Preparing the Enterprise for Risks in the Hybrid Cloud

Enterprise are leveraging the elasticity and scalability of the hybrid cloud, where the public cloud, third party cloud and on premise infrastructure converge. In McAfee’s most recent state of cloud adoption report they surveyed over 2,000 security professionals and found that hybrid cloud adoption will grow at a rate of 3X over private cloud adoption this year alone. But many enterprises are fraught with cloud security management, with about half stating security as their greatest challenge. As cloud app usage grows and IT staff interacts with these SaaS platforms, unpretentious mistakes and security knowledge gaps can intensify into serious issues for the enterprise.

The threat of cyber-crime in 2017 is massive and data breaches are becoming more commonplace within they hybrid cloud. In fact, more than half of respondents in McAfee’s report believe there is a likelihood of getting a malware infection from a cloud application. With the average cost of a breach now a massive $4 million, enterprises cannot afford to consider hybrid cloud cyber security as an afterthought.

Hybrid cloud platforms introduce new challenges to the enterprise as they bring existing problems within an organization to the forefront as well as tie public and third party cloud apps together. A security-minded cloud posture all starts with identifying the gaps in your current environment, process and harnessing the right mix of security expertise and process to bridge the before making specific decisions to move to a hybrid cloud architecture.

Best practices are key as enterprises become more dependent on hybrid cloud platforms:

3rd Party Cloud Apps (aka Shadow Cloud): When internal teams work within a hybrid cloud application without the IT department’s or SOCs knowledge or support, security vulnerabilities will surely be an issue. Most Enterprise employees utilizing these platforms come from non-technical backgrounds.  The majority don’t know the potential risks associated with the hybrid cloud – let alone understand the distinction between public and private clouds.

Easily accessible, user-friendly cloud applications enable teams and users to bring such services into the fold with little effort, but a team that drives security risk and governance must be informed. Such governance is to ensure enterprise protection without interfering with respective business processes. Without proper IT and SOC involvement, basic security measures will surely be disregarded, such as regularly changing passwords and mitigating risk through updates. It is certainly tempting for user to use a cloud application without internal IT and SOC involvement. Management needs to stress the risks to their employees. Enterprises also should recognize and remove obstacles that deter teams from reaching out to IT for job support. The first step to resolving hybrid cloud security vulnerabilities is achieving full mindfulness of Enterprise cloud use and the successive education as a feedback loop to all employees.

Centralizing Management: Even when an enterprise includes IT and SOC staff in cloud projects, platform management is often inadequately defined. Typically, you will find that most organization have multiple departments forming independent business relationships with the same cloud vendors. This in turn create more security to manage and increases the likelihood that risks go unnoticed. Enterprise can't afford to let hybrid cloud management fall to a handful of project managers without security expertise or without visibility into the use case of how employees will use these hybrid cloud services.

Enterprise should treat hybrid cloud similarly to on premises resources available to any team that needs them, but managed by a central platform. It's unrealistic to educate every user about how and why they should disable root accounts or enable single sign-on (SSO).  Most enterprise already have a proven model for deploying and supporting IT resources internally. This same model needs to now consider not only internal resources but the hybrid cloud. Enterprise should apply the lessons learned from managing other technologies and consolidate to a platform that can help them centrally manage on premises users and resources as well as the resource of the hybrid cloud.

Data security: When enterprises make use of a hybrid cloud environment, they often do so to resolve an urgent problem without thought toward how the project will evolve, where data is stored and how it is protected through its progression. If they have not already, security professional within the enterprise must develop risk and governance policies to guide which safeguards should be applied to their data, such as personally identifiable information (PII). Data that transferred between private and public clouds or from on premise to cloud, should always be encrypted.

IT and security personnel should have a solid understanding how cloud applications interact with their infrastructure. As hybrid cloud use increases, the projects will grow to include not only tech support, but internal developers as well as employees and managers. The more multifaceted projects will amplify deficiencies in cloud security, making it especially important for enterprise to develop best practices before any risk arises.

Hybrid cloud platforms offer an abundance of opportunity to embrace rapid scalability and greater user independence. Gone unrestrained, however, that independence can also become a major liability, creating a network of unmanaged and unsecured applications that place sensitive data at grave risk. Organizations must work to balance employees and teams’ fresh freedom against data security, involving security professionals throughout the process of best practices around how data is transported and secured.

Putting hybrid cloud processes in place early will also provide scalability benefits for enterprises. Whenever security is managed properly from a project’s start, it is much simpler to transfer an application to the hybrid cloud with fewer possible concerns around compliance or potential liabilities. To get the most out of their hybrid cloud environments, enterprise first need to embrace the best proactive which will accelerate business progress.