The IT professionals surveyed see the hybrid cloud as ultimately the ideal IT environment for the flexibility it affords to optimize cost, performance, and other variables on a per-workload basis. However, they expressed concern about security when it comes to things they run in the public cloud portion of the hybrid setup.
And though public cloud providers have instituted solid physical security measures and maintained documented, stringent standards for protecting their infrastructures from intrusions, high-profile attacks like the Capital One AWS data breach in 2019 remind us that no one is immune.
“Think of it like your garage,” said Mike Lloyd, CTO of Redseal Networks, a cybersecurity firm in Sunnyvale, Calif.
“If you’re running out of space, you could rent space from your neighbor’s garage, and this adds some flexibility. The trick with this kind of approach is to make sure ‘your’ part of your neighbor’s garage can only be opened by you. If you’re not careful…you may find that your stuff disappears.”
‘Hybrid’ Equals ‘Complicated’
Moving some workloads to the public cloud to create a hybrid setup isn’t the panacea many imagined it would be for on-prem security struggles.
“The public cloud threat landscape is vast, which I think people underestimate when it comes to cloud security,” said Harold Bell, cloud specialist and content marketing manager at Nutanix.
“Cloud adopters assume that security is the responsibility of the cloud provider, which can leave organizations vulnerable to internal attack vectors and human error.”
On top of that, the emerging hybrid cloud is new and can be complicated for IT departments used to running legacy infrastructure, according to Lloyd.
“Competitors that are building clouds all offer different services, with different complex details, and different skills required,” he said.
Competing management systems are one issue. Because each vendor innovates and builds its own management layer, effectively maintaining a hybrid environment means that “every IT organization has to become fluent in multiple languages at once,” according to Lloyd.
“It’s no simple thing to translate between all these languages,” he said.
Lloyd recommends getting the help of “network linguists”– people who specialize in understanding and comparing the different network management interfaces to each other – to ensure that no cracks appear in enterprise management and security policies across cloud borders. It often requires bringing in their technology and automation tools to help with monitoring.
Collaborate on Strategy
This type of collaboration could be especially important, given that 58% of CIOs surveyed by McKinsey Digital for an August 2019 hybrid cloud report said that IT talent gaps have caused them to fail to meet agility objectives associated with cloud migration.
Bell, too, stressed the importance of working with a trusted advisor or technology partner to help plan effective internal security strategies over time.
“Make sure you’re staying up to date on security trends: cloud security, access management, logging and auditing,” he said.
“You can’t just purchase a tool and expect that your security posture [is set],” said Bell. “You have to have rules and procedures in place to account for human error. If you leave too much room for human error, [security] will erode.”