September 19, 2017

How to stay secure when using hybrid cloud

Markus Melin

Head of Tieto Security Services, Tieto

Cloud is easy, cloud is good. That’s why companies are extensively utilizing the opportunities it provides. Want to set up an ad-hoc testing environment for a small project? It might have taken several days and a lot of red tape to do this in a closed corporate network, but in the cloud, it’s a matter of minutes.

The most popular way businesses are using cloud nowadays is a hybrid environment. You have your most important stuff still in your on-premises machines, but take advantage of the processing and storage capabilities of the public cloud.

But when you move to a cloud that is provided by a third party, you can’t control your environment the same way you’ve used to control your own network.

This era of ecosystems and partnerships raises issues for security. More often than not, the company’s assets move to public cloud piece by piece, which might make good business sense, but it’s also easy to overlook security. When additions to the environment are made gradually, no one necessarily has full visibility to all the services that have been taken into use.

It’s also increasingly common to choose different vendors as public cloud (or IaaS) providers. And when you move to this kind of multicloud environment, your security architecture should reflect this change. In essence, you now have several different entities to secure: your own private network together with public cloud service providers A, B, and possibly even C.

The upside is that you can choose vendors who offer functionality that best suits your company’s needs. And security won’t be the only point-of-view in the decision process.

4 things you should ask from your cloud provider

First thing is to understand the nature of procuring a cloud provider. As they will be taking care of your most important business assets, you must think strategically about the cooperation. Also, migrating your assets to (and from) the cloud is no small endeavor, so be sure to do a thorough benchmark of the vendor’s security capabilities.

There are multiple ways to create a multicloud structure. For example, you may want to store the data on your own premises and just process it in the cloud. This means that your staff uses access points in the public cloud to connect to your on-premises infrastructure.

You should ask at least these questions from your vendor:

  • Where is the cloud provider’s datacentre located? How do they ensure GDPR compliancy?
  • How capable is the vendor to prevent denial-of-service (DoS) attacks? Can the vendor demonstrate it?
  • Can you, as a client, install monitoring capabilities to your data in the cloud?
  • What kind of action plan for security incidents does the vendor have?

The whole thing boils down to a few basic questions. How much visibility do you have to your hybrid environment? Can you monitor all pieces of the environment in real-time and control the access points?

For the greatest security, you should be able to monitor your whole hybrid cloud environment from one single tool that connects the on-premises world to the cloud assets.

Interested in hearing more about security in hybrid environments? Come to Tieto’s and Palo Alto Networks’s booth 3g18 at Cyber Security Nordic event on September 26 and 27 in Helsinki.

Stay up-to-date

Get all the latest blogs sent you now!