As companies race to the cloud to improve efficiency, reduce costs, and promote flexibility and agility, they are creating a patchwork of various cybersecurity protocols and policies that exacerbate management challenges and open doors for new risks.
Private cloud data that is stored locally and accessed over a private IT network is potentially vulnerable to data leaks or man-in-the-middle attacks. Hybrid cloud reduces the risk of cybersecurity threats, but when it comes to a mix of public and private cloud deployments, care must be taken to manage the security of the entire IT architecture, says Scott Schober (@ScottBVS), President and CEO of Berkeley Varitronics Systems Inc.
Hybrid cloud deployments can quickly turn into a large-headed monster that puts increasing strain on internal security teams already overwhelmed with balancing work with multiple cloud players as they battle sophisticated criminal organizations and manage remote workers, says Steve Prentice (@StevenPrentice), a specialist in technology integration. In addition, security organizations struggle to keep up with the ever-changing requirements for scalability, compliance, and confidentiality of stored data.
“The modern post-COVID company is an octopus poor in the millions in thousands of locations, and each arm is a digital access point that can be compromised by script kiddies, social hackers, professional criminal hacker organizations or even nation-state actors.” John Koetsler (@johnkoetsier), CEO of SSMRT. “Only by managing the security of all these millions of access points can a company keep security … and avoid getting another ransomware story on the national news.”
The complexity created by the growing number of mergers and acquisitions complicates the already complex cybersecurity landscape and increases the stakes for companies joining forces in search of growth and innovation. “The ability to provide flexibility and interoperability across a patchwork quilt of acquired and existing storage and security platforms will be the key to the success of complex technology-driven companies,” notes Frank Cutitta (@fcutitta), CEO and founder of the HealthTech Decisions Lab.
The recent spate of ransomware attacks – led by the SolarWinds hack – has highlighted the high threats associated with cybersecurity and the need for organizations to reassess their hybrid cloud security position.
Mature cloud management platforms and improvements in AI and analytics for back-end reporting enable companies to get consistent telemetry and views across cloud providers and private clouds, says Will Kelly (@willkelly), technical marketing director for a container security startup. But persistent budget constraints and personnel challenges remain important hurdles, he adds.
Managed services reduce security risks
Given the volatility of the landscape, it is critical to have an outside vendor responsible for keeping up with the changes and managing the consistency of security across platforms. “A provider of as-a-service management is just as important to a company’s hybrid cloud presence as GPS and air traffic control is to an airline,” says Prentice. “Not only do they ensure security consistency across platforms, but they also take the pressure off a company’s internal security team to meet more local requirements, which doubles the security benefit.”
Kim Stevenson (@Kimsstevenson), SVP & General Manager, Foundational Data, NetApp Inc., agrees. “Having experts do the work for you is the best way to thrive in this new world. Managed services offer many options for migration, modernization, transformation and risk reduction. “
Many companies using cloud services do not even see the potential for a cloud fragmentation problem. Untested cloud applications that are provided as independent silos bring administrative, integration and, in particular, security challenges with them – all problems that can be moderated or even mitigated with the right hybrid cloud managed service. For example, following consistent best practices such as encrypting data in transit and at rest, using Identity and Access Management (IAM) features, and using Secure Shell Protocol (SSH) network protocols to communicate between unsecured network connections can do a lot of the work Management limit headaches and security risks, adds Schober from BVS.
“Managed Hybrid Cloud can help reduce or eliminate redundant information stored in individual silos and give organizations greater control over their security profile through encryption, automation, access control, orchestration and endpoint security, to name a few.” says Gene De Libero (@GeneDeLibero), Chief Strategy Officer at GeekHive.
Identity and authentication are critical to today’s security environment, regardless of whether they are implemented internally or through a managed services provider. “Implementing a solution like Azure AD Hybrid Identity with SSO or Federation provides a mechanism for securely sharing credentials in on-premises and cloud-based environments with minimal effort,” said Dave Hatter, cybersecurity leader (@DaveHatter).
Consistency is the key
In addition to specific skills, consistency is essential when it comes to securing hybrid platforms. Only if a managed hybrid cloud service offers the consistency of security policies in areas such as access management and intrusion monitoring can a company benefit from the agility and versatility of such an infrastructure, notes Isaac Sacolick (@nyike), President of StarCIO, bestselling author and influencer of digital transformation.
“To take full advantage of the flexibility and choice that hybrid environments offer, it is important that organizations have a solid management strategy for all platforms,” says Dominique West (@domyboo), a cybersecurity expert. “The goal is consistent security, and that starts with a hybrid cloud management solution to simplify your processes.”
A managed hybrid cloud service has all of the benefits, experiences, and best practices gathered from a wide variety of customers – vast expertise and knowledge that you cannot replicate on your own. Additionally, many managed services abstract the implementation details but increase the level of security features available to an organization – another example of more security for the money.
“Security is tough and expensive, but leveraging the work of cloud providers to pool these concerns and resolve them for them can be magical for the companies that use them,” says Noelle Silver (@NoelleSilver_), Founder of AILI.
For more information on Kyndryl’s Managed Private Cloud IaaS, visit Private cloud IaaS.
Copyright © 2021 IDG Communications, Inc.