According to Gartner, nearly half of large enterprises will have hybrid cloud deployments by the end of 2017. Why? Hybrid clouds offer a number of benefits – they’re on-demand, offer flexible development and test environments, and provide greater agility in scaling capacity without the heavy CapEx.
That’s not to mention the system redundancy and cost elimination that comes from moving certain workloads to the cloud. Some surveys also point to growing IT savings from hybrid cloud deployments, with a recent Virtustream post reporting that teams have “reduced IT costs by an impressive 24 per cent with hybrid cloud."
However, managing two separate IT infrastructures can get really complicated for all but the largest businesses, and can be prone to errors that lead to lapses in security. Consider the added complexity of running multiple cloud instances - today, businesses are running applications in an average of 1.5 public clouds and 1.7 private clouds and they are experimenting with an additional 1.5 public clouds and 1.3 private clouds, per the latest state of the cloud survey from RightScale.
Only a small group of companies have had the resources to successfully deploy and secure hybrid clouds, and even fewer multi-cloud environments. Here’s why - and how that will need to change:
Security Policy Management Challenges Cross-Clouds
Cloud data centres make enterprises more agile, but the integration process requires complex connectivity and security that is quite different from the single data centre approach of the past. Unfortunately, the tools available to achieve that are platform-specific, which creates management complexity and results in non-integrated systems. Each computing platform has its own management tools to secure and control its own specific environment - for example, commercial next generation firewalls for physical data centres and native cloud firewalls for cloud data centres like AWS VPC.
Many companies have turned to a variety of technologies that attempt to replicate on-premises security capabilities such as unified networking, security and access controls for cloud apps. Next generation firewalls (NGFW), unified threat management systems (UTM), secure web gateway (SWG) and cloud access security broker (CASB) services all attempt to fill the need for visibility, control and data security for cloud-based applications, data and access.
However, as these solutions aim to extend existing controls to the cloud, they pose major performance and cost challenges, which in turn results in increased complexity and cost of managing hybrid clouds. Specifically, moving on-premises firewalls to the cloud is expensive and resource-intensive. This challenge compounds as multi-cloud environments grow across AWS, Azure, IBM, Google and others.
The Growing Cloud Sprawl
Cloud sprawl refers to the problem that many enterprises face with multiple cloud services without having full or even partial visibility into or knowledge of them. This results in little control over what people are doing with company data, which is of paramount concern for highly sensitive and regulated data and information. Critical security questions remain hard to answer: Who is creating virtual servers in the Cloud? What data is being moved to or kept in the Cloud? Who has access to the data? How is it being secured?
The Mobility Challenge
As if cloud sprawl was not enough, IT teams today need to also address the growing threats coming from BYOx. Workers are increasingly accessing cloud apps via their own mobile devices—in most cases, without devices being properly authorised. What happens if these devices are lost or stolen, or employees leave the company? An organisation can be left vulnerable if it can’t deny access to unauthorized users or deprovision users who no longer should have access.
Add the unsanctioned use of applications themselves - Netskope reports only 4.1 per cent of enterprises have sanctioned cloud apps – some of which come laced with malware. This malware can then infect the network if the proper security measures are not in place.
Hybrid Clouds Call for New Security Approach
The bottom line is hybrid clouds increasingly tap into multiple public cloud services and will continue to see increased adoption as they offer more agile, scalable and cost-effective capacity for the growing data and application deluge. However, these hybrid clouds require a new approach to managing security across all layers to provide the level of protection critical for the business.
Approaching cross-cloud security using a traditional data centre approach is not only not scalable, but it can wipe out most of the savings from your public cloud usage. Without a unified management approach and tools that work across on-premises data centres and multiple public clouds, organisations won’t have the ability to manage a unified security policy for data, applications, and users, which in turns opens up operations to be increasingly vulnerable to attacks.
Gur Shatz, Founder and CTO, Cato NEtworks
Image source: Shutterstock/Nattapol Sritongcom