As businesses expand their use of cloud-based services, a hybrid cloud approach to developing the network infrastructures they need is fast becoming the norm. What is the hybrid cloud, and what impact is this approach to cloud services having on CIOs, CTOs and their enterprises?
A safe and secure Hybrid cloud
A clear area of concern to CIOs and CTOs is how secure they can make their hybrid cloud deployments before the security measures become too erroneous. The latest CIO Survey from KPMG commissioned by Harvey Nash concluded: “There is very little difference in cyberattacks between organizations with large-scale cloud implementations (35% reported an attack in the last two years) compared with the global average (32%); indeed ‘cloud’ organisations actually feel better protected against future attack.”
Robert van der Meulen, Global Product Strategy Lead, Leaseweb also commented to Silicon: “From a deployment point of view, a hybrid cloud is not so different from a more traditional (but heavily automated) deployment. There is the issue of monitoring and controlling multiple environments and dealing with a larger set of credentials for the various clouds – which calls for more normalized/centralized security monitoring practices and systems. A broader set of technologies demands a broader set of knowledge of the security aspects of the environments. Then from a network point of view, as more data is flowing back and forth, and more interconnectivity between environments, the importance of network security grows.”
As hybrid cloud infrastructures proliferate, one of the significant issues for CIOs is seeing their deployments in their entirety to ensure endpoint security is in place and not merely placed at the perimeter of the network.
“A hybrid IT model can be challenging to secure, as it creates additional environments and boundaries that must be secured,” advises Jason Lochhead, CTO, Infrastructure, Cyxtera. “A strong authentication and authorization mechanism should be implemented using single sign-on and multifactor authentication. Additionally, access to these environments requires a more sophisticated technology than a VPN, such as Software Defined Perimeter. SDP can be combined with authentication and authorization to ensure that users and administrators only have access to the applications that are required for their jobs.”