Enterprises are wasting little time in their transition to cloud computing. A recent study commissioned by Intel Security found that found that 80% of IT budgets will be allocated to cloud computing over the next 16 months. Hybrid deployments account for nearly one-fifth of enterprise cloud environments, a number that\u2019s very likely to rise as organizations speed deploy a broad and deep mix of cloud services.\u201cEnterprises get the best of both worlds with hybrid cloud services offering the flexibility of private and public cloud services,\u201d said Scott Schober (@ScottBVS), President & CEO of Berkeley Varitronics Systems.But this rapid transition presents new types of security risks.\u201cFrom automatic updates to zero-day threats, hybrid environment security vulnerabilities are inevitable,\u201d said Robert Siciliano (@RobertSiciliano), CEO of IDTheftSecurity.com. \u201cThere will always be gaps in security due to the complexity of these systems, regardless of ongoing assessments.\u201dWe asked Schober, Siciliano, and other IT security experts for tips to help security teams stay on top of the rapidly evolving threat landscape as organizations embrace the cloud. Here\u2019s what they had to say.1. Integrate up and down the stack \u2013 and across deploymentsThe Intel Security study found that the average organization uses 43 different cloud services. But just 35% use an integrated solution for managing security across all of those services.\u201cSecurity risks arising from hybrid cloud systems are fairly common in organizations [that] typically develop private cloud systems initially and then expand by moving components into the public cloud,\u201d said David Waterson (@DavidLWaterson), founder and CEO of data security company SentryBay.No wonder, then, that security considerations for hybrid cloud environments need to center around integration.\u201cOrganizations need to ensure that security between public cloud and private cloud is compatible,\u201d said Waterson. \u201cHybrid systems introduce complexity into compliance issues \u2013 the minimum standards met between the public and private clouds should satisfy compliance requirements.\u201dIntegration requires visibility across the entire environment \u2013 public, private, and on-premise \u2013 along with the proper tools and policies that ensure consistent levels of protection.\u201cIn order to keep hybrid cloud environments truly safe, it is essential that IT use encryption that works seamlessly across both private and third-party platforms,\u201d said Schober. \u201cSince the exchange of data between public and private servers is critical, things like encryption become paramount in order to secure that data.\u201dYou\u2019ll also need consistent policies and tools up and down your technology stack, working with cloud service providers to deploy the latest techniques in critical areas such as user identity and access management.\u201cOne way of increasing security is implementing multi-factor authentication access technologies,\u201d such as two factor-password and text message with a number or biometric identifier, said cybersecurity and legal consultant Bradley Shear (@bradleyshear). \u201cThreats are constantly evolving so vigilance is key and the ability to quickly respond to these emerging issues is paramount.\u201dSanjay Katkar (@sanjaykatkar), CTO of Quick Heal, recommends focusing on application security. \u201cIT security staffers should make sure the applications that are being deployed have gone through penetration testing and [have the proper] encryption, authentication and authorization,\u201d said Katkar. \u201cThis is very important when preparing for handling targeted attacks, especially if your applications [are handling] sensitive data.\u201dCameron Brown (@AnalyticalCyber), a cyber defense adviser, also cited the importance of penetration and vulnerability testing, with a focus on testing both internal and external elements of the cloud infrastructure.\u201cIn this way, dependencies can be evaluated over time, with discrete security controls measured for effectiveness and adapted elastically to cope with evolving risks,\u201d said Brown.Integration does not represent a new approach to security \u2013 it\u2019s more an extension of existing best practices across a hybrid environment.\u201cThe same issues apply to hybrid, pure play cloud, and on-premise systems: Protect and survive,\u201d said technology consultant Stephen O\u2019Donnell (@stephenodonnell).2. Protect in real-time \u2013 and never stop learningKeeping on top of the risks and rapid changes in cloud technology requires \u201can agile, real-time approach to security, incorporating it into the very fabric of the change management process as a critical core component,\u201d said Will Lassalle (@wlassalle), CIO of JLS Technology USA. \u201cThis mindset will enable a continuously secure and compliant environment. Gone are the days of just becoming compliant right before an audit or being reactive to incidents.\u201dBecause cloud technologies \u2013 and related security practices \u2013 are evolving so quickly, security professionals need to rely on a variety of third-party resources to stay abreast of the constantly shifting threat landscape.For example, the Computer Emergency Readiness Team Coordination Center maintains a database of vulnerabilities associated with the most common IT products, said cybersecurity professional Brett Miller (@DrBrettAMiller). In addition, Miller said, most vendors provide information relating to the vulnerabilities associated with their specific products. He also suggests subscribing to any number of blogs and webinars that cover security topics.Chuck Brooks (@ChuckDBrooks), a corporate executive, public speaker, and author, advocates a similar broad-based learning approach. \u201cIn a cybersecurity threat state of flux, information gathering is vital for any IT security team from a variety of sources,\u201d said Brooks. He recommends subscribing to US\/CERT alerts and participating in organizations such as CompTIA and SANS, which offer updates and training.\u201cFinally, do not underestimate the utility of social media for discovering the latest on threats and analysis,\u201d Brooks added. \u201cMany of the top people in the industry post on LinkedIn, Twitter, and hundreds of specialized social media groups.\u201dIT consultant Duane Baker (@DBaker007) suggested that security teams are offered \u201ccontinuous access to professional development and opportunities to share experiences and techniques with their peers.\u201dMiller recommends that cyber professionals attend at least three weeks\u2019 worth of training annually.\u201cThis can be hard for some organizations to swallow,\u201d he said, \u201cbut if an organization wants to protect its own along with customer and partner data, then the training of security professionals needs to be made a priority.\u201d\u00a03. Be a team playerAs mentioned earlier, ensuring end-to-end security requires visibility across public, private, and on-premise systems. Such visibility requires communication and collaboration with both internal and external stakeholders.\u201cGood security is a team event,\u201d said Baker.\u201cIf you have any hope of staying ahead of the threats that are going to be presented through the journey of hybrid cloud adoption, you must learn that IT security staff cannot do it alone,\u201d said Corey Elinburg (@celinburg), chief cloud security architect with United Health Group. \u201cThey are amazingly capable but finite creatures in an almost infinite world of new technology.\u201dFor starters, security teams need to be in sync with their colleagues in IT to ensure that security is a ground-up consideration for any new cloud initiatives.\u201cFree-flowing communications with all IT departments in regards to security protocols, updates and emerging trends allows for the customer to stay on top of what might be a new risk and ahead of what is the next threat,\u201d said Siciliano, the IDTheftSecurity.com CEO.Many organizations are concerned that overly restrictive security practices will stifle innovation. That\u2019s why security teams \u201cmust become unified in purpose and in practice\u201d with IT innovation teams, said Elinburg. His advice to security leaders: \u201cDon't resist that, embrace it. Become the innovation leader so you can set the terms of adoption, not struggle to manage the terms that were set for you.\u201dIT security and software engineering departments are not as tight knit as they need to be, according to Ralph Rodriguez (@ralphopinions), founder and research fellow with Blue Hill Research. He suggests having a sponsor or advocate from each side attend the opposite\u2019s meetings related to data security in the cloud.\u201cThe IT [security] sponsor needs to understand what software services are being deployed in this cloud and how the dev team is protecting this data,\u201d said Rodriguez. \u201cThe dev sponsor needs to understand the tools and systems being used to monitor threats. This cross-pollination is a key step in protecting your ever-growing cloud.\u201dSecurity teams also need clear communication with cloud service providers, assuring that the right service-level agreements are in place and that the lines of shared responsibility for assets, applications and infrastructure in the cloud are clearly articulated.\u201cCollaboration between the provider and the customer is essential,\u201d said Siciliano.What would you add to this list? Add your comments below.