SDxCentral
Join Login
SD-WAN 4 5G 5 MEC IoT 4 SDN 5 NFV 6 Containers 5 Cloud 9 Security 8 AI 2 Converged DC 3 SD-Storage 2 NPM/APM 1

Login to SDxCentral

Your login link has been emailed to you.

Or login with your password

Enter Your Password

Forgot your password? Login as a different user?
  • Directory
  • Reports
  • Webinars
  • eBooks
  • eBriefs
  • White Papers
  • Sponsored Content
  • Videos
  • Resources
  • Use Cases
  • Participate

Join SDxCentral and get information tailored to your particular interests everyday.

Join
Sponsored:
Citrix 3 Dell EMC 2 Linux Foundation 11 Lumina OCP OpenStack 11 Riverbed Verizon 1 VMware 6

Hybrid Cloud Security 101: What IT Leaders Need to Know

Hybrid-Cloud-Security-101-What-IT-Leaders-Need-to-Know
Keith Parker
Keith ParkerMarch 29, 2018
9:48 am PT

Public cloud providers can offer unrivaled levels of data availability and durability. However, when it comes to data security, they use a shared responsibility model.

With a shared responsibility model the cloud vendor is responsible for security of the cloud, including the physical hardware, software, facilities, and networking that power to the cloud. The end customer is responsible for security in the cloud. Depending on the cloud service chosen, the end user could be responsible for encrypting the data in transit to and from the cloud, at rest within the cloud, and at each edge location. They will be also be responsible for user authentication and network traffic protection.

Related Articles

Will-Artificial-Intelligence-Be-Used-for-Good-or-Evil
Will Artificial Intelligence Be Used for Good or Evil?
four-security-myths-you-need-to-shake
Four Security Myths You Need to Shake
Combating-Ransomware-in-Multi-Cloud-Environments
Combating Ransomware in Multi-Cloud Environments
Intent-Based-Management-Will-Revolutionize-the-Storage-Industry
Intent-Based Management Will Revolutionize the Storage Industry
Giving-IoTs-Next-Hardware-Hit-A-Head-Start
Giving The Next IoT Hardware Hit A Head Start

It is important for IT leaders to choose a solution that can meet the security and regulatory compliance needs of their organizations. Data should be encrypted both at rest and in transit. Solutions should be compliant to meet any regulatory compliance requirements in accordance with the Federal Information Processing Standard (FIPS) 140-2, which has security requirements for cryptographic modules. Strong standards-based authentication should also be used for access control.

What are the Key Strategies?

There are a number of strategies that can be used to secure hybrid cloud environments. First, is to deduplicate and compress data before it is sent to the cloud. This not only reduces network bandwidth costs, but it also adds an additional layer of obfuscation to the data. Even if it were to be intercepted and unencrypted, it would not be meaningful.

Secondly, organizations that implement physical hybrid cloud solutions may choose to use self-encrypting drives. Self-encrypting drives provide a layer of protection so that even if the physical media where data is stored was compromised, that data would still be inaccessible. This is in addition to the encryption provided by the hybrid cloud vendor.

Finally, for organizations that need to be able to ensure that data has been deleted, there is secure erase. Secure erase is a technology that ensures that when data is deleted, even data stored in the cloud can never be recovered. This includes ensuring that all replicated copies and snapshots of data in the cloud are permanently deleted. This is the most secure method of deleting data available today, short of physically destroying the drives.

What are the Unique Risks?

Hybrid cloud environments present a revolutionary change in how organizations store and manage their data. It can allow for the consolidation of storage in order to reduce costs, improve efficiencies, enable greater collaboration, and eliminate the need to perform data backups. But what happens if access to the cloud is interrupted? Can the edge device in the hybrid cloud solution continue to provide data access from the cache? If the services run in the cloud, what happens if that service is interrupted or the cloud provider has an outage? Can all of the local devices continue to operate?

One significant, and potentially surprising, risk is around who owns the data. There are essentially two methods of accessing hybrid cloud storage. Users can either deal directly with the public or private cloud provider of their choice, or they can select a hybrid cloud vendor that resells public cloud storage.

