Hybrid cloud environments require a new security playbook – here's why

By Massimo Bandinelli, Aruba Enterprise Marketing Manager.

  • 1 year ago Posted in

The popularity of hybrid cloud is exploding, with the global market for this technology set to rise to $145 billion by 2026. For businesses, hybrid cloud environments bring numerous benefits in terms of agility and scalability, as well as driving cost efficiencies. But when it comes to security, hybrid cloud requires a specific approach to keep on top of possible vulnerabilities, due to the flow of data from both public and private environments.

Not all IT decision-makers realise that protecting a hybrid cloud environment demands a different set of considerations than say, securing their public cloud solution. For instance, businesses going down the hybrid cloud route should pay special attention to protecting data in flight, ensuring supply chain security and even preventing physical security breaches.

Let’s take a closer look at why addressing these security risks is particularly crucial in hybrid cloud environments.

Protecting data when it’s in motion

Data is at its most vulnerable when in motion (being transported either within or between systems). It’s at this point when businesses are most likely to suffer ‘man-in-the-middle' attacks, ransomware and data theft.

If they’re not configured correctly, hybrid cloud environments are particularly vulnerable to these threats. That’s simply because data moves between different systems and environments more frequently in a hybrid set-up.

The answer? Encryption. Converting data into an unreadable format before it’s either transferred or stored in the cloud is a no-brainer – especially for businesses handling sensitive personal or financial information. This way, even if bad actors manage to successfully access the data, it remains unintelligible.

It’s also widely accepted that simply having encryption in place can make businesses a less attractive target for cyber criminals – as criminals know that they won’t be able to use stolen data, even if they do manage to exploit a vulnerability.

Supply chain security

Hybrid cloud environments often include software applications from multiple vendors, working together in a complex, integrated ecosystem. This has created a lucrative opportunity for cybercriminals, who are targeting SaaS/IaaS/PaaS vendors with the aim of accessing their customers’ networks. This is known as a ‘supply chain attack’.

Think about it this way. Why would a criminal spend time trying to steal hotel keys from individual guests, when they could steal the cleaner’s master key and gain access to hundreds of rooms? The same logic applies here. One successful vendor breach can offer a ‘master key’ to thousands of end-users.

Businesses implementing hybrid cloud infrastructure should be aware of supply chain attacks. In general, the best way to prevent these is to adopt a zero trust architecture – which works on a ‘never trust, always verify’ model. And to give all users the bare minimum level of system access

required to do their job. As well as this, businesses can make use of strong authentication to better protect their systems from attacks and exploits.

Physical security

Hybrid clouds are made up of a patchwork of the following environments – public clouds, private clouds, on-premises data centres and edge locations. Businesses shouldn’t forget that all these environments need to be physically, as well as virtually secured. The fact is that data breaches do occur outside of the digital sphere. The physical insertion of ransomware, which can lay can remain unnoticed until activated at a later stage, is a prime example of this.

Data centre providers tend to have robust security measures in place at their facilities – such as biometric authentication, CCTV, anti-intrusion sensors, and bollards. But this level of diligence doesn’t extend to many on-premises facilities, which tend to be more vulnerable.

And so much more...

Of course, there’s a huge range of security considerations for businesses to bear in mind as they implement a hybrid cloud infrastructure. Fundamentally though, with the right strategy in place - such as network segmentation, regularly run VAPT, and usage of EDR software - businesses should be aiming for a higher level of security than with their existing on-premises or public cloud infrastructure.

Looking forwards, we can expect to see the emergence of more managed service providers that specialise in helping businesses secure their hybrid cloud infrastructure. As a cloud provider, we’re already seeing growing demand for this among our enterprise customers.

By Terry Storrar, Managing Director at Leaseweb UK.
By Dave Errington, Cloud Specialist, CSI Ltd.
By Rupert Colbourne, Chief Technology Officer, Orbus Software.
By Jake Madders, Co-founder and Director of Hyve Managed Hosting.
By David Gammie, CTO, iomart.
By Brian Sibley, Solutions Architect, Espria.