Contact Us




Change Locale

6 Tips for Increasing the Portability of Your Hybrid Cloud Security Strategy

Servers, Storage and Networking | Posted on July 11, 2016 by Softchoice Advisor

Security should be a high priority in any scenario, however, and strategies for hybrid cloud environments must take into account the potential for frequent movement of data between public clouds as well as between public and private clouds. Here are six factors to consider to ensure that your security strategy is portable across all services and service providers.

Editors note: this post was republished with permission. This article was authored by Scott Montgomery, VP & Chief Technical Strategist, Intel Security. View the original here.

The prices and services that cloud infrastructure providers offer change so often that you may be doing yourself a disservice by tying your hybrid cloud to one particular vendor. We’re even starting to see services emerge that shift workloads transparently between cloud providers to give customers the best deal.

1. Sweat the SLAs
Specify to any prospective cloud provider what levels of security you need for the assets you’re moving into a public cloud and any restrictions you require regarding how data is stored, backed up, and encrypted. Among the factors to include in a service level agreement (SLA) are data privacy, data flow, data storage, the physical location of data, and the type of encryption used. Cloud providers generally have their own tools and standards in each of these areas, so focus on the desired outcomes rather than technologies.

In regulated industries, specify which compliance standards must be observed and what reporting is required. Be sure your cloud provider is aware of compliance deadlines. For example, some regulations require records to be made available with as little as 24 hours’ notice.

The more provable or measurable your SLA is, the less chance you will have to re-craft it when moving to a cloud provider with different procedures or tools.

2. Practice good data governance
Prior to engaging a cloud provider, classify your data according to what must be kept within the private cloud and what can be safely moved to the public cloud so that your most critical data is under your control.

If budget permits, enable replication of data from the cloud data store to your site or a trusted third-party so that there is minimal risk of data loss.

3. Secure communications
Many cloud services use the public Internet by default to transmit data. This practice is inherently insecure. Use a virtual private network (VPN) to maintain a secure and controlled “tunnel” between your private cloud and the public infrastructure provider.

Be aware that additional costs and limitations may be involved. For example, it’s important to understand if a cloud provider supports a limited number of gateway devices or a specific encryption-in-transit methodology. Use devices and protocols that are supported across all platforms you may want to use.

4. Use strong authentication
Simple password protection is insufficient for working with sensitive data. There are many superior alternatives, such as biometric authentication, one-time password (OTP) tokens and two-factor authentication. Be sure any prospective cloud provider supports your preferred method.

Another alternative is to use your internal authentication system, such as Microsoft Active Directory or LDAP, to log in to cloud services. Directory-based authentication makes it easy to switch between cloud services without resetting passwords or changing procedures, and also provides audit trails for additional control.

5. Use APIs
Cloud computing has created an explosion of Application Program Interfaces (APIs), which enable applications to exchange functionality and data in a secure and manageable fashion. (For example, APIs are what enable your smartphone to access the current temperature without opening the full site.) Using APIs, administrators can specify what data is available to whom at what times and under what conditions.

Because APIs provide a standardized data exchange mechanism, they can be ported easily between cloud platforms. And by using APIs instead of exposing program code, your applications are not only more portable, but also more secure.

It’s important, therefore, to specify which APIs you need your cloud provider to support before signing a contract.

6. Hold onto the keys
Sensitive data should be encrypted at all times, both while at rest and in motion between your data center and the cloud. This is true even if you use a VPN. Be sure your cloud provider supports your encryption protocol of choice. And in all cases, make sure the keys are kept in your possession, not in the hands of the service provider.

Cloud computing provides a wide variety of options for the types of cloud services as well as the providers that sell them. Make sure security doesn’t hold you back from choosing the best one for your needs.

Click here to learn more about the state of cloud adoption.

Related Articles

Cloud | August 19, 2019 by Softchoice Advisor

VMworld is the marquee VMware event of the year. The conference showcases the technology and solutions providers that are transforming the IT landscape. From mobility and the cloud to networking and security – VMworld offers a glimpse of what’s happening in IT now – and what’s coming next. The annual US conference kicks off in […]

Cloud | July 31, 2019 by Scott Mathewson

Most companies today use at least one cloud provider in some capacity.  Within two years, 92% of companies will be using two or more. This hybrid cloud world is forcing traditional data center design to evolve. The rise of hyper-converged systems and software-defined everything requires businesses to reevaluate traditional network and security designs to take […]

It’s fairly obvious that IBM’s POWER9 processors are, well, powerful. Staggeringly powerful. The evidence is straightforward: the Department of Energy’s Summit is the world’s fastest supercomputer, and it runs on POWER9 cores. Every day, Power Systems advance the frontiers of science on behalf of the world’s leading superpower. However, if you’re not the world’s leading […]