Best-of-breed security for hybrid clouds

Wouldn’t it be great if you could make a fresh start with your organization’s IT infrastructure? Unfortunately, unless you’re a start-up, most enterprises don’t have the luxury of starting with a clean slate. Instead, the majority of us have to make the most of a hybrid of legacy apps and existing investments with new cloud deployments to keep pace with business demands.

A recent survey by Verizon and Harvard Business Review highlighted this issue. It found that 63% of organizations are pursuing a hybrid cloud approach to improve their competitiveness, yet a third (32%) were struggling to integrate cloud with other systems.

For many organizations, their IT infrastructure will continue to be made up of a mix of public cloud, private cloud and on-premise, “legacy” applications and services for several years yet. Instead of a wholesale move to the cloud, businesses need to better manage what they already have and to strike the right balance between costs, control, business agility and security. The good news is that hybrid cloud models allow organizations to pick and choose the elements that matter most to them – enabling the management benefits and close control of private clouds alongside the agility, extensibility and cost-efficiency of public clouds.

Cloud concerns
But there is a price to pay. Security concerns around moving data beyond IT control keeps many organizations from fully embracing the cloud: they want to keep their data private, protect themselves from cyberthreats and securely connect their clouds with their traditional ‘on-premise’ network, all while maintaining compliance with regulatory mandates. It’s no surprise that the Verizon survey found that the biggest barrier preventing organizations from going deeper into the cloud was security (35%).

Part of the challenge is that premise-based security solutions weren’t built for the dynamic and elastic nature of cloud environments, and don’t easily extend into it. Cloud security knowledge also remains limited in many organizations, which drives enterprise and IT leaders to seek trusted external partners to close the gaps between security and agility. Microsoft Azure, for example, is a unified, multi-tenant platform using a shared infrastructure to support millions of organizations worldwide simultaneously with public and hybrid cloud services for a range of enterprise use cases. However, while Azure offers a secure infrastructure and cloud fabric, this is just one aspect of the bigger security picture.

Like all public providers, Microsoft utilizes a shared responsibility model for cloud security. This approach defines where the balance of responsibility lies between protecting the cloud infrastructure (incumbent upon the cloud provider) and protecting the data that resides in the cloud (incumbent upon the customer). Thus, organizations moving data and workloads to public and hybrid environments are responsible for protecting their data from malicious exploits, malware and other sophisticated attacks.

As such, to deliver comprehensive, best-of-breed security in a hybrid cloud environment, enterprises need to consider four key principles:

Visibility matters
All information security starts with visibility. Organizations deploying hybrid clouds, as with other environments, need comprehensive, real-time visibility into 100% of their data and traffic flows. Cloud environments vastly increase the amount of lateral east-west traffic within the virtualized datacenter. In turn, this means that traditional perimeter security appliances no longer provide adequate visibility, because a great deal of traffic simply never crosses the network edge. As such, security solutions for hybrid clouds have to be able to inspect and enforce security policies for east-west traffic within the virtualized environment.

Attacks are growing in sophistication and frequency
Cybercriminals employ a vast range of sophisticated attacks, which are continually evolving. In a hybrid environment, they can infect one system or instance on the virtualized network, and unless the virtual network is properly zoned, can then move laterally from machine to virtual machine. Critical data may be compromised and extracted without you ever noticing.

Malware and zero-day exploits are also a significant problem. Cybercriminals are able to tweak existing malware just enough to bypass traditional, signature-based antivirus protections, meaning that advanced sandboxing and threat prevention techniques that inspect traffic for malicious content, and can stop threats moving laterally, are crucial.

Micro-segmentation with advanced threat prevention
Both of the previous principles are linked to the vast increase in lateral, east-west traffic generated by virtualized environments, which places far greater demands on security solutions and also means that cybercriminals have more places to hide. To deal with this, cloud environments need to be split into smaller segments, each with its own set of protections enforced at ingress and egress points. Resources should be logically grouped together and specific security policies applied to the communication between those resource sets. This prevents malicious parties from jumping from one machine to the next, and enables granular visibility into east-west traffic. Micro-segmentation is a core element of effective cloud security.

Dynamic policy management
To keep up with the elastic nature of the hybrid cloud environment, it is vital that any security solution is similarly elastic. Manual management of security policies will rapidly become a security bottleneck. Automating the provisioning of new security policies and management of existing ones is absolutely essential. Automated workflows and orchestration don’t just support the cloud’s elasticity – they also minimize configuration errors and thus shore up the overall security posture too. Finally, this automation needs to be managed through a common policy and reporting engine, offering a single pane of visibility and control across your premise-based and hybrid cloud environments.

By following these four key principles, organizations can keep security front-of-mind as they embrace a hybrid cloud strategy – and maintain a consistent, strong security posture.