There’s a lot of traction in the market at the moment for security solutions that serve hybrid cloud and on-premise environments even though so many services come with their own security tools.
By Tallen Harmsen, head of cyber security at IndigoCube
It’s hardly surprising since the online world is constantly under fierce attack from a number of vectors. No brand wants to suffer the reputational and other potential business consequences of a breach, including the cloud service providers.
The problem, though, is that hybrid cloud is increasingly widely used, particularly by businesses looking to digitally transform and that means they have to secure more than the services of a single cloud provider. The usual mixture is systems or services from more than one traditional cloud environment plus on-premise cloud or legacy data centre systems.
Cloud’s popularity is growing. A World Wide Worx research project in 2018 reportedly found that medium and large organisations doubled their use of cloud technologies in the past five years.
Another report, the Nutanix Enterprise Cloud Index 2018, reportedly says 41% of respondents worldwide see their businesses using hybrid cloud within two years while 33% of South African organisations expect the same within two years.
The overriding reason is that they want to digitally transform and hybrid cloud provides them with the best options for micro-services, apps, and business systems to achieve it.
These systems and services don’t operate in isolation and businesses must create, consume or eliminate data as part of the process, often shifting, copying or replicating data from one to another as they do so.
That exposes the data and the systems that use it to risk. It’s not a uniquely cloud issue. Rather, it’s the fact that a company taps one or more public clouds as well as its own on-premise systems that creates the risk. The more of these different environments there are that must interoperate the greater the potential exposure.
That’s why it’s so important that companies know who is using the data at all times, that they can validate users and control access, determining whether or not the users are in fact legitimate. The alternatives are data loss, theft, destruction or the data being held to ransom.
What makes it more difficult for businesses is that there’s a dearth of skills. There aren’t enough technically proficient security experts to go around. The largest enterprises with the most interesting and diverse environments and who also typically have the budgets usually attract the talent.
But, even then, many use the services of third-party service providers and increasingly automated security solutions that channel the power of machine learning and event-driven APIs that provide deeply insightful control capable of dealing with the nuanced complexities of the real world.
When you use cloud services you’re basically renting the environment so how do you know if your data is actually secure? You have to take control of what is in essence a branch of your business.
That makes visibility crucial. You have to know, when you transmit data, who it’s going to. You need to know that your policies are in place, that “my data is mine and not everyone’s”.
The tools the cloud service providers offer are bespoke and limited to their environments only. Integration is difficult, at best, impossible at worst. That obscures the data. In some cases, as in the case of a popular office productivity suite provided as a cloud solution, the administrators aren’t properly versed in applying the security tools. A report from last year reveals that, by the vendor’s own ranking system, the vast majority of files are exposed.
It’s a common challenge when administrators have to touch many different systems to make sure they’re secure. Bespoke systems, even when they provide excellent services, can ultimately be the weak link that breaks the chain.
You can’t reasonably expect your security personnel to protect your multicloud environment without the tight integration of security solutions designed to operate in these environments.