Improperly managed hybrid IT environments including on premises and cloud can result in major security gaps.
These can leave networks vulnerable to security breaches, data loss, intellectual property theft, and a host of regulatory compliance issues.The challenge, then, is to ensure organizations enable a hybrid IT infrastructure to improve business agility without sacrificing control or security. As organizations look for ways to reduce costs, improve efficiency, and increase scalability, cloud and edge computing and virtualization play a vital part in their IT strategies. However, these new technologies also present new challenges for organizations in the areas of security, application monitoring and performance. Here are the top five challenges facing hybrid IT security:
1. Security Models Vary Between Cloud and On-Prem/Colocation/Edge
Achieving the right balance between on-premises/colocation/edge and cloud cyber-security technology can be a daunting task. It’s important to look at the differences between these two cyber-security models. Many organizations are beginning to realize there’s a “lot of daylight” between cloud and on-premises/colocation/edge models. The security models are very dissimilar and an expert in on-prem IT security will have to acquire new skills in order to be able to work cloud security. The reverse is more true as on-prem security offers significant challenges to a cloud security expert.
2. Security Audit and Scanning Tools Needed
Finding security and DCIM software tools (audit and scanning) that cater to cloud and on-premises/co-location/edge technologies can pose a challenge. While many enterprises lean towards cloud-based application security and shy away from on-prem tools, some still use such devices or at least a combination of on-prem tools and a cloud-based service. These are motivated by the need for the control offered by on-prem tools and (for some) the need for complex system customization and integrations, which fall short with many cloud solutions. While most cloud solutions are configurable, many are too rigid to be heavily customized and integrated with legacy systems.
A look at on-premises solutions reveal several shortcomings. For one, on-prem tools typically call for specialized expertise to install and operate. Security experts who are qualified to install, configure and maintain these tools–and respond to the information they return can be expensive and unavailable.
Traditional tool-based approaches fall short because the digital economy simply moves faster than they can keep up. These tools can’t scale fast enough to address the many applications an enterprise builds, buys or downloads. In terms of manpower, today’s workforce can rarely be found in one place, which challenges on-premises models to apply consistent policies, reporting, and metrics across these teams.
3. Complex Access Management Calls for “Sharper” Tools
Managing access across physical devices and virtual in-cloud devices can be very complex and may require several tools. Access management is critical to cloud security. It’s no surprise that many cloud providers offer fully featured IAM tools that allow managers to set up rules and policies for user accounts. These would include multi-factor authentication, forcing password changes, and rotating access keys.
Cloud-savvy managers have become keenly aware that the cloud allows for easy provisioning and de-provisioning of users, networks, services, and private clouds. This potentially creates a security nightmare for a CSO where there is little visibility into what employees are deploying in the cloud.
The right IAM tools can be used to establish a level of security over many systems. These can provide “nose in the wind” alerts for any systems that fail to operate as expected—due to an operational issue or an ongoing incident. While Gartner predicts that customers will be faulted for 95 percent of cloud security failures through 2020, managers must use these tools to the fullest to configure infrastructures for maximum security.
4. Dearth of Talent Could Hamper Security
A lack of talent capable of managing security across on-prem, cloud, colocated and edge systems could paint managers in a corner. Although enterprises continue to invest in on-premises IT infrastructure and facilities, staffing challenges have mushroomed into a problem. As companies segue from legacy IT architectures to converged and hyper-converged paradigms, demand for rudimentary IT talent continues to rise. While specialists remain critical in on-premises enterprises, “generalists” are still needed, so much so that organizations are beginning to train their specialists to perform generalist tasks. Specialists whose knowledge base is being broadened are being drawn from server and storage administrator pools. It is talent that’s desperately needed to add tighter levels of security to today’s newer architectures and software-defined technologies.
5. Lift-and-Shift May Leave Organizations Exposed
List-and-shift migrations to the cloud are occurring more and more as enterprise adoption of the cloud increases. These lifted-and-shifted workloads, applications and services may have behaved very well on premises from a security standpoint. But, the cloud security model is very different and these applications and services may have serious security implications in the cloud. In planning lift-and-shift migrations, organizations must consider the different security models of the source and destination locations of these workloads.
Cloud security operations grow increasingly complex as cloud environments expand—in accounts, number of instances, regions, and operations. Transferring current workloads to the cloud without proper security measures that “watchdog” visibility or controls can expose workloads to dangerously low levels of security—more so than simply leaving them in an enterprise data center. Managers must recognize that security for today’s public cloud environments differs significantly from typical data center security. Enterprise data centers employ routers, firewalls, switches, and more to manage access controls, connection policies, and zone designations.
Today’s CIOs must remain keenly aware of the challenges facing hybrid IT environments. Security topographies vary widely between cloud and on-premises/colocation/edge environments. Securing talent and managing access calls for implementing the right tools, especially when one is faced with bringing legacy systems up to today’s demanding security standards.