How Can We Secure Mixed-Cloud Environments?

How Can We Secure Mixed-Cloud Environments?

There is no doubt as to the benefits that cloud computing brings to businesses around the world. But there is also no question that security is one of the most immediate concerns when moving from local, in-house IT solutions to cloud-based solutions. Businesses tend to mix and match different cloud solutions from multiple vendors in order to satisfy business needs. This leads to a not-so-healthy mix of cloud solutions, platforms and data variations. Securing cloud environments is already complicated and challenging enough, and mixing different solutions only serves to worsen the situation to the point that it can get out of hand. However, this approach will continue to become more common because of the ever-changing business environment, and because cloud Service Providers are constantly evolving their solutions in order to cope with skyrocketing competition. This leads to a juggling and cannibalism of clients among competitors.

So, the big question is what will constitute an effective strategy to secure all these mixed-cloud environments when an organization decides to build a private cloud to enhance existing IT services, employ third-party vendors for other cloud solution needs, or even invest in an SaaS or PaaS in order to cut down on software solution costs. We examine some ways to secure mixed-cloud environments.

  • Focus on the data. First and foremost, it is very important to be data-centric when thinking about security in the cloud. You must always be aware of where your data is, and of who handles it. A mixed-cloud environment will make this complicated, but companies are coping with this with the help of something called, “rules as a service”. There is also an extra challenge when data from different environments is being combined for the purpose of analytics. The resulting new form of data may trigger a series of regulatory controls and restrictions along with potential privacy concerns. So, being data-centric in security would mean that it is critical to focus on data and service classification to determine which data to deploy on the cloud. Organizations should have sound technical policy control definitions based on data classification and user authorization.
  • Look at the broader ecosystem. Companies must see the bigger picture and consider the complete mix of their mobile, social and cloud environments. Most companies implement their cloud solutions over time, which results in fragmentation – this simply will not do. It is imperative that security controls work and reflect all of the environments that the company might have. So, look to the long term and consider all the cloud environments you need before even implementing one, no matter how far off the implementation of others might be.
  • Create a road map of which security requirements need to be in place, based on the environment that you will be implementing. This road map is necessary and must be used as a checklist or questionnaire for new systems when you consider the service providers, tools, and infrastructure you plan to implement.
  • Learn from those who have gone before you. You are not the only one who has come across the problem and most probably not the first. There will always be others who have encountered and solved this problem already; so, learn from their mistakes and adapt their solutions. The service providers you will be considering will probably have experience in this aspect – work with them in planning your security requirements.

By Abdul Salam

Dana Gardner
Just as cloud computing initially seeped into organizations under the cloak of shadow IT, application programming interface (API) adoption has often followed an organic, inexact, and unaudited path. IT leaders know they’re benefiting from APIs -- ...
Ray Meiring
Proposal Management Software Benefits Amid the COVID-19 pandemic-induced supply chain and market challenges, 2021 started to course correct, allowing many companies to resume business operations. As a result, request for proposals (RFPs), sales proposals, and ...
Rakesh Soni
Customer Experience: Living In A Connected World and Winning the IoT Race IoT and smart interconnected systems have already created an invisible aura of convenience, usability, and a rich user experience around us. However, when ...
Shireesh Thota
Here’s How to Position Your Organization for the Era of Data Intensity We live in a data-intensive era. Data is booming. Companies are realizing that data is one of the most important assets and they ...
Jim Fagan
Subsea Connectivity Digital transformation and the migration of data and applications to the cloud is a global phenomenon. While we may like to think that the cloud knows no borders, the reality is that geopolitics ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.