Data is everywhere. It has to be, in order to keep your business moving forward. There can’t be boundaries or limits – it must be accessible anytime, from anywhere, so you can do all you need to do, at all times.
To accommodate this ubiquity, data centers have been transforming, moving more and more workloads from on-premises sites to public cloud environments, such as those provided by Amazon Web Services, Microsoft Azure and Google Cloud. An Intel survey found that hybrid cloud adoption grew three times in the last year, from 19% to 57%. According to IDG, organizations on average will invest $1.62 million on cloud computing – 43% are planning to move data storage/data management to the cloud in the next three years.
A hybrid data center deployment can improve the scale, availability and efficiency of your overall environment, but it can also introduce security challenges. To provide access to all your information and applications, your on-premises data center must integrate seamlessly and securely with any public cloud technology.
But how do you maintain security across environments you don’t have complete control over? Many believe it is the cloud provider’s responsibility – new research from Veritas revealed that 69% of organizations believed that their “cloud provider takes care of all data privacy and compliance regulations, as well as protecting [their] data in the cloud.”
The reality is much different – securing data in a public cloud is the responsibility of your cloud service provider AND you. You need to work with your public cloud service provider to maintain the integrity of your security, privacy and compliance stance. To accomplish this, you will need to establish the configurations you want to secure your private and public cloud environments, while your cloud provider will need to build security into the cloud itself.
We, at Cloud Harmonics, have been working with our channel partners to develop a common framework that can be used to maintain security across on-premises and cloud environments. We have been focusing on developing general tenants that eliminate the cloud silos that make it hard to apply consistent technologies, policies, and processes, as well as applying automation whenever possible to reduce the potential for human error.
You may have heard Palo Alto Networks describe their “one-cloud” approach, which is their version of the framework. It defines which “applications and data can go to the cloud,” where data can move among different cloud service types, and “who can access which types of data.” We can help you bring this framework to life with our portfolio of next-generation technologies, supported by educational and hands-on training opportunities, and customized services that can help secure your data across your on-premises and cloud data center environments.
- Ensure you are leveraging the native security features of your Infrastructure as a Service (IaaS) Cloud Provider. Gartner predicts through 2020, public cloud IaaS workloads will suffer at least 60% fewer security incidents than those in traditional data centers. Why? Because many IaaS providers have done a good job of building security into their infrastructure. Take a look at the services they provide (e.g. data encryption, network encryption, access control, vulnerability assessments, anomaly monitoring, auditing and identification, etc.), as well as the conditions and guarantees of those services, to figure out where you are covered and where you have gaps you are going to need to fill.
- Add security solutions to your stack that give you the visibility and controls you are looking for over your applications. Look for solutions that fit the requirements of the application and can be used on-premises and embedded in your clouds or CPE equipment for consistent deployment. Examples of key solutions include next-generation firewalls, web application firewalls and threat prevention technologies. According to Gartner, “60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures.”
- Extend the principles and policies you have been using on-premises to the cloud to ensure ubiquitous enforcement. For example, security policies should be implemented to provide traffic segregation between network segments, as well as inspection for threats, such as malware or vulnerabilities. Micro segmentation, role-based access control, least privilege implementations, etc. should all be implemented in the cloud just as you would on campus.
- Establish a consistent change policy process to maximize the efficacy of your efforts and minimize the chance of error. Security controls, whether physical or virtual, are meant to implement the defined rules of your organization’s security and acceptable use policies. Making sure that the security controls you choose implement these policies properly is paramount to maintaining a consistent security stance.
Sharing the responsibility for the security of your resources and operations across your on-premises and cloud environments will enable you to achieve a strong security position, today and in the future. For help, please reach out at firstname.lastname@example.org.