Three tenets of security in a hybrid cloud environment

09 March 2022 Consultancy.com.au 4 min. read

The benefits of the cloud – reduced capital expenditures, greater IT flexibility, business efficiency, competitive advantage, and more – are compelling. The switch to a hybrid model however comes with its security risks – Leo Lynch, Vice President APAC at Arcserve outlines three tenets of security in a hybrid cloud environment.

Organisations have increasingly embraced a hybrid cloud approach that includes a combination of both cloud and on-premise solutions. According to research by Telsyte,  65% of Australian organisations currently use hybrid clouds as they shuffle a mix of workloads, while 85% intend to choose hybrid cloud going forward.

The reason companies prefer a hybrid-cloud approach is because it offers many advantages over complete reliance on third-party cloud vendors. Many tools make it easy to host an on-premises data centre in a cloud-like fashion. Because while hybrid clouds do offer an appealing level of balance and flexibility, they can be enormously complex to manage.

Leo Lynch, Vice President APAC at Arcserve

Specifically, implementing security, backup, and disaster recovery in hybrid cloud environments is a serious challenge. The threat of a data breach and data loss is still a dangerous possibility for companies that run hybrid cloud environments.

1) Security is a shared responsibility

One of the many common misconceptions about cloud security is that the cloud is secure by its very nature. When organisations transition to the cloud, they must understand that cloud security is a shared responsibility between the cloud service provider and the customer.

Cloud service providers, including Microsoft Azure, Google Cloud, and AWS, typically secure the core infrastructure and services as part of their responsibility. But when it comes to securing operating systems, platforms, and data, that is the customer's responsibility.

The cloud providers will not advertise this fact. Still, the fine print of their terms and conditions contains legal language that clarifies that the provider is not responsible if anything happens to the customer’s data. Whether it’s an issue of data corruption, a security breach, or even accidental data deletion, the onus is on the customer to recover that data, not the cloud provider.

It’s the customer’s data, and therefore their responsibility. The fine print protects cloud providers from lawsuits and does not protect the customer organisation from data loss and the resulting financial implications.

2) Making clouds play nice is hard

More clouds can also mean greater complexity and more problems. The more clouds you try to blend, the more unwieldy your environment becomes.

The same Telsyte research found that on average, businesses have 3.3 public cloud services and 3.8 private cloud services in use, with multi-cloud use rising with the size of organisation. Usually, those clouds operate differently and have very different interfaces. Customers may be able to manage each cloud environment seamlessly. But monitoring and supporting all the disparate cloud platforms and getting them to play nice with each other can be a daunting challenge.

There are other issues associated with putting data in a hybrid cloud environment, such as compliance and regulation concerns. Establishing comprehensive compliance in a single cloud is hard enough. But hybrid clouds introduce additional complexities that raise the stakes. This issue is challenging because all industries change their rules according to required security and certifications.

3) There is a security solution for every cloud

Security and compliance should be considered early in the implementation process. Trying to play catchup and address them later could prove costly at best catastrophic at worst. Organisations can address both with the appropriate backup and recovery solution for their hybrid cloud environment. It should protect your data comprehensively and give you the complete control you need.

A cloud storage offering that safeguards data by taking continuous snapshots and provides multiple recovery points ensures that your data is always protected and gives you easy access and visibility into your data.

Some data-protection solutions on the market specifically target private, hybrid, and multi-cloud computing environments. The solution chosen should combine security controls, ransomware detection, and data protection to ensure security across private cloud, public cloud, and SaaS-based environments. It should also deliver backup and disaster recovery services, including protection for physical, virtual, and cloud workloads.

Organisations must step up and take responsibility for managing their data storage and backup requirements, whether that data resides on-prem, in the cloud, or in a hybrid environment. They cannot place their trust solely in cloud providers. Implementing a data protection and recovery strategy that adds an extra layer of protection can make the difference between successfully responding to adversity and being overcome by a disaster.