BUSINESS TRANSFORMATION

Hybrid cloud model: Security risks and ways to overcome them

The global hybrid cloud market is expected to touch 145 billion USD by 2026 as more companies strategically invest in and build a long-term view of migrating data to the cloud for tangible business and financial outcomes. A hybrid cloud is now a recognised architectural state in cloud computing that needs careful planning around data synchronisation, resilience, disaster recovery and overall data management in terms of cost optimisation and management. Hybrid cloud architectures are now applicable across a variety of industry verticals ranging from energy, retail to automotive and telcos. With 5-G integration with cloud technology and edge computing driving hybrid cloud trends in 2023, security risks in a hybrid cloud model need to be considered seriously.

This article examines five such risks and methods to overcome them.

Data Breaches:

With edge computing emerging as a key driver for hybrid cloud as a means to counter low latency and reduced bandwidth, data is constantly moved across different cloud environments. This leaves data vulnerable to attacks like man-in-the-middle, interception of data and distributed DOS (denial of service) attacks. Counter measures include:
1. Data encryption at source and while transferring data such as secure VPNs
2. Actively monitoring data inflow and outflow, and
3. Proactive alerting in the event of a data breach to contain risk.



Compliance and Governance:

Many organisations now store sensitive data on public clouds to enable efficient processing of heavy data workloads. Checking if the hybrid infrastructure is in compliance with standards, like GDPR for instance, is a tedious, complex and error-prone process. Ways to stay compliant include:
1. Automating checks and regularly updating requirements to handle changes in hybrid cloud infrastructure
2. Designing repeatable and reproducible audits of the infrastructure
3. Ensuring that public and private cloud networks meet compliance norms of data transfer and other regulatory requirements



Insider threats:

A typical hybrid cloud model engages partners, service providers and vendors in addition to the organisation's employees. Entities may knowingly or unknowingly pose threats in the form of stealing sensitive information or sharing it with entities outside the trusted digital network. To mitigate the insider threat, companies can:
1. Scope just enough access to only devices or end users that absolutely need access across the hybrid cloud
2. Implement strict role-based access control with monitoring for users that have ‘special privileges’
3. Educate to create awareness amidst employees on access control and how hackers are likely to steal credentials and impersonate users
4. Prevent downloading or sharing of data between an employees’ personal and public accounts and organisation-controlled public cloud resources.



Infrastructure vulnerability:

A typical hybrid cloud has diverse infrastructure components. Many components have distinct ways in which they need to be secured. This increases the complexity of managing and monitoring a hybrid cloud for security breaches. Ways to minimise security threats are addressed by:
1. Standardising processes for setting passwords both on-prem and on public clouds. This needs to be extended to how assets are transferred like virtual machines, databases and code across the hybrid cloud.
2. Automated security processes reduce the likelihood of human error and ad-hoc processes. For example, incorporating automated security gates in a development process via the dev-ops pipeline ensures that any code has to pass through security checks before moving up codelines.
3. Automated tools ensure that environments can be quickly deployed, taken down and data isolated and multiple copies of data removed before any of these become a liability.
4. Isolate most critical infrastructure and restrict access to a strictly need only basis. This enables only those users who need the infrastructure to access it.
5. Always encrypt data that is in transit between public and private clouds.



Visibility and control:

Organisations are finding it hard to monitor and control hybrid cloud infrastructure as a combination of private and public clouds. This adds complexity to deploying self-service channels, delays in root cause analysis of production issues especially in dev-ops pipelines and controlling costs across the hybrid cloud due to movement of data across clouds provisioned by different service providers. To ensure necessary visibility and control, companies can –
1. Define service level agreements (SLAs) with service providers that ensure data confidentiality and visibility to monitor data flow and access control.
2. Define accountability upfront and understand security limitations in the hybrid cloud to develop robust SLAs.

The hybrid cloud ecosystem is a rapidly evolving one and more organisations are gearing towards moving into this ecosystem to meet the demands of their business. Being aware of and proactively planning to manage and mitigate security risks in this area will help companies realise optimal value from their business and safeguard it from threats.

*For organizations on the digital transformation journey, agility is key in responding to a rapidly changing technology and business landscape. Now more than ever, it is crucial to deliver and exceed organizational expectations with a robust digital mindset backed by innovation. Enabling businesses to sense, learn, respond, and evolve like a living organism, will be imperative for business excellence going forward. A comprehensive, yet modular suite of services is doing exactly that. Equipping organizations with intuitive decision-making automatically at scale, actionable insights based on real-time solutions, anytime/anywhere experience, and in-depth data visibility across functions leading to hyper-productivity, Live Enterprise is building connected organizations that are innovating collaboratively for the future.