The growth rate of the cloud seems to be everything it has been hyped up to be and more. Forrester Research recently updated their growth prediction of the cloud market by 20% above and beyond their forecast just three years prior. Their current estimate is an investment of $191 billion by 2020 which may be adjusted in the near future.1 Another example of this hyper rate of growth, Microsoft Azure was storing more than 10 trillion objects, as of January 2015, an increase of 6 trillion objects since July 2012.
Many startup organizations that are prioritized around agility and flexibility often turn to the public cloud in an attempt to outpace and adapt to constant changes in their business and market environments. But for organizations that are straddled with an existing data center or must comply with strict industry or governmental regulations, the hybrid cloud is the most popular deployment model today. Like the public cloud, the hybrid model brings elasticity and flexibility, but it introduces complexity as well. The hybrid cloud model is in fact a public cloud or multiple clouds serving as an extension of your on-premise data center. This also means that your IT team needs to have a comprehensive security strategy that extends beyond your on-premise perimeter. The traditional castle wall and moat security approach is no longer relevant. This tech brief provides some integral steps to ensuring that the entirety of your hybrid implementation is secure.
1. BE AN ACTIVE PARTNER OF YOUR CLOUD PROVIDER
You are trusting a cloud provider with your company’s data and essential services. That is nothing to be passive about. Out of sight, out of mind, is not the correct mind frame in this instance. Do not assume that your provider delivers the degrees of compliance and security that you require. Research, research, research any potential cloud provider. Read the service level agreements and don’t be timid about negotiating your SLA. Transparency is an essential quality that should be required. Audit rights can be built into a SLA to help ensure that a provider is able to comply with designated corporate security policies or industry and government regulations. A cloud provider is an active partner of your organization and you want a partner that is open and honest about ever evolving cyber security risks. In some cases, an organization may work with multiple cloud providers. Having someone on staff with the soft skills and leadership to work with and negotiate with your providers is essential.
2. PROPER AND DETAILED PLANNING IS ESSENTIAL
Before you begin a hybrid cloud implementation, your IT team must conduct a comprehensive review of your data and resources in order to determine what facets of your enterprise will be hosted in the cloud and what will remain grounded within the confines of your data center. Your data should be carefully assessed in order to determine its compliancy levels. Many organizations will insist on retaining data that must meet strict compliancy standards and regulations on-premise, while choosing to host less sensitive data in the cloud. If you are considering hosting compliant driven data in the cloud, you need to confirm that your provider can deliver full encryption for data—both at rest and in transit. In some cases, your data may constitute resource isolation. Even though your data is being hosted in a multitenant environment, resource isolation ensures that your data does not reside on any drives utilized by other customers.
3. DATA LOCATION AND REDUNDANCY
Undoubtedly you know the exact location of your data within your on-premise network, but that isn’t the case when your data resides in the cloud. This is where the issue of data sovereignty comes into play. Data sovereignty is a big issue. Microsoft just recently contested a three-year search and seizure case involving the U.S. government over email data that was hosted in an Azure data center in Dublin, Ireland that pertained to a criminal case in the U.S. In the end, a District Circuit court of appeals ruled in favor of Microsoft. Knowing where you data resides is critical as some types of data are required to reside within their country of origin due to government regulations. In most cases today, cloud providers are required to retain one copy of your data within your region.
Because your enterprise is now segregated into one or more segments, redundancy is critical. You can accomplish this by either:
- Replicating redundant copies of your data between your single cloud provider and your on-premise data center
- Ensure that your single cloud provider is replicating redundant copies of your data between multiple data centers within its own enterprise
- Utilize multiple cloud providers to create redundant copies of your data
Distributing your data amongst multiple data centers will mitigate downtime and possible damage if an outage occurs at any one data center. It is important to have direct knowledge of where the redundant locations of your cloud provider are located as well. Ask your cloud provider to divulge all possible locations your data might reside.
4. TAKE MEASURES TO PROTECT YOUR CLOUD RESOURCES
Any reputable cloud provider ensures that their physical infrastructure is secure and that they can provide separation between tenants and instances. They can also provide their customers with the ability to comply with corporate security policies and industry regulations. A cloud provider isn’t responsible for providing security of your resources in the same granular fashion that you perform within your on-premise enterprise. For instance, Amazon Web Services specifies that it is the responsibility of their customers to build security into their solutions. A cloud provider may offer you the ability to encrypt your data but don’t provide encryption themselves. Another example may be a web application consisting of a single or multi-tier server configuration. The cloud provider may ensure that a cybercriminal cannot physically access your server through its infrastructure, but doesn’t provide security protection for your direct web connection. In this case you may need to purchase a web application firewall device which will protect your website traffic through behavior analysis, decryption and layer 7 packet scanning.
In most cases, you are responsible for security configurations such as constructing your security policies, setting your firewall configurations and creating ACLs. You may also need to configure inbound/outbound security filters for your security groups. Any organization looking to extensively utilize cloud computing should designate one of their IT members as a cloud SME to ensure that all security measures are implemented.
5. PLAN YOUR MIGRATION AND CONNECTION
There are actually three components of a hybrid cloud model—the on-premise network, the public cloud and the connection area between the two of them, sometimes referred to as the entry point. Both the cloud and your on-premise areas may meet compliance objectives, but you also have to protect how the two areas work in cohesion with one another. This will often involve some type of gateway such as the vCloud connector utilized by vCloud Air.
The process of migrating your data and resources should be fully protected with encryption. This is usually done through a VPN connection. Some cloud providers may even provide a physical storage device that is encrypted and transported between the two of you in instances where the amount of data is extremely large.
6. WORK WITH AN IT SOLUTIONS PARTNER TO GUIDE YOU
There are a lot of factors when considering a hybrid cloud solution. It requires a diverse set of skills in cloud computing, cyber security, networking, virtual computing as well as business and negotiation. It can be difficult to find someone with this vast array of skills. It can be even more difficult to find someone who has experience in migrating to and managing a hybrid cloud environment. It is for these reasons that finding an experienced IT solutions partner with a thorough understanding of the hybrid cloud and its security concerns is essential for a successful hybrid cloud implementation.
Sources:
1. Forrester: Public cloud market will reach $191B by 2020. Rachel King, Between the Lines Blog, ZDNet. April 24, 2014. http://www.zdnet.com/article/forrester-publiccloud-market-will-reach-191b-by-2020/
