By now, many organizations have adopted the cloud in some way. We saw organizations moving whole servers over to the cloud at the beginning, but now we see small parts of a system being moved to the cloud and new cloud native offerings. We’ll use the analogies of Lincoln Logs and Legos to describe these deployment models.
- Infrastructure-as-a-Service (IaaS): With Lincoln Logs, you can build some pretty cool things, but they are pretty monolithic and constrained to quadrilateral shapes. Lincoln Logs represent moving a whole server to the cloud and still working on the offering as a whole entity.
- Software-as-a-Service (SaaS): With Legos, you can build many more advanced shapes. Not only that, but you’re also able to break up the project into multiple pieces, allowing you to attach those different components together in various ways that make it much easier to redesign and replace them without having to rebuild the entire entity. This flexibility enables you to create a new and unique offering in the cloud that’s delivered as a service.
- Platform-as-a-Service (PaaS): PaaS is in between IaaS and SaaS. Someone else has made the main Lincoln Log structure, and you create the accessories with either more monolithic Lincoln Logs structures or with Legos.
Security Challenges in the Hybrid Cloud
In response to adopting one of the cloud models described above, many organizations now have critical assets and services running on premise and in cloud locations around the world. These resources live in what’s known as a hybrid environment. Indeed, bits and pieces of the entity are stored in various locations, and they are owned by various teams. Not surprisingly, the hybrid environment has introduced new security-related challenges for organizations. Chief among these issues is maintaining compliance. As information security writer Kim Crawley explains on the State of Security blog:
By design, your hybrid cloud will be hosted in two or more datacentres with multiple groups of networking professionals tending to them. The different companies involved (including yours) will each have their own cybersecurity policies and procedures. A hybrid cloud offers your enterprises the benefits of both a private cloud and a public cloud, but the multiple facets of such a system pose a special challenge when it comes to security compliance.
Organizations with hybrid environments also need to grapple with the task of protecting their sensitive data wherever it is stored. Failure to do so could expose their intellectual property and thereby threaten the longevity of the business going forward.
Preparing for the Future of the Cloud
The challenges described above are not impossible to address. Keeping your cloud-based resources up-to-date and secure is possible if it is treated as a shared responsibility between your cloud service provider(s) (CSPs) and you. It’s therefore imperative that you communicate with your CSPs to verify which security functions they are performing. To find out more, please join me and Dave Meltzer on March 31 for a webcast exploring the present and future of the hybrid cloud infrastructure. During this special webcast, we’ll guide participants through key considerations and best practices for expanding security operations to the cloud and DevOps, including:
- Understanding the responsibilities and controls of a hybrid environment
- How to properly manage configuration and vulnerability risks
- How to build trust across multiple cloud solution providers
We'll also walk them through a case study of how one major institution successfully secured its hybrid enterprise. Don’t wait—register today to hold your spot. See you there! https://info.tripwire.com/Register-The-Future-Is-Hybrid-Key-Considerations-For-Cloud-And-Devops?
