Hybrid Cloud Security

What is hybrid cloud security?

Hybrid cloud security is the multifaceted process of protecting infrastructure, data and applications across several IT environments, including private clouds, public clouds and on-prem hardware. This complex methodology defends against both cyberattacks and malicious insiders, and is often managed across multiple third-party providers and enterprises.

What are the challenges associated with hybrid cloud security?

Unlike straightforward public or cloud security, hybrid cloud security combines aspects of both, introducing multiple controls and variables that can change depending on industry concerns or service-level agreements (SLAs). For the former, chief among these industry issues is compliance, especially regarding security of sensitive or confidential information. Such regulations may require keeping certain types of data on on-prem infrastructure (rather than accessible on the cloud) or restricting who can access the data at any given moment.

Additionally, the added complexity of multiple operators can obscure roles and responsibilities. Unclear SLAs may create gaps (or even overlaps) in security coverage and procedures: who manages which workload, who responds to incidents, how is communication handled, when are notifications shared and other operations. Having one or many private and public clouds also complicates visibility across the entire infrastructure. Without a centralised dashboard or platform, monitoring, protecting, troubleshooting and optimising your hybrid cloud becomes inefficient at best – an arduous, high-stakes task spread between several key players.

Hybrid cloud security best practices

Utilise a “single pane of glass” management style

Typically, many cloud providers offer monitoring into their own services using their proprietary system. But that method only displays information for their cloud. Enterprises running a hybrid cloud need one centralised dashboard to monitor all activity across all their environments, letting them identify and respond to threats faster.

Limit authorised access and privileges

Being discretionary about who and what has access to your resources is paramount. For hybrid cloud, it means limiting not only who can use applications and other services in the public cloud, but to what degree cloud applications can “speak” to each other. By limiting when cloud services can communicate with on-prem IT, you eliminate potential back-door access from cyberthreats or unauthorised users.

Adopt Zero Trust security features

The best way to avoid unauthorised or unverified users and applications from accessing your infrastructure: trust no one. The core principle of Zero Trust security is not letting users or programs interact with cloud resources until their identity is vetted, whether through multi-factor identification or other techniques.

Deploy artificial intelligence (AI)

Manual monitoring of a hybrid cloud environment can be a time-consuming task. But AI can detect, protect and resolve potential security threats like malware or identify at-risk data. AI can also be used as an automation tool that can take over basic, low-level tasks such as real-time packet scanning, empowering IT teams to focus on greater, high-level concerns.

What is hybrid cloud security architecture?

Hybrid cloud security begins at the hardware level, located on premises. Here, servers and bare-metal hardware contain all enterprise data, from code to databases to storage and other resources. And since this information is made available through one or several data centres and cloud environments, it is encrypted so only valid users and applications can access and use it, typically through some form of Zero Trust protocol.

On the perimeter, edge cloud servers and application containers undergo microsegmentation, meaning that data is divided into groups and specific workloads, effectively isolating them with specific security controls. These “demilitarised zones” limit a cyberthreat’s ability to move through a data centre. Firewalls add additional layers of protection, further separating cloud environments from on-prem resources, and can be implemented at several layers, including the hypervisor and operating system.

Components of hybrid cloud security

In general, hybrid cloud security can be broken into two distinct component types: physical (which includes human tasks like administration) and virtual.

Physical components

Hybrid cloud infrastructure is distributed by nature, meaning that there are multiple physical locations that require security – at the enterprise and third-party levels. Both environments need foundational features that keep people away from hardware, even if they are simple devices or structures like locks and doors. Baseline security that helps regulate who has direct access to physical and cloud resources is a common necessity for governmental regulation and compliance, and carries over to public cloud providers.

Physical components also include incident and disaster protection. Enterprises and third-party providers alike should have built-in backup storage and other redundancies in place. These help prevent permanent data loss in the event of an unforeseen system failure or data corruption.

Virtual components

Virtual components represent the inherent advantages and complexity of a hybrid cloud infrastructure, including encryption, accessibility, automation and endpoint security.

· Encryption: Even if databases are compromised by malicious means, encryption components prevent information from being fully revealed. Encryption can occur at several levels: when data is stored, transmitted, in use or not in use. Partition encryption tools like Linux Unified Key Setup-on-disk (LUKS) or Trusted Platform Module (TPM) secure and protect hardware from unauthorised access, while options like Internet Protocol Security (IPsec) encrypt a live network session, preventing data from interception.

· Accessibility: Components that limit who and what have privileges to access resources exponentially decrease the likelihood of unauthorised access. Largely based on Zero Trust principles, options like multi-factor identification or a virtual private network (VPN) ensure that approved users and programs have access to only the precise functions they need.

· Automation: Automated components can take over many monotonous security tasks – and do them better than humans can. Actions like applying security patches, monitoring the environment and checking for compliance can be done via machine learning (ML).

· Endpoint security: Since hybrid clouds can be accessed by any number of devices, including mobile phones and laptops, the potential openings for other unauthorised access increase. If devices are misplaced, stolen or compromised, endpoint security components can purge device data and/or revoke access to the data centre, preventing widespread breaches.

HPE and hybrid cloud security

Protecting your hybrid cloud environments without a reliable partner can be an immense undertaking. HPE solutions such as the HPE GreenLake edge-to-cloud platform offer enterprises and other organisations a robust portfolio of managed tools and insights to ensure optimal cloud and on-prem efficiency and security, including IT compliance, software asset management, backup and disaster recovery.

HPE GreenLake for Data Protection is the next generation of data protection cloud services, offering customers the flexibility to modernise data protection – from rapid recovery to ransomware protection to long-term data retention – either on premises or in the public cloud with operational simplicity, meeting every SLA at the right cost.

HPE Backup and Recovery Service for VMware is specifically designed for hybrid cloud environments. Delivered through a software-as-a-service (SaaS) console and policy-based orchestration and automation, customers can protect their virtual machines (VMs) with three simple steps in less than five minutes and manage their backups effortlessly across on-prem and hybrid cloud environments.

HPE InfoSight and HPE CloudPhysics expand and simplify the cloud operational experience. HPE InfoSight gives users end-to-end visibility across the IT stack, including up to the app layer. This empowers customers to keep application workloads optimised, run disruption-free and continue to enjoy a transformed operational and support experience. Meanwhile, HPE CloudPhysics helps customers simulate a cloud migration, optimise workload placement and scale infrastructure. HPE partners gain insights into their customers’ environments, enabling them to deliver tailored solutions and be strategic partners to their customers.