Public cloud providers can offer unrivaled levels of data availability and durability. However, when it comes to data security, they use a shared responsibility model.
With a shared responsibility model the cloud vendor is responsible for security of the cloud, including the physical hardware, software, facilities, and networking that power to the cloud. The end customer is responsible for security in the cloud. Depending on the cloud service chosen, the end user could be responsible for encrypting the data in transit to and from the cloud, at rest within the cloud, and at each edge location. They will be also be responsible for user authentication and network traffic protection.
It is important for IT leaders to choose a solution that can meet the security and regulatory compliance needs of their organizations. Data should be encrypted both at rest and in transit. Solutions should be compliant to meet any regulatory compliance requirements in accordance with the Federal Information Processing Standard (FIPS) 140-2, which has security requirements for cryptographic modules. Strong standards-based authentication should also be used for access control.
What are the Key Strategies?
There are a number of strategies that can be used to secure hybrid cloud environments. First, is to deduplicate and compress data before it is sent to the cloud. This not only reduces network bandwidth costs, but it also adds an additional layer of obfuscation to the data. Even if it were to be intercepted and unencrypted, it would not be meaningful.
Secondly, organizations that implement physical hybrid cloud solutions may choose to use self-encrypting drives. Self-encrypting drives provide a layer of protection so that even if the physical media where data is stored was compromised, that data would still be inaccessible. This is in addition to the encryption provided by the hybrid cloud vendor.
Finally, for organizations that need to be able to ensure that data has been deleted, there is secure erase. Secure erase is a technology that ensures that when data is deleted, even data stored in the cloud can never be recovered. This includes ensuring that all replicated copies and snapshots of data in the cloud are permanently deleted. This is the most secure method of deleting data available today, short of physically destroying the drives.
What are the Unique Risks?
Hybrid cloud environments present a revolutionary change in how organizations store and manage their data. It can allow for the consolidation of storage in order to reduce costs, improve efficiencies, enable greater collaboration, and eliminate the need to perform data backups. But what happens if access to the cloud is interrupted? Can the edge device in the hybrid cloud solution continue to provide data access from the cache? If the services run in the cloud, what happens if that service is interrupted or the cloud provider has an outage? Can all of the local devices continue to operate?
One significant, and potentially surprising, risk is around who owns the data. There are essentially two methods of accessing hybrid cloud storage. Users can either deal directly with the public or private cloud provider of their choice, or they can select a hybrid cloud vendor that resells public cloud storage.
When the organization deals directly with the cloud provider there are no issues around data ownership. This can be the most cost-effective model. There are many drawbacks to choosing a hybrid cloud vendor that resells public cloud storage including overall higher costs, but the biggest drawback deals with data ownership.
When organizations purchase public cloud storage from a hybrid cloud vendor they are essentially leasing space in the hybrid cloud vendor’s public cloud account. If something should happen to that vendor — or even if they make an accounting error and miss a cloud payment — it is entirely possible that access will be prevented to all of the data stored in the cloud account. The data could be lost permanently.
Emerging Lessons and Trends in Hybrid Cloud Security
One of the emerging needs for hybrid cloud environments is the need for secure site support. Government and military organizations, the contractors that support them — as well as medical, financial, and other regulated industries — need to ensure that there is no external communication between their hybrid cloud environment and the outside world. This means there can be no use of public cloud services or communication between the solution provider and the vendor. This includes eliminating logs, service updates, call home features, or any other communication with the vendor. This is known as secure site, or dark site, support.
Another important lesson is around high availability. It is common today for organizations to have high availability failover between devices for their critical functions. Some hybrid cloud solutions do not support high availability at all. Others, depending on their architecture, not only support local high availability, but also support a global high availability option.
With a hybrid cloud solution that supports global high availability, every edge location will have all of the metadata for the entire file system. Since every site can see the entire file system, that means any site can be configured to perform high availability failover for every single site. If any site in the file system is lost, then the data services can failover to another site, regardless of location.