Virtualization Technology News and Information
Three Considerations for Securing Hybrid Cloud Environments

Written by Jon Toor, CMO, Cloudian

According to a survey conducted by IDC last year, 80% of respondents reported they had repatriated workloads from public cloud environments to private clouds or on-premises environments during the previous year. In addition, the survey found these enterprises anticipated moving roughly half of their current public cloud applications to private or on-premises locations in the following two years. There were several reasons for this shift, but the report found security was the number one factor driving these organizations to repatriate workloads.

If a business is adopting a hybrid cloud model, it needs to decide what to send to the public cloud and what to keep on premises. There are many considerations when taking this path - performance, cost, agility, etc. - but security should be top of mind at every step. For organizations embarking on a hybrid approach, there are several security factors to consider, including type of data, compliance and ransomware vulnerabilities.

Not all data is created equal

While public clouds put considerable resources into securing their platforms, it only takes one misconfiguration to leave a deployment vulnerable to hacking. On-premises datacenters, on the other hand, are typically protected by firewalls where the security configurations are managed by personnel knowledgeable in the various threats. Data varies greatly in its sensitivity - customers' personally identifiable information and financials are much more valuable for hackers than network telemetry data. When determining which workloads to put in the public cloud and which ones to keep on-premises, lean toward keeping workloads that involve highly sensitive data on-premises, where there's consistent control over security measures such as access.

Compliance requirements

Compliance is a critical consideration that often does not get enough consideration. In many verticals - and in various localities - IT managers must comply with regulations that govern data protection and data location, such as GDPR and HIPPA. Some regulations even bar certain sensitive data (e.g., financial information, personnel records and government data) from being moved to the cloud. In other cases where regulations are not a factor, the fine print in customer contracts mandates that certain data must be kept on-premises. Overall, an on-prem repository provides the most direct path to compliance.

WORM is the way

Ransomware may be the biggest security threat organizations face today. Most businesses think simply having a robust backup option is sufficient protection against these attacks, but they don't realize that backup files can also be afflicted just the same. WORM (Write Once Read Many) is the best method for combatting ransomware. With WORM storage, once the data is written, it cannot be altered or deleted. This prevents malware from encrypting the data and locking the victim out. If a ransomware attack happens, an organization can simply roll back to a previous WORM-protected version of the data.

Although public cloud services may offer WORM storage, rolling back to a previous version of data is typically faster and more cost-effective if the WORM-protected data is on-premises. It avoids the latency and bandwidth issues inherent in moving data from a public cloud.

The hybrid cloud has gained major momentum among enterprises for good reason. A hybrid approach allows organizations to leverage the advantages of the public cloud for some workloads while still enjoying the benefits of being on-premises for other workloads. When deciding which workloads to migrate, organizations need to keep security in mind. Due to greater control and visibility, they may be better served storing data on-premises rather than in a public cloud.


About the Author

Jon Toor 

Jon Toor leads Cloudian's inbound and outbound marketing teams. Prior to Cloudian, Toor served as vice president of digital marketing and demand generation at Brocade. He also served as the vice president of marketing at Xsigo Systems where he led the outbound marketing team, a group he led from company launch until the company acquisition by Oracle. Prior to Xsigo, he served at ONStor as vice president of marketing. Toor holds an MBA, bachelor of science in mechanical engineering, and a bachelor of arts in economics all from Stanford University.

Published Friday, May 17, 2019 10:12 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2019>