Hybrid clouds pose new security challenges

If 2013 is the year enterprises begin implementing their hybrid cloud strategies, as the experts are predicting, then it follows that this will also be the year when hybrid cloud security takes center stage.
According to analysts, industry watchers and security practitioners the bad news is that there is no silver bullet on how to fully accomplish security in a hybrid cloud.
That's because there are so many facets to hybrid cloud security; there's the issue of how to secure on-premise data center resources, how to secure applications that burst to the public cloud, how to secure data stored with multiple cloud service providers, how to protect the virtualized underpinnings of your public and private clouds, and finally how to secure mobile devices that connect to your cloud infrastructure.
If that's not daunting enough, another reason why there isn't a one-size-fits-all solution is that the definition of hybrid cloud is open to interpretation.
And every company has a different comfort level when it comes to security in general and cloud security in particular. One company's game plan for keeping a minimum set of operations under lock and key inside the on-premise data center or a virtual private cloud, while pushing batch processing or user front-end processes to the public cloud might be another IT department's worst nightmare.
"Every hybrid cloud implementation is unique and that makes securing them a moving target," says Dave Asprey, vice president of cloud security at security management vendor TrendMicro. Asprey subscribes to the notion of ambient clouds, essentially the idea that enterprise customers are going to move toward a distributed cloud model where they employ multiple cloud providers - each replaceable based on use case, price and availability.
"I don't necessarily think the types of threats against the ambient cloud is up from those used against traditional data center or private cloud schemes, but the potential risks against the data running across these distributed cloud certainly is," Asprey says.
Security strategies that work
The good news is that enterprises already employing defense-in-depth practices across their existing networks can apply those same tenets within a hybrid cloud security management strategy.
The caveat here, though, is that IT management must commit to a whole lot of advanced planning and prepare their staffs for a bit of technological tweaking of its security policy and gear before the hybrid cloud goes live (see story on hybrid cloud implementer tips and tricks).
"Typically in this industry the adoption of any technology happens well before security considerations surrounding it are fully addressed," says Gary Loveland, a principal in PricewaterhouseCooper's advisory practice and head of the firm's global security practice.

Author:By Christine Burns Rudalevige

0 yorum: