Safety First — The Art of Managing Hybrid Cloud Security
Data is growing at an unfathomable speed. Managing such massive volumes and variety of data is a huge challenge for any organisation. Therefore, companies around the globe are moving to hybrid cloud faster than ever for growth and efficiency, as well as to support digital transformation.
Data is growing at an unfathomable speed. Market intelligence firm IDC predicted, in 2014, that data is doubling in size every two years, and by 2020 the digital universe – the data we create and copy annually – will reach 44 zettabytes, or 44 trillion gigabytes.
Managing such massive volumes and variety of data is a huge challenge for any organisation. Therefore, companies around the globe are moving to hybrid cloud faster than ever for growth and efficiency, as well as to support digital transformation. IDC predicts that more than 80% of enterprise IT organizations will commit to hybrid cloud architectures by 2017. And Indian firms are not far behind.
Hybrid cloud is a mix of interconnected private and public clouds, both storing different kinds of data. While public cloud provides scale and efficiency, the private cloud offers customisation, security and speed.
As per research firm Markets and Markets, "The hybrid cloud market is estimated to grow from $33.28 billion in 2016 to $91.74 billion by 2021, at a compound annual growth rate (CAGR) of 22.5% during the forecast period.
Author and cloud computing expert Timothy Chou puts it well – "As a consumer of compute and storage cloud services you're going to see even greater number of cloud services, some specialized by location, others by performance or security features and still others by new business models. In less than ten years, the idea that a server arrives at your loading dock will be as quaint as a floppy disk."
For Indian companies adopting the hybrid cloud, the question of data security, however, looms large. According to the CloudPassage Cloud Security Spotlight report unauthorized access through misuse of employee credentials and improper access controls is the single biggest threat (53%) to cloud security. This is followed by hijacking of accounts (44%) and insecure interfaces/APIs (39%). 33% of organizations believe that external sharing of sensitive information is the biggest security threat, as per the report.
While companies might have a grip on data security within a private network, in the hybrid cloud things are more complex. Here are some of the best practices that Indian companies should adopt while moving to the hybrid cloud:
Protect your data
In the digital age, data is the greatest asset that a company can have, and it requires to be handled with utmost care, and be protected from any kind of threat – loss, theft or disaster. At the same time it has to be easily accessible as well.
Therefore, companies need meticulous planning before deploying the hybrid cloud. The first step is to assess current workloads and identify what environments are a good match for public cloud and private cloud.
Companies have to ascertain the kind of data that they want to host on the public cloud, and what data do they want to keep in the private cloud. The decision might vary from company to company; while some would want to keep confidential or compliance bound information inside the data centre, others may be okay with it being on the public cloud. Either way the cloud provider should be equipped to offer the kind of security the data demands.
The cloud provider should also be able to address all questions regarding data protection features and the kind of backup and disaster recovery systems it deploys.
Be compliant with data compliance
Companies need to understand all regulatory compliance laws concerning their data and applications before moving them onto a service provider cloud. They need to ascertain that the cloud service provider is fully compliant with the latest security standards and specific regulatory requirements applicable to the business. It is for the client to ensure that the provider is following best practices, to insulate themselves against any future threats.
Enterprises must ensure that they opt for a solution that complies with local regulation and provides adequate security – for example, any applications based in the cloud must have the necessary user authentication layers in place. Enterprises need to identify the right platform to navigate this complex landscape, says Vishak Raman, head of Managed Security Services business, Tata Communications.
Take stock of IT Resources
Hybrid cloud is complex and requires expertise for compliance, networking, storage, and management. Human resources are essential for implementation and management of the Hybrid Cloud, so if companies don't have in-house resources, they need to find a trusted service provider.
Ability to scale
Although scalability is the biggest advantage of the hybrid cloud, it is essential that while developing a hybrid cloud security strategy, companies make sure that all security tools and practices will scale for growth.
Ideally the security architecture should grow alongside other infrastructure resources. It can be helpful to speculate what issues can arise if the cloud needs to scale exponentially.
Find the right partner
For any successful Hybrid Cloud solution it is important for companies to find a partner they can trust. While choosing a partner, companies should determine whether the partner meets the needs of the business and has the ability to guide them through the process. It can be helpful to ask for customer references from those in the same industry.
Cloud service providers have solutions for most security issues, but companies need to figure out exactly what they need according to the kind of data and requirements they have. For certain organisations, it can be helpful to have a comprehensive risk management program to help move more business processes into hybrid cloud architectures.