It’s another week and time to address yet another hybrid cloud myth—that it’s not secure. It’s a somewhat understandable assumption given that everyone is concerned about data security these days. You almost can’t hear or read the news without learning about another security breach or hacking attempt. Would-be thieves are getting smarter and their attempts at gaining access to your data growing bolder.
For many, the cloud remains an elusive concept. It doesn’t fit neatly in a box and it has no clear boundaries; so how could it actually ever be secured? The waters get even muddier when we talk about the hybrid cloud. The fact that it comprises both a public and private component gives way to lots of questions like: Who handles what? How do we address new risks while keeping everyone else safe? And, how is compliance addressed?
For many, these issues have become more than just a speed bump on their path to moving to the hybrid cloud. For others, moving to the hybrid cloud is viewed as a way to keep their business-critical data secure. The reality lies somewhere in the middle.
Yes, the hybrid cloud model can help IT organizations address security issues surrounding the cloud. It does this by allowing all data to be stored in the private cloud rather than the public cloud, which tends to be more susceptible to hacking and viruses. To further bolster that security, hybrid cloud vendors build security protocols and capabilities into their offerings. Those capabilities might include the use of encryption and authentication technologies. They might also encompass the use of foundational software for the cloud infrastructure that’s been built from the ground up to be secure and resilient to attack. Identity and access management is another potential security capability, as it helps to secure access to an organization’s data, on-premises and cloud applications.
Even with all of this, the security of your data should never be taken for granted in the hybrid cloud. And that puts the onus on you to also take steps to make sure your organization’s data is secure. But how exactly do you do that?
To begin with you must consider security at the outset, before you start to migrate to the hybrid cloud, and choose a cloud service provider who has made, and continues to make huge investments in the security of its’ solutions. Once you do start migrating to the hybrid cloud, start with low-risk projects first. For example, consider storing less sensitive encrypted data in the cloud. That way, if a breach occurs, you won’t have put your entire organization at risk. As your comfort level rises, along with the security measures of your organization and those of your cloud service provider, you can begin to tackle more risky tasks. Also, don’t ever forgo proper data security measures. That means encrypting data even if it is behind a firewall and using authentication of public cloud instances.
Here’s a list of a few other things you might want to consider. A complete security checklist is available here. While the checklist is geared toward security in the government cloud, it touches on many points that are applicable, regardless of what you choose to use the cloud for:
- Integration. Look for integration points with security and identity management technologies you already have, and controls for role-based access and entity-level applications.
- Privacy. Make sure a cloud service includes data encryption, effective data anonymization, and mobile location privacy.
- Identity and access. When you place your resources in a shared cloud infrastructure, the provider must have a way of preventing inadvertent access.
- Compliance. What certifications does your provider possess? How do you handle dispute resolution/liability issues? What industry or government standards do you comply with? Are there clearly defined metrics for the cloud service to be monitored?
- Service integrity. How is the software protected from corruption? How does your provider ensure security of written code? How do they do threat modeling? What is the hiring process for the personnel doing administrative operations? What levels of access do they have?
- Information protection. Who owns your data? Can it be encrypted? Who has access to encryption keys? Where is the backup located, and do you have an on-premise backup? How is the backup purged? What requirements do you have with regard to the physical location of your data?
More and more, organizations are looking to the hybrid cloud to deliver faster service provisioning and agility, lower IT costs, and the ability to adapt more quickly to evolving market dynamics. However, to make that move feasible, they want assurance that it’s secure. Following the tips and checklist outlined above can go a long way toward that goal.
If you have any tips for ensuring securing of data in the hybrid cloud, drop me a line at [email protected]. And don’t forget to check back here each week for more information on the hybrid cloud and other important IT-related topics.
This blog is sponsored by Microsoft.
Cheryl J. Ajluni is a freelance writer and editor based in California. She is the former Editor-in-Chief of Wireless Systems Design and served as the EDA/Advanced Technology editor for Electronic Design for over 10 years. She is also a published book author and patented engineer. Her work regularly appears in print and online publications. Contact her at [email protected] with your comments or story ideas.