Hybrid cloud security: Emerging lessons

Hybrid cloud security: Emerging lessons

What hybrid cloud security lessons are coming to light as technology matures and use increases?

up
62 readers like this

on

March 21, 2018
CIO What every CIO Needs to know about the cloud

Sweat the data in transit

Hybrid cloud security also typically increases the need to focus on securing not only your various environments, but also your data as it moves between those environments, notes Paul McGough, founder and CTO of Qwyit.

“The goal of data security and encryption