When the organization deals directly with the cloud provider there are no issues around data ownership. This can be the most cost-effective model. There are many drawbacks to choosing a hybrid cloud vendor that resells public cloud storage including overall higher costs, but the biggest drawback deals with data ownership.

When organizations purchase public cloud storage from a hybrid cloud vendor they are essentially leasing space in the hybrid cloud vendor’s public cloud account. If something should happen to that vendor — or even if they make an accounting error and miss a cloud payment — it is entirely possible that access will be prevented to all of the data stored in the cloud account. The data could be lost permanently.

Emerging Lessons and Trends in Hybrid Cloud Security

One of the emerging needs for hybrid cloud environments is the need for secure site support. Government and military organizations, the contractors that support them — as well as medical, financial, and other regulated industries — need to ensure that there is no external communication between their hybrid cloud environment and the outside world. This means there can be no use of public cloud services or communication between the solution provider and the vendor. This includes eliminating logs, service updates, call home features, or any other communication with the vendor. This is known as secure site, or dark site, support.

Another important lesson is around high availability. It is common today for organizations to have high availability failover between devices for their critical functions. Some hybrid cloud solutions do not support high availability at all. Others, depending on their architecture, not only support local high availability, but also support a global high availability option.

With a hybrid cloud solution that supports global high availability, every edge location will have all of the metadata for the entire file system. Since every site can see the entire file system, that means any site can be configured to perform high availability failover for every single site. If any site in the file system is lost, then the data services can failover to another site, regardless of location.

Share:

CONTRIBUTED ARTICLE DISCLAIMER

Statements and opinions expressed in articles, reviews and other materials herein are those of the authors; not the editors and publishers.

While every care has been taken in the selection of this information and reasonable attempts are made to present up-to-date and accurate information, SDxCentral, LLC cannot guarantee that inaccuracies will not occur. SDxCentral will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within this site, or any information accessed through this site.

The content of any third party web site which you link to from the SDxCentral site are entirely out of the control of SDxCentral, and you proceed at your own risk. These links are provided purely for your convenience. They do not imply SDxCentral's endorsement or association. The copyright and any other intellectual property right any third party content belongs to the author and/or other applicable third party.

Article Categories:

Contributed

Keith Parker

About Keith Parker

Keith Parker has over 20 years sales and technical marketing experience in the storage and networking industries. He began his career at Adaptec, where for over 10 years he held sales, marketing, and technical training roles. He has also held positions at Alacritech and LSI. He comes to Panzura from Violin Memory where he was Director of Product Marketing.

Leave a Reply Cancel reply

You must be logged in to post a comment.

Join SDxCentral™ to receive exclusive access.

Sign Up Now!

New Report: 2018 Future of the Converged Data Center

2018 Future of the Converged Data Center is available for free download. In this FREE Report, find out why CI and HCI are the hot new platforms in 2018, and understand their relevance to enterprise, cloud and service provider data centers.

About SDxCentral

  • About Us
  • Editorial Team
  • Editorial Calendar
  • Work With Us
  • Careers at SDxCentral
  • Support
  • Legal
  • Contact Us

Engage With us

This material may not be copied, reproduced, or modified in whole or in part for any purpose except with express written permission from an authorized representative of SDxCentral, LLC. In addition to such written permission to copy, reproduce, or modify this document in whole or part, an acknowledgement of the authors of the document and all applicable portions of the copyright notice must be clearly referenced. All Rights Reserved.

© 2012-2018 SDxCentral, LLC, All Rights Reserved. SDNCentral™, the SDNCentral logo, SDxCentral™, SDxCentral logo, SDxNews™, SDxTech™, SDx™, the SDx logo, and DemoFriday™ are trademarks of SDxCentral, LLC in the U.S. and other countries.

  • Terms of Service
  • Privacy

Please enter your Business Email to view this asset:

We are requesting you provide a valid business, education, non-profit or government email address not from free or temporary email providers or ISPs. If you feel that our filters are incorrectly disallowing your email, please contact us at support@sdxcentral.com.