Ticking bomb #sprawl! 3 ways to combat it now

Understanding how hybrid cloud economics changes behavior – snapshotting in particular – and how that results in unintended security exposure, both on-prem and in the cloud. But first, an easy to understand analogy about home ownership and how that sprawl leads to security issues as well and then dovetailing into the hybrid data center.

Dave Herholz via Flickr/Creative Commons

Let’s say you have a very nice home with upscale furniture, a ‘connected’ digital ecosystem and the most important assets – your significant other, kids and a dog.

With me so far?

And smart you – for having invested in a modern alarm system for deterring invaders, an advanced firewall, malware protection etc. for defending the ‘connected’ things and have inculcated best practices in your family (and dog) to watch for suspicious activity and strangers and report the same.

Whew! That sounds like a lot doesn’t it?

Let’s make things a little more interesting. Let’s say you had two houses – the second being a mirror image of the first (minus another family as I am not advocating polygamy) And then something unimaginable happens – let say you have the power to clone your primary residence into your second, third, 100th  “backup” house periodically - daily, weekly, monthly based on preference and over a period of time you become the czar of many houses.

Maps flyover of NYC Apple

But why would you do it – good question? In the event of an emergency, in a flash you can migrate to any of the backup houses.

What emergency?  For instance, lets’ say you had major water damage or termite infestation or worse still your house got ransacked and you lost everything. Instead of dealing with contractors, insurance, migraines – you move to a backup and life continues seamlessly.

Yes, the cost of maintaining these backup houses is an important consideration . But there is another important aspect that you may very easily miss in this ownership frenzy. How about the security of each of these backup houses? #OhNo. Because now you must deal with protecting not just the assets in your ‘living’ property but all these backup houses since they have all the same assets as the primary, right?

Now let’s turn our sights to the hybrid enterprise data center.

Just over a decade ago, when the data center was still ruled by hardware – monolithic entities like app servers, routers, firewalls – you may have had a good grasp of the inventory. Where and what – you probably had labels on the physical boxes, as well as tags on your operations console, to uniquely identify them. And yes, you probably had a disaster recovery site with a mirror image to take over in the event of an outage.

Recall – this is analogous to the picture we drew earlier of you – the house owner – with one or two houses to protect – and a reasonable handle on how to do it. But then something happened over the past seven or eight years called SDDC or Software Defined Data Center – where software started taking over from the hardware monolithic platforms.

Nothing wrong with that – it drove costs down, stimulated innovation and you had reusable general purpose hardware that could house any virtual function - app servers, routers, firewalls . And with increasing density of virtual machines (extending to containers today) on the same hardware – you were having it all.

But along with this flexibility came the ability that the Enterprise admin never had in the hardware dominated world. That is #Snapshotting. Simply put – it was the unique action to literally take a snapshot of your entire virtual ecosystem and preserve it in a backup. And when there was a need to roll back to a previously backed up image, it was a quick action and done. (If you asked why - remember #WannaCry which encrypted your systems and held you hostage for ransom? If you could thumb your nose to the attacker and quickly go back to a safe version...that alone is a very good reason.)

So far so good.

But there were two transformations that accelerated the frequency and use of #Snapshotting 1. The costs of storage – both on-prem and especially in the cloud – started to plummet and 2. The frequency of attacks (or equivalently an admin error) started to increase. So you started doing #snapshotting more often than before. Maybe weekly to daily to hourly!

Again, going back to the homeowner analogy – this is you increasing your real estate footprint from 2 to 10,20 …1000 houses – likewise hundreds of thousands backups.

cloud backup

And therein lies the problem. While the best of breed security solutions – network, VM, hypervisor – all  ‘protect’ these live images, that’s where the action is and interest is. But, it’s another story for the backed-up snapshots that present an ever-increasing danger, since they have potent information that an attacker (or an admin asleep at the wheel) could use to compromise your enterprise. And this risk surface only increases all the time as more snapshots are added continually.

To exacerbate, these images can be everywhere – on-prem, in the cloud ….Is that enough to wake you up and say ‘Oh #$@#”. If so,  #MissionAccomplished. Not so fast. We haven’t even started talking about what you can and should do today about this.

The answer – actually 

three check marks blackboard list Thinkstock
  1. Identify risk in your hybrid cloud                     
  2. Take remediation action across hybrid cloud
  3. Update proactive processes in hybrid cloud

Each of these topics deserves a separate blog  and we will cover them individually in the future.

This article is published as part of the IDG Contributor Network. Want to Join?

New! Download the State of Cybercrime 2017 report