How Can We Secure Mixed-Cloud Environments?

How Can We Secure Mixed-Cloud Environments?

There is no doubt as to the benefits that cloud computing brings to businesses around the world. But there is also no question that security is one of the most immediate concerns when moving from local, in-house IT solutions to cloud-based solutions. Businesses tend to mix and match different cloud solutions from multiple vendors in order to satisfy business needs. This leads to a not-so-healthy mix of cloud solutions, platforms and data variations. Securing cloud environments is already complicated and challenging enough, and mixing different solutions only serves to worsen the situation to the point that it can get out of hand. However, this approach will continue to become more common because of the ever-changing business environment, and because cloud Service Providers are constantly evolving their solutions in order to cope with skyrocketing competition. This leads to a juggling and cannibalism of clients among competitors.

So, the big question is what will constitute an effective strategy to secure all these mixed-cloud environments when an organization decides to build a private cloud to enhance existing IT services, employ third-party vendors for other cloud solution needs, or even invest in an SaaS or PaaS in order to cut down on software solution costs. We examine some ways to secure mixed-cloud environments.

  • Focus on the data. First and foremost, it is very important to be data-centric when thinking about security in the cloud. You must always be aware of where your data is, and of who handles it. A mixed-cloud environment will make this complicated, but companies are coping with this with the help of something called, “rules as a service”. There is also an extra challenge when data from different environments is being combined for the purpose of analytics. The resulting new form of data may trigger a series of regulatory controls and restrictions along with potential privacy concerns. So, being data-centric in security would mean that it is critical to focus on data and service classification to determine which data to deploy on the cloud. Organizations should have sound technical policy control definitions based on data classification and user authorization.
  • Look at the broader ecosystem. Companies must see the bigger picture and consider the complete mix of their mobile, social and cloud environments. Most companies implement their cloud solutions over time, which results in fragmentation – this simply will not do. It is imperative that security controls work and reflect all of the environments that the company might have. So, look to the long term and consider all the cloud environments you need before even implementing one, no matter how far off the implementation of others might be.
  • Create a road map of which security requirements need to be in place, based on the environment that you will be implementing. This road map is necessary and must be used as a checklist or questionnaire for new systems when you consider the service providers, tools, and infrastructure you plan to implement.
  • Learn from those who have gone before you. You are not the only one who has come across the problem and most probably not the first. There will always be others who have encountered and solved this problem already; so, learn from their mistakes and adapt their solutions. The service providers you will be considering will probably have experience in this aspect – work with them in planning your security requirements.

By Abdul Salam

Martin Mendelsohn

Supporting CISOS, CIOS and CTOS That Are Overwhelmed During the COVID Battle

The Covid Era and CISO Stress Even before COVID-19, senior technology executives, including CISOs, CIOs and CTOs were overwhelmed, and felt an increasing lack of ballast in their lives. Some went so far as to ...
Kokumai

Identity Assurance – Sufficient and Necessary Conditions

Identity Assurance It is not easy to define the 'sufficient condition' for describing a set of processes used to establish that a natural person is real, unique, and identifiable; criminals keep coming up with hitherto ...
Kevin Julian

Patients Increasingly are embracing technology, and so must the pharmaceutical industry

Patients Increasingly Embracing Technology COVID-19 has driven home the need to use digital solutions more broadly, which means C-Suites may be turning to their CTOs for advice As lockdown restrictions went into effect due to ...
Patrick Joggerst

Session Border Control as a Service: Faster, More Secure and Dramatically Less Complex Enterprise Communications

Session Border Control as a Service As businesses are increasingly moving to cloud-based unified communications (UC) for improved collaboration and productivity, they must also ensure that their networks and systems are as secure as possible ...
Martin Mendelsohn

New Executive Roles in the Post-Corona Era

Executive Roles in the Post-Corona Era As the global economy shows early signs of reviving from past months of rigormortis, forward-looking companies will be busy preparing for the next pandemic. What this means for technology ...
Digital Theft

Cross-Site Scripting – Why Is It A Serious Security Threat For Big Data Applications?

Security Threat And Big Data Applications (Updated August 11th, 2020) IBM, Amazon, Google, Yahoo, Microsoft - and the list goes on. All these leading IT enterprises have been affected by Cross-Site Scripting (XSS) attacks in ...