Is the Hybrid Cloud Harder to Secure?

Posted by Massimo Ferrari   |   Friday, March 13th, 2015

This is a guest post by Debra Shinder.

Cloud computing isn’t just the Next Big Thing – it’s already here and going strong, with more and more small, medium and large businesses moving some or all of their assets into a cloudified environment. But even with the momentum that the cloud currently has, there are still many organizations that harbor reservations about the idea of putting the applications and data that their users need to do their jobs “out there.”

Especially in Europe, security concerns are still keeping companies from making a commitment to the cloud, with European experts saying, as recently as February 2016, that cloud security still needs a lot of work before it’s ready for prime time. Some of those worries have gradually eased over the past few years, with studies that indicate that moving to the cloud can actually improve a company’s security stance.

Nonetheless, security remains one of the top obstacles to adoption of the cloud, according to a study that was recently published by the Cloud Security Alliance (CSA). Many decision makers, particularly those whose organizations are in regulated industries, are still wary of the ability to protect sensitive data and demonstrate compliance.

In fact, fear of the security risks (both real and imagined) of the public cloud has been one of the driving forces behind the popularity of an alternative solution by which companies can reap the cost benefits and other advantages of cloud computing while retaining more control over security: private cloud.

However, some companies that rushed to embrace it are discovering that private cloud is no panacea. Private cloud can cost more and it’s less scalable than the public cloud. A public cloud provider can offer resources on demand so that you don’t have to overbuild your infrastructure to accommodate temporary needs. In addition, they can usually offer better redundancy and thus reliability along with the lowered costs that come from economies of scale.

Of course, what you really want is the best of both worlds – and that means a hybrid cloud. In fact, it’s this desire to combine the benefits of both the public and private cloud that has led to the rising popularity of hybrid cloud solutions in today’s business world. But what are the security implications?

It’s common wisdom that complexity is an enemy of security, and a hybrid cloud environment is almost always more complex than a private-cloud-only or public-cloud-only solution. Does that mean it is going to be more difficult to secure a hybrid cloud?

It can be. Certainly you have to be more diligent, particularly when dealing with regulatory compliance issues, to be able to document compliance in both the private and public sectors of your cloud environment, and you also have to be able to show that data is protected when and if it moves between the two clouds.

Because the network infrastructure is more complex, encompassing two clouds, issues such as authentication and identity management have to be coordinated so that the same controls are in place in both clouds. Integrating the security protocols and mechanisms for the two can be a challenge for administrators who are inexperienced in dealing with a hybrid environment. This is because control over security is divided between the on premises network and the public cloud provider’s network, and the multi-tenant nature of the public cloud network can further complicate matters in terms of incident response.

Luckily, the security risks that are inherent in the hybrid cloud can be overcome. There is plenty of help available in the form of documentation to get you up to speed on making your hybrid cloud environment secure without sacrificing any of the benefits of public and private cloud computing. To get you started, check out this introduction to securing a hybrid cloud over on the CloudComputingAdmin web site.