Almost two decades ago technology providers had introduced the concept of cloud to businesses in India. They explained that a cloud was a central repository where businesses could store their data and access it whenever needed. However, there were a few concerns that businesses had raised. Will the cloud be exclusive to their data? What happens when a business is not able to access its data? What about backup? Will it be costlier than storing data on their own network? How will the security of data be ensured? Today, nearly two decades later, most business concerns have been addressed. Businesses can choose between private, public, and hybrid cloud.
The pay-per-use model allows businesses to pay for what they use. Disaster recovery plans are in place. Overall, cloud environments now provide businesses with the flexibility, cost savings, performance, and scalability they need.
Security concerns continue to stay
But one issue—and that’s a crucial one—continues to pose a challenge. That is of security. Although numerous technologies have come up to make the cloud more secure, there are some security-related concerns that continue to besiege the hybrid cloud environment. These include:
- Integration: One of the biggest issues in a hybrid cloud infrastructure is the complexity around the integration of public and private clouds. It takes superior technical skills to ensure seamless integration between the two cloud environments, as it is quite difficult to move configurations and metadata across environments. It requires a thorough understanding of the tools and patterns required to move processes. And then, integrating legacy systems with the cloud is another challenge altogether.
- Visibility and control: Hybrid clouds pose a challenge in terms of viewing and monitoring distributed systems over the infrastructure, especially for administrators who resort to manual control. Lack of such visibility not only increases security risks but also impacts agility. A good workaround for improved monitoring is to choose automation, which will make it easier to clear security audits. Businesses can consider solutions based on open standards as they will still be compatible should the infrastructure undergo a change in the future.
- Data protection: Data—both at rest and in motion—in a hybrid cloud runs the risk of exposure. It is important to protect data at rest as well as data in transit through encryption. For data at rest, consider full-disk or partition encryption. Linux Unified Key Setup on disk (LUKS) can bulk-encrypt hard drive partitions. Data being transmitted over the network is particularly vulnerable to man-in-the-middle attacks that are employed to eavesdrop on network transmissions. To protect this data in transit businesses can consider using cryptography-based Internet Protocol Security (IPSec) which encrypts the communication between the hosts.
- Data leakage: Data that gets lost, corrupted, or destroyed constitutes data leakage. The problem of data leakage is especially severe in BYOD environments, where workers bring their own devices to work on. Leakage of sensitive data in any form can be disastrous. Therefore, it is the onus of the organization to protect its data in a hybrid cloud environment, as it is not the responsibility of the cloud provider. It is recommended that businesses implement stringent access guidelines and strictly enforce security protocols.
- APIs: Unprotected APIs can serve as a conduit for malicious attacks on sensitive data. Businesses must consider hardening the applications to make them resilient to potential attacks. For this, they must know what APIs are exposed, the existing controls, and probable remediation should an attack happen.
- Data redundancy: Lack of data redundancy increases the risk to a hybrid cloud. In case of an outage, redundant copies of data distributed across data centers can help mitigate the damage. To implement data redundancy, businesses can either use multiple data centers of their cloud provider, or use multiple public cloud providers, or hybrid cloud.
- Compliance: With regulators toughening their stance regarding handling of sensitive data, businesses—especially those in finance, healthcare, and government—are under pressure to ensure they are compliant with all the necessary regulations. Compliance is difficult in a hybrid cloud environment as there is a lot of back-and-forth movement of data. To add to the angst, most organizations still check their compliance status manually, which not only requires time and effort but is also prone to human errors. Again, automation using open source-based tools can help remediate faster and enable scalability.
Gartner expects that by 2020, 90% organizations will likely adopt hybrid infrastructure management capabilities. This is a testament that cloud computing, which sprung up as JCR Licklider’s idea of an intergalactic computer network in the 1960s, has evolved into the lifeblood of any digital-first business today.
Businesses transitioning to hybrid cloud model must consider the ensuing complexities to craft a winning implementation strategy.
The article has been written by Neetu Katyal, Content and Marketing Consultant
She can be reached on LinkedIn.