Virtualization Technology News and Information
What you Need to Know to Solve the Complex and Unique Challenges of Hybrid Cloud Access


Cloud adoption is growing, but some organizations find that they need a combination of private and public clouds to gain the scalability and accessibility strengths of both architectures.

A hybrid setup is a solid solution that offers the best of both worlds, but it does present some unique security challenges.

Top Challenges of Hybrid Cloud Security

Many organizations rely on public cloud services and bridge the gap with private cloud capabilities, creating a highly complex environment. Mixing private and public clouds increases the complexity and the risk, and organizations need deep visibility to ensure security gaps don't emerge.

The hybrid cloud boasts more control and agility, but it increases the burden on the IT department. With the risk increased, visibility and control are necessary to track changes and ensure the team is collaborating optimally.

There's also a question of the security responsibilities. Traditional vendors have purpose-built tools for the private cloud, but those don't necessarily apply to the public cloud. Some organizations may believe that the cloud provider is maintaining security, neglecting their own responsibility in protecting their network, data, and assets.

The shared responsibility model allows organizations to manage their risks and understand exactly where their responsibilities lie, instead not making the mistake of putting everything on the vendor. Otherwise, they may be leaving gaps in their security under the assumption that the vendor has it covered.

Compliance is another challenge of the hybrid cloud environment. In the event of a breach, organizations can face considerable financial or reputation harm. The complexity that makes the cloud so capable also makes compliance difficult, however. The components need to be compliant independently, and as part of a unified system.

Using Privileged Access Management for Hybrid Cloud Security

Privileged access management (PAM) is a valuable cybersecurity strategy to control, monitor, secure, and audit identities across an IT environment.

Legacy PAM solutions use solutions from multiple providers, leaving security gaps and vulnerabilities in a dynamic and ephemeral environment like the cloud. With each component comprising different risks, these distributed environments are challenging to secure and manage.

PAM-as-a-service, like SAAS, is now offered by many vendors, who manage the cloud environment where the software resides. The vendor keeps the environment up to date and secure.

Maintaining security and compliance across a large, distributed environment is challenging for a number of reasons, including human error. By enforcing the principle of least privilege, the harm any user can cause - whether accidental or intentional - is limited.

Least privilege enforces controls so that users are granted the minimum levels of access necessary to complete their tasks, and only for a limited time, instead of full access. Then, whether a user is seeking to exploit the network on their own, or through the actions of a hacker who gained control of their credentials (and entitlements), they're limited in how much damage they can do.

PAM also adapts to changing needs. If a user requires elevated privileges to complete a task, the privileges can be elevated temporarily with control and oversight. They can perform the task as needed, but are only given just enough, just-in-time access necessary to complete it. Once they're finished, PAM removes the privileges so that zero standing privileges are left open to be exploited.

With PAM, the security policies are consistent regarding accessing, privilege, and multi-factor authentication, no matter the location, user, or operating system.

A modern PAM solution ensures a consistent security framework that can manage the many components of a dynamic cloud environment.

Benefits of PAM

Humans - the traditional users - are often the weakest link in cybersecurity. External threats may steal credentials from users, or the users themselves may be abusing or exploiting their level of access. PAM ensures that all users are granted only the access they need to perform their job duties, and it gives security teams the ability to quickly identify malicious activities and mitigate the damage.

The cloud relies on access and communication between systems and components. This distributed environment may include numerous machines that require privilege access, creating vulnerabilities and security and management challenges. A modern PAM strategy controls the privileges effectively in a hybrid cloud environment.

Another vulnerability in this environment is the endpoints, which usually have privilege for IT teams to quickly correct problems and issues. The downside of this is that it creates security gaps that bad actors can exploit. Once they have access to the network, they can move through, elevate privileges as needed, and eventually gain the information they're looking for. PAM ensures that the local administrative rights are limited or removed at the endpoints to address this vulnerability.

Compliance is challenging in the cloud, and privileged access without protection and monitoring carries a big risk. As part of a comprehensive security strategy, PAM can help with monitoring and recording any and all activities that may affect sensitive data.

Take Control of Hybrid Cloud Security with PAM

Combining the benefits of the private and public cloud, the hybrid cloud is an agile and dynamic solution for modern organizations. These benefits often come with added risks and require more vigilance, however, and PAM-as-a-service can shore up your security, both now and as your business scales.



Joseph Carson 

Joseph Carson is a cybersecurity professional with more than 25 years' experience in enterprise security and infrastructure. Currently, Carson is the Chief Security Scientist & Advisory CISO at Delinea. He is an active member of the cybersecurity community and a Certified Information Systems Security Professional (CISSP). Carson is also a cybersecurity adviser to several governments, critical infrastructure organizations, and financial and transportation industries, and speaks at conferences globally.
Published Monday, July 25, 2022 7:32 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<July 2022>