How to defend the hybrid cloud

If you are looking to move to a hybrid cloud you often hear that it is still an issue when it comes to lack of security or because of compliance problems.

Certainly, cloud-based servers can be less secure than on-premises servers. But that doesn’t always have to be the case: a lot depends on how your servers are configured, what kinds of monitoring tools you are using to ensure that they aren’t breeched, and whether your applications have built-in security or not. The same is true when it comes to compliance.

Maybe the reason why this perception continues to plague the cloud world is the well-publicized security breeches over the past several months. But that is more about insecure Web applications, or bad password policies, or lax network intrusion detection, than anything to do with the cloud itself. Some of these exploits are so old that that pre-dates the birth years of the teen hackers that are using them: remember when SQL injection was first an issue back before 2000?

And there are cloud environments that can be more or less secure, depending on how they are configured, who has access to them, what kinds of encryption methods are used to protect their data and the sensitivity of the data itself. Here are some pointers on how to make your clouds more secure:

  • Employ a cloud management platform. This can help understand where your exposure is and what you need to do a better job with locking down virtual resources. Ideally, your management tool should be able to examine the hybrid cloud and understand how to make adjustments to both physical and virtual resources and workloads, and automate the provisioning and deprovisioning of your entire hybrid infrastructure. This kind of tool also helps to address regulatory compliance requirements and establish security hardening guidelines that can make a decisive difference.
  • Understand your access controls to all cloud-based resources. Back in the days when the mainframes ruled, it was easy to enforce who had access to what data. That needs to be the case with the cloud. In many cases, this access is an all-or-nothing proposition, meaning that once a user authentications themselves to their cloud, they have the freedom to roam around at will, starting and stopping various VMs and causing all sorts of damage. This can be a compliance nightmare, which is why some cloud providers now offer more granular access to their resources. There are a variety of tools that can help improve your security posture of your VMs too.
  • Know how much of your cloud infrastructure is redundant. There are many cloud providers that offer independent and geographically distinct data centers and have ways to duplicate data among them so that your infrastructure will remain running even if one of your cloud data centers fails. This is just good security practice. You pay a bit more for this feature, but it can be worth it.
  • Make your Web-based applications more secure. Certainly, the least secure aspect of any cloud deployment is your Web applications and how they are connected to the rest of your cloud-based infrastructure. The challenge is being able to virtualize as many of your protective devices as you have for your on-premises servers, such as load balancers, intrusion prevention appliances, firewalls, and other gear. The major cloud providers are beginning to add these tools to their list of services so that IT developers can migrate their applications over to the cloud and still maintain the level of security that they have come to expect with the ones running inside their own data centers.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.