’t solely rely on it Infrastructure as code (IaC) will help you automatically deploy security controls in the hybrid cloud to prevent misconfiguration errors, non-compliance, and violations while in the production stage and pre-application testing.

With IaC-based security, you can define security best practices in template files, which will minimise risks and enhance your security posture. But there’s an inherent risk in putting all your eggs in the automation and IaC basket.

Hybrid cloud issues

Since all the controls are on the operational side, it can create serious hybrid cloud security issues. And without human attention and action, vulnerabilities may remain unaddressed and open the door to cyberattacks. Since security professionals who are not on the operational side must oversee the cloud environment, it could easily open the door to miscommunication and human errors, a very costly proposition for organisations.

For this very reason, you should also implement a process to regularly deploy automatic updates without requiring time-consuming approvals that slow down workflows and weaken security. Strive for 95% automated changes and only involve a person for the remaining 5% that requires human input.

Hybrid cloud security best practices – start early, start strong   

When migrating from on-prem to the cloud, you can choose a greenfield migration or a lift-and-shift migration. Greenfield means rolling out a brand-new application. In this case, ensure that security considerations are “baked in” from the beginning and across all processes.

This “shift left” approach helps build an environment that’s secure from the get-go. This ensures that all team members adhere to a unified set of security policy rules to minimise vulnerabilities and reduce security risks within the hybrid cloud environment.

Migration planning measurements

You can also leverage hybrid cloud security solutions to detect and mitigate security problems in real-time

If you lift and shift on-prem applications to the cloud, note any security assumptions made when they were designed. This is important because they were not built for the cloud and may incorporate protocols that increase security risks.

Next, implement appropriate measures during migration planning. For example, implement an Application Load Balancer if applications leverage plaintext protocols, and use sidecars to encrypt applications without having to modify the original codebase. You can also leverage hybrid cloud security solutions to detect and mitigate security problems in real time.

Matching cloud security with application structure is no longer optional

Before moving to a hybrid cloud, map the business logic, application structure, and application ownership into the hybrid cloud estate’s networking structure. To simplify this process, here are some tried and proven ways to consider.

  • Break up your environment into a virtual private cloud (VPC) or virtual network. With the VPC, you can monitor connections, screen traffic, create multiple subnets, and restrict instance access to improve security posture.
  • Use networking constructs to segregate applications into different functional and networking areas in the cloud. This way, you can deploy network controls to segment your cloud estate and ensure that only authorized users can access sensitive data and resources.
  • Tag all resources based on their operating system, business unit, and geographical area. Tags with descriptive metadata can help to identify resources. They also establish ownership and accountability, provide visibility into cloud consumption, and help with the deployment of security policies.

Conclusion

In today’s fast-paced business environment, hybrid cloud computing can benefit your organisation in many ways. But to capture these benefits, you should make an effort to boost hybrid cloud security.

Incorporate the best practices discussed here to improve security and take full advantage of your hybrid environment.

Download PDF version Download PDF version

Author profile

Avishai Wool CTO and Co-Founder, AlgoSec

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?