There’s no doubt that organizations are moving to the cloud faster than ever. In a recent ESG study, 75% of organizations reported they currently use public cloud services. And why not? Cloud adoption delivers many benefits to help enterprises achieve their business objectives, such as reduced costs, greater agility, and enhanced scalability.
So what are the associated risks? When sensitive data is moved or stored in the cloud, it introduces visibility, control, and regulatory challenges for the enterprise security and compliance teams. In fact, Intel Security’s cloud adoption survey found that 44% of respondents believe their data is less secure in the cloud.
Fortunately, risks can be mitigated by following best practices and useful guidelines to make cloud adoption more data-centric with better protection. When looking at securing hybrid clouds—traditional IT infrastructure, public clouds, and private clouds—organizations should incorporate these five security considerations:
1. Gain Visibility
With public cloud, it’s easy to rent computing and storage space in a matter of minutes. This agility is one of the great attractions of the cloud, but it also poses a visibility and control challenge to corporate IT, since business users can deploy cloud solutions without IT’s awareness. Our cloud security report discovered that fewer than half (45%) of respondents claimed they had visibility into shadow IT SaaS deployments, while only 42% said the same about IaaS-based shadow IT. IT needs to deploy security solutions that provide visibility into the cloud to then be able to apply security policies and therefore protect the business. The goal should be to encompass shadow IT services to better support the organization’s mission; seeing these services is the first order of business.
2. Establish Workload-Centric Security
Hybrid clouds are a mix of several types of clouds and can include customer and third-party managed infrastructure. Since the traditional perimeter no longer exists in our highly mobile and cloud-enabled world, traditional perimeter security controls can’t provide the protection you need. Supplementing perimeter and network security with a workload-centric model will help close the visibility gap and allow deployment of policy-based controls for better security coverage.
3. Introduce Automation
If your security operations team is like most, they’re finding that efficiency is hard to maintain as staffing remains flat but workload has increased. In a recent study, 46% of organizations said they have a “problematic shortage” of cybersecurity skills, and one-third of those respondents said their biggest gap was with cloud security specialists. Securing your hybrid cloud infrastructure with automation provides a big win for operational efficiencies while also improving your corporate security posture.
4. Incorporate Asset-based Security Controls
Identify the security, privacy, and compliance priorities for a particular system and deploy accordingly. Your policy shouldn’t be one-size-fits-all.
5. Adopt Integrated Security
Our cloud security report found that the average organization uses 43 different cloud services, but only 35% use an integrated solution for managing security across all of those services. By definition, hybrid clouds are heterogeneous, so a universal policy will not work. Instead, adopt a security framework that makes it easy to integrate multiple security functions into day-to-day processes. An integrated approach minimizes the opportunity and impact of emerging attack tactics and reduces the complexity of securing your hybrid cloud infrastructure.
One thing is clear: “cloud first” is the new norm. Getting a handle on the risks means putting security at the center of your procurement, deployment, management, and compliance processes.
Enterprise Strategy Group does a great job laying out steps for securing the hybrid cloud in their new whitepaper, expanding on these considerations, providing essential guidance, and recommending solutions.