According to O’Reilly, 39% of businesses used hybrid cloud infrastructure in 2020. Multi-cloud and hybrid-cloud environments have been increasingly popular in recent years. But this trend has put a strain on security teams and system architects — challenging them to adapt their approach to this new IT paradigm. In this article, we’ll review key considerations that system architects should keep in mind as they develop their multi-cloud and hybrid cloud security architectures.
Learn more with Symmetry Systems’ Multi-Cloud & Hybrid Cloud Security: The Ultimate Guide.
Jump to a section
To explore how Symmetry Systems DataGaurd can give your security team real visibility in your hybrid-cloud environment, reach out.
11 Considerations For Developing Multi-Cloud and Hybrid-Cloud Security Architectures
Governance is a foundational component of your multi-cloud or hybrid-cloud security architecture. While the term covers a wide range of security concerns, key aspects include establishing the overall security strategy and aims, defining the security policies and how they will be applied across the IT infrastructure, outlining how policies will be enforced, developing a vision for employee education and training, and more.
Although the bulk of the development work will come on the front end, it’s also important to note that your governance structure is a living organism that will grow and adapt with the rest of your organization. So think through how you can create a system that supports continual expansion and revision to your core approach.
To develop an effective cyber defense, you must understand what attack vectors you need to defend against. According to ath0, some of the most common attack vectors of 2021 were:
- Malware: increased 800% from early 2020
- Phishing: the most common cause of data breaches globally
- Distributed denial of service (DDoS): up 50% in 2020 over the previous year
- Password Spraying: 80% of data breaches by hacking involve this or other brute force techniques.
In a recent survey of over 300 IT professionals, 45% said they lacked data visibility across their private cloud environments — and a staggering 80% had poor visibility into their public cloud data. Multi-cloud and hybrid cloud security start with data, so this widespread deficiency represents an enormous risk to the enterprise.
To ensure you can protect your critical information assets, make a plan to implement a solution that provides you with true data visibility. Designed to meet the unique challenges of multi-cloud and hybrid-cloud architectures, Symmetry Systems DataGuard is a data store and object security (DSOS) solution that provides organizations with a clear view of their entire information landscape.
Access control is a pillar of cyber security and should be front and center in your mind as you develop your multi-cloud or hybrid-cloud security architecture. For these architectures, you want to use an approach to IAM that covers over your entire organization, is independent of any vendor, and allows you to enforce least-privilege access.
Recently named a leader in the Gartner® Magic Quadrant™ for access management for the fifth year in a row, Okta is one of the top IAM solutions for these environments. With features like a universal directory for all users, dynamic server access, and adaptive MFA, the solution will give you the control and coverage you need to capably manage access across such a complex environment.
Out-of-date software and applications have been the cause of many cyber-catastrophes, including 2021’s Lebanese Cedar hacks. To ensure you’re keeping your entire infrastructure current, automate upgrades and patches — but make sure they run appropriately given workload, dependencies, and any other relevant parameters.
Along with automation, there are three other operational patch management best practices to keep in mind:
- Establish clear guidelines among the IT teams around what is expected and how they will be held accountable should there be a slip-up.
- Ensure all the teams have the same goals and use the same language to keep communication focused and effective.
- Include patch management concerns in your disaster recovery plan so you can bounce back if a vulnerability is exploited.
The average cost of a data breach in the US reached $8.64M in 2020, an all-time high. The rising costs of failure — coupled with increasingly complex IT architecture — make it more critical than ever for organizations to do everything they can to reduce their attack surface via hardening.
From deleting extraneous services to disabling unsecure ports, all infrastructure must be put through a stringent hardening process. To ensure you’re crossing every “t” and dotting every “i,” find a reliable resource for the latest industry benchmarks and best practices like the CIS Benchmarks.
While encrypting every data flow would grind business operations to a halt, system architects need to understand how to deploy encryption across their cloud and on-prem infrastructure to protect their data assets. This means understanding their data landscape, reviewing encryption options, and developing an appropriate encryption strategy.
For those looking to use a dedicated cloud encryption tool, Baffle is an excellent choice. From providing bring your own key (BYOK) support to processing billions of records without trouble, Baffle is an easy-to-deploy solution that supports your encryption needs at any scale.
Compliance is always complex, and never is that statement more true than with hybrid-cloud and multi-cloud architectures. Platforms can vary across many compliance-relevant parameters — certifications, features, workloads, and requirements — so you’ll need to understand how to approach each accordingly. This is tricky to do manually across multiple clouds, so consider using an automated solution to accelerate the analysis and remediation process.
This approach makes even more sense given the dominance of the cloud when it comes to workload processing, as Cisco estimated these environments handle 94% of workloads worldwide.
Multi-cloud deployment strategies fall into two primary buckets: distributed and redundant.
- Distributed deployment divides application processes and components among cloud environments to support optimal performance.
- Redundant deployment, on the other hand, involves mirroring data across cloud environments, often to create backups.
How you structure your use of these models is directly related to your business requirements: Establish those guideposts upfront so you tailor your vendor criteria accordingly.
Regardless of the complexity of your architecture, it’s easy to let expenses get out of hand if you don’t have proper cost management. To avoid blowing your IT budget, here are three best practices that you should lean on to get a firm handle on hybrid cloud spending:
- Analysis: Figure out your baseline; know your workloads; and keep track of your data.
- Data mapping: Use tags to understand the relationship between services and your business.
- Optimization: Find and eliminate waste; be deliberate with your payment structure; and continually upgrade your tech.
It will also help to only work with vendors that offer a clear pricing model, as any vagueness in the breakdown opens the door to overspending.
Supply Chain Security
A truly comprehensive strategy extends beyond your organization. Your vendor evaluation process should look carefully at how components are sourced to ensure your infrastructure isn’t riddled with vulnerabilities. Some of the most severe cyber security incidents in recent history — such as Solar Winds — were supply chain attacks. To ensure you’ve got your supply chain locked down, it’s a good idea to audit access and asset inventories, prioritize vendor risk management within the organization, and create healthy and collaborative relationships with all providers.
Achieving Data Visibility in the Hybrid Cloud
From access to encryption, this article has covered 11 considerations system architects need to keep in mind as they develop hybrid-cloud and multi-cloud security architectures. While each is important, not all considerations are created equal. Some, like data visibility, are critical to achieving a robust security posture.
Symmetry Systems DataGuard provides the visibility needed to protect data in the hybrid cloud. Comprehensively mapping every data store and tracing data flows across your entire infrastructure, DataGuard surfaces hidden vulnerabilities, alerts the security team of potential issues, and accelerates incident response. But don’t just take our word for it: Reach out to see the power of DataGaurd for yourself.