Hybrid cloud models are being adopted by businesses as a way to manage their data. When changing your data management model, you must re-examine your security practices to keep them up to date. Security should be a prominent focus when updating your cloud model; otherwise, you may be allowing new risks to slip through the cracks without being aware of them. We’ve put together some tips on what to be wary of when switching to hybrid cloud.
Perimeter Security Doesn’t Hold Up
Unlike traditional security strategies, hybrid cloud makes use of on-premises data center infrastructure, as well as public and private clouds. Using a perimeter security method won’t work as well because the shift in what “the perimeter” is has been so drastic.
David Emerson, VP and deputy CISO at Cyxtera stated, “IT leaders need to understand that their carefully defined and maintained network perimeters are no longer sufficient. Hybrid cloud is becoming the new normal for enterprise infrastructures, and those enterprises must adapt, rather than fight change and insist on traditional security measures.”
Larger Threat Surface Area
Though using hybrid cloud brings flexibility, it also means that your data is being moved throughout public and private clouds, and on-premises infrastructure. Running your data across different platforms results in your “attack surface [being] distributed, boundless, and ever-changing,” according to Brajesh Goyal, VP of engineering at Cavirin.
When making the switch to hybrid cloud, traditional security repairs go out the window. This is because you aren’t dealing with a standardized infrastructure anymore. The flexibility that hybrid cloud provides gives users access to different environments, but this difference produces risk.
Stay on Top of Your Security
It’s easy to give a cloud provider control of your data and simply trust them blindly. However, cloud providers do not necessarily have any security measures in place to guarantee your data will be protected. You can give your cloud provider some responsibility for covering risk, but doing that may not actually protect you.
In the words of Brian Wilson, CISO at SAS, “you need to be diligent about keeping your providers accountable for their controls. How do you know they will never have access to your data unencrypted? And can they confirm that it is possible without you paying extra or requiring you to go through a cloud access security broker? Make sure the details are spelled out in your contracts and review those contracts and vendor policies regularly.”
When used correctly, hybrid cloud can provide flexibility and better security than traditional infrastructure. Though hybrid cloud creates a need to update your security procedures, the long-term benefits that come from putting the effort into deploying it are worth considering.