What is a Hybrid Cloud and Why is it Important?
Before the rise of cloud computing, organizations had no choice but to store their mission-critical data on on-premises databases, and run software applications off their own in-house servers. This centralized model often used a hub and spoke topology: where each server, endpoint, and database is connected directly to a central networking switch. Everything being stored in one physical location made this easy to visualize and verify.
In cloud computing, applications and data are stored on remote servers located in data centers. This outsourcing of compute power allows users to access the same files and applications from virtually any device. As a result, cloud-based email services like Gmail and Microsoft Office 365 can display a user’s inbox no matter which device they use to log in—the same goes for cloud storage platforms such as Dropbox and Google Drive. Public cloud can massively reduce IT costs and overhead, since the cloud provider maintains and updates its servers, but it’s not a silver bullet: organizations often need to retain complete control over the processing and storage of their data.
Hybrid cloud refers to this mix of cloud types. However, the resultant spread of cloud platforms can make it far more difficult to implement secure practices consistently and universally.
The Hybrid Cloud Security Challenges
Hybrid cloud security is a simple enough concept: it’s the discovery and swift mitigation of data and access abuse across an organizations’ array of systems. However, verifiably achieving hybrid cloud security remains a consistent challenge for most hybrid-based companies. The following challenges are introduced by hybrid cloud setups, and must be adequately mitigated.
An Exploded Attack Surface
Consider a remote working organization: they may have migrated sensitive data to their private on-premises servers, while still winding up key applications and services on a public cloud setup. This means that email and productivity apps are based on the public cloud, corporate databases on private, and employees are accessing these from any location. Not only is the scope of each data path far wider than on internal networks, it’s often necessary to share that data between multiple communication mediums. From the employees’ own device via their VPN, to the application and its corresponding API on the server-side, it becomes far harder to secure the end-to-end connection – particularly when the underlying network models are different.
This increase in the number of data paths becomes even more extreme when considering it from an application perspective: microservices break single software programs into their smaller individual components and then share relevant data between each component. The result is an attack surface that’s vastly bigger than single, public-cloud setups.
Trust Assumption Between Cloud Services
Because sensitive data needs to move so regularly between on-premises and cloud platforms, there’s often a degree of trust assumed between the different components of a hybrid cloud security architecture. For instance, individual APIs may often assume the authentication from a device makes it can be trusted to run its own process. When you add in the fact that microservices rely on images – which are stand-alone packages of executable code – it’s possible for these assumptions to give attackers a significant foothold in an organization’s cloud.
It’s this trust assumption that has allowed the proliferation of supply chain attacks: these are explicitly designed to exploit trust relationships between an organization and external parties. These relationships could include partnerships, vendors, and all third-party software issued by them. Cyber threat actors will compromise one organization and then move up the supply chain, taking advantage of these trusted relationships to gain access to other organizations’ environments.
Alert Visibility and Prioritization
On the other end of cloud security sits the Security Operations Center: they need to see the individual actions that every component of a hybrid cloud is making.
One typical way this visibility is achieved is via a Security Information and Event Management (SIEM) tool. This takes logs and collates them into trackable actions – and, while incredibly powerful, the sheer granularity of every single log has led to an abundance of alerts. This is because of the vastly-wider attack surface created by hybrid clouds: a hybrid SOC needs to choose and prioritize its alerts with far greater precision than normal.
Other network tools can be similarly stressed by the switch to hybrid: firewalls that have established a single on-premises or cloud-based boundary all of a sudden need to adapt to a much more varied and transient attack surface. Often, shifting SOC strategy to a micro-segmentation approach is one of the best ways forward. And for that, hybrid cloud security solutions can be worth addressing.
Successfully Secure Hybrid Cloud with Check Point CloudGuard
Check Point has been a leader in network security since 1993: in that time, we’ve helped organizations navigate monumental shifts in network design and protection. Leverage that industry threat intelligence with CloudGuard: the cloud security platform that applies a behavioral understanding to every interaction across a hybrid cloud. Correlating individual actions into their wider picture, CloudGuard supercharges a SOC with real-time visibility, policy automation, and a suite of proactive automated responses. Learn more about how Check Point provides hybrid data center security here.
Feedback