5m read time
Cloud computing adoption accelerated dramatically and evolved during the COVID -19 pandemic – but so have the security threats that businesses must combat.
Most organisations now use more than one type of cloud computing. Businesses use privately-owned cloud infrastructure, public cloud (which is shared by businesses) and then combine this technology with more traditional on-premises solutions.
Hybrid, multi-cloud, and edge computing environments are growing, according to research company Gartner, setting the stage for new distributed cloud models.
It forecasts that end-user spending on public cloud services will reach $396 billion in 2021 and grow 22% to reach $482 billion in 2022.
By 2026, it predicts, public cloud spending will exceed 45% of all enterprise IT spending, up from less than 17% in 2021.
The hybrid approach to cloud computing can have multiple benefits including improving customer experience, helping to control the cost of ownership of the technology and increasing growth, according to European research commissioned by Dell Technologies and VMware.
Bart Mellenbergh, EMEA Director of Customer Centric Cloud & Containers at Dell Technologies, says a multi-cloud setting allows companies easy access to all of the different services available in a set of public clouds while electing to use on-premise functions to deliver other specific services.
He says: “This is really about using well-governed cloud platforms in an appropriate way that gives you choice and opportunity to innovate quicker and more effectively without having to relinquish control of your service levels or indeed, your data.”
However, securing a patchwork of cloud technology can be tricky:
Security risks for hybrid cloud computing include distributed denial of service attacks (when cybercriminals flood an IT system with cyberattacks, overwhelming it), data leakage, malicious insider, poor encryption (when data is transported between clouds) and lax perimeter protection.
Security breaches come at a growing cost − financial and reputational.
The cost of a data breach to organisations was 19% higher if the breach was during a cloud migration project, the same research also found.
So how can CIOs minimise the security risks of the hybrid cloud?
Challenge one: Assess your cyber security risks
Identify unknown or undetected risks in workloads and speed recovery by building resilience into cloud workloads. Simplify security by unifying risk mitigation across workloads, endpoints and containers. Aim to discover all cloud workload risks—from all angles and attack vectors—and use a common system of record to manage them.
“In a hybrid cloud the ‘attack surface’ potential gets larger,” says Mellenbergh. “In the simple example of an on-premise infrastructure using one or more public cloud services, there is an additional networking component connecting the on-premise system with the public cloud(s).
“The components, and the surface they expose for cyberattacks, are not that different from a local system but there are just more ‘entry points’.
He adds: “For example, the WAN connection that is now needed to run a hybrid cloud software system allows the on-premise system to be attacked from outside the corporate firewall. In addition, it is not possible to just secure components and expect that the full system will be protected once components are connected to a system. There will always be connections (and often ‘invisible’ WAN networking components) needed to build that system from its constituent components - they need to be secured as well.”
Challenge two: Streamline your cloud security
Keep it simple. The goal is to deploy unified security designed for the cloud and applied uniformly, regardless of where the workload is located. Using single lifecycle management across clouds, workloads and containers enables a consistent and extensive security policy and risk mitigation strategy.
Bill Roth, Director, Cloud Economics, at VMware, says: “The main cyber security challenges of adopting a hybrid cloud approach have to do with making sure that everything speaks the same language, and follows the same procedures. When you get a mismatch between various security methods and procedures, this is an opening for the hackers.”
Using a single platform for vulnerability management, audit and remediation, and endpoint detection and response (EDR) simplifies workload security and empowers collaboration among IT Ops, SecOps and DevOps.
Another option is to outsource the management and security of your hybrid cloud infrastructure.
Challenge three: Prepare for the worst
Security must become intrinsic to all elements of IT infrastructure, including the cloud, rather than being bolted on to some notional network perimeter, says Garry Owen, Senior Solution Product Manager, at VMware.
Companies need to change their mindset about cyber security Owen adds.
“It can no longer be about threat exclusion at all costs because the nature of the modern threat landscape means that you will be breached at some point. Modern security in the cloud era has to be as much about rapid, real-time detection of breaches and attacks and near-instant threat mitigation, as it is about breach prevention.”
**Challenge four: Make your IT more resilient **
Traditional models for information security have used a “castle and moat” type of architecture with the enterprise network and data centre on the inside, and firewalls guarding the perimeter.
As Gartner puts it: “Anything located on the outside was considered untrusted. Anything on the inside was considered trusted.”
An alternative and increasingly popular approach to IT security is known as “zero trust” – trusting no users or devices until they have been verified. An organisation could start its zero-trust model in its corporate network and then extend it to its hybrid cloud.
“Start with zero trust and only build in the access that is needed,” says Owen.
The hybrid cloud market is forecast to continue growing as more organisations opt for a flexible and pragmatic approach to their IT infrastructure. By reviewing their cloud security, following industry best practices and outsourcing some of their cloud management and security to the right supplier, organisations can maximise the cloud’s silver lining and minimise any turbulence.
Learn more about how Dell and VMware are combining the simplicity and agility of the public cloud with the security of on-premises infrastructure.