How to develop a hybrid cloud security strategy

5


16

Over the past decade, cloud has become integral to nearly every digital and business transformation strategy.

We’ve seen how cloud started out with the drive to reduce costs with a more efficient infrastructure, rather than maintaining on-premises data centres. Then, the rise of the public cloud, IaaS (Infrastructure as a Service) and SaaS (Software as a Service) providers resulted in overall lower cost IT investments.

Next, enterprises started developing modern applications right in the cloud itself. DevOps no longer created new applications on old infrastructure, utilising PaaS (Platform as a Service) providers instead and storing enterprise data in the cloud. However, organisations still had to maintain their legacy applications to prevent the disruption of core business processes. This meant they had to service hybrid cloud environments to keep their enterprises running.

Today we’re in the era of Cloud 3.0, with the reimagining of business processes in the cloud versus simply lifting and shifting old applications, workloads and data into a variety of cloud environments. Multicloud has become the norm, due to resource allocation as well as the willingness to take advantage of best-of-breed technologies, such as self-healing (to improve cloud reliability and scalability), AI and Blockchain.

Getting past cloud security concerns

The adoption of cloud continues to surge, yet, according to a survey of cybersecurity professionals conducted by Crowd Research Partners, an overwhelming 91 percent say they are ‘extremely to moderately’ concerned about public cloud security.

This concern is real and needs to be addressed to help organisations confidently take advantage of the benefits of cloud for their business transformation initiatives. "In a world where security breaches at large corporations dominate the headlines, the ambiguity that surrounds cloud computing can make securing the enterprise seem daunting for CIOs, CISOs and their colleagues," notes analyst Gartner in one recent cloud strategy report.

Approximately 94 percent of enterprises today have multiple clouds

This challenge is growing increasingly complex given IT leaders are by the main operating in a hybrid, multicloud environment. Approximately 94 percent of enterprises today have multiple clouds – mixing public, private, dedicated and countless SaaS applications, and that trend will continue through at least 2020.

This has led CIOs and CISOs to ask some pivotal questions around how they secure their hybrid multicloud, with many wondering how they comply with regulations, secure access to cloud-based workloads, secure critical data across different services, manage security policies and develop ‘secure by design’ applications. It may seem like a lot to tackle, but there are three ways that CIOs can go about securing their organisation’s hybrid multicloud:

  • Secure identity and networks
  • Protect data and workloads
  • Manage threats and compliance

Secure identity and networks

CIOs will want to achieve seamless and secure access for the right people across their hybrid multicloud, which means they need to work through identity and access management, and network security end to end.

For example, identity and access management is best when silent – working so in sync with the day-to-day operations of the business that users don’t even realise it’s there. While other approaches to identity management can force security in front of the user, silent security works quietly in the background, providing the right levels of access to the right users as your business transforms. In respect of network security, CIOs want to achieve a high level of performance without sacrificing security or data privacy.

Protect data and workloads

To protect their organisation’s data and workloads in the hybrid multicloud, CIOs must assess their existing approaches to data prioritisation, encryption and key management.

  • Start with what data you have, which you need to keep safe and secure through in-depth data discovery, and classification of your cloud and on-premises databases to uncover any privacy risks.
  • Secondly, put in place data protection for your multicloud to safeguard critical, sensitive or regulated data wherever it resides.
  • Finally, address your privacy controls and encryption, so you can manage encryption and policy enforcement from a single point – configured for a single database or thousands of heterogeneous databases.

Manage threats and compliance

No longer relegated to the domain of the IT organisation, the topic of security is now unquestionably a C-suite priority. Organisations need to move toward a more systematic and proactive approach to addressing security threats and managing compliance requirements in today’s information-driven economy.

Developing security intelligence – the ability to proactively predict, identify and react to potential threats – will take on a new priority, so CIOs can stay resilient in the face of risks across the hybrid multicloud. This means:

  • Developing security analytics that provide you with advanced automation and AI, supplemented with security experts.
  • Putting in place incident response orchestration to intelligently orchestrate severe security threats with greater speed and agility.
  • And addressing security compliance through systemic prevention and remediation through access to the right expertise.

With the right strategy, mindset and practices in place, you can confidently drive business innovation while securing your hybrid multicloud environment.

IBM Services can guide you on this journey – from carrying out an initial scoping assessment and building a robust road map for the future, to securing identity and networks, protecting workloads and managing threats and compliance.

Jump to Top