New: ESG Technical Validation: One-Click Segmentation. Download now!
 
 

Protecting Your Hybrid Cloud (part 1)

Hybrid cloud is quickly becoming the default strategy for enterprises striving for increased scalability, agility, and cost savings. Sixty-seven percent of IT professionals say their enterprise currently has a hybrid cloud deployment, and analysts predict that spending on hybrid cloud will increase from $40 billion USD in 2017 to over $100 billion USD in 2023. There is no doubt that the benefits of balancing a company’s compute, networking, and storage needs across multiple types of data centers is compelling. As the volume of data enterprises collect and process grows, technology and business leaders want to ensure that their costs are not skyrocketing, that employees have reliable access to tools and data, and that no single point of system failure exists. Security, too, is a perceived top benefit, as organizations have finally embraced the idea that cloud providers are more easily able to dedicate resources to security, given that their business model depends on it.

The modern-day company manages data centers spread across public and private clouds, on-premises data centers, containers, and virtualized environments. This hybrid cloud approach is clearly here to stay. And though the benefits of a dispersed data and networking strategy are clear, security teams are also charged with securing data at rest and data in transit regardless of the compute environment. The main players in cloud and containerization offer their own brands of security for the environment. And all customers should take advantage of these controls. However, given that providers are also each others’ competitors, different levels of security are baked into the platforms and the focus of their security efforts is the environment rather than the data communicating inside the environment or across environmental boundaries. These facts, in turn, add complexity and create stress. Network and security teams that must manage multiple environments differently are increasing their workload exponentially with every environment added. This disparate approach raises the likelihood of network blindspots, meaning that any security gain of using cloud or containers is tempered by the possibility of errors as security controls are implemented and managed. Governing the security of applications and services communicating in one data center is hard enough. Gaining control over multiple data centers—some which are provided by a third party—is mind boggling. Why not stick with a single provider environment, then? Many organizations are concerned with vendor lock-in, meaning, they would be wholly reliant on one company. If that company experiences a massive breach or outage, the impact on the customer is all encompassing.


Subscribe to our newsletter:


Though companies can’t affect the security of a container or cloud (i.e., where the data is stored or processed), control over the data in the cloud—how data is accessed—remains in the hands of the data owner (i.e., the cloud/container consumer). Unfortunately, tools built to protect traditional, on-premises data centers don’t scale well in modern environments. They don’t adapt well to change or elasticity, and depending on the environment, each deployment could require different governance. This is time consuming and complex, two things security organizations don’t need more of.

Security that’s independent of the environment

What’s required for today’s hybrid cloud is security that is independent of the environment, that can be centrally applied and managed, and which scales alongside the business. Implementing a centralized solution that offers uniform control and manageability across data center deployment types will remove the complexity and effort that burdens most organizations. As hybrid cloud usage increases further (and computing environments we haven’t dreamed of yet emerge and find their way into corporate environments), keeping difficulty to a minimum will be even more important.

Though it might seem obvious, data centers are rich with data! In the majority of cases, threat actors are after that data: personally identifiable information, intellectual property, trade secrets, and the like. With this in mind, security teams need to hone their focus on protecting the data rather than the environment. Looking at the major data breaches that have been reported over the years, it’s easy to see that security fundamentals, or what some call “basic security hygiene,” have fallen through the cracks. One of the reasons for this is that security tooling generally falls into one category or the other: access controls, data loss prevention, or “gateways” like firewalls or email security. This patchwork of technology doesn’t alleviate operational effort or complexity. Instead, what security and network teams end up with is disparate systems to manage and miles-long logs to triage.

To ease the pain, organizations should look to implement solutions that address the security basics in one centralized management plane. In the second part of this post, we’ll dive into how this can be accomplished.

 

Katherine Teitler, Director of Content

Written by Katherine Teitler, Director of Content

Katherine Teitler leads content strategy and development for Edgewise Networks. In her role as Director of Content she is a storyteller; a translator; and liaison between sales, marketing, and the customer. Prior to Edgewise, Katherine was the Director of Content for MISTI, a global training and events company, where she was in charge of digital content strategy and programming for the company's cybersecurity events, and the Director of Content at IANS, where she built, managed, and contributed to the company's research portal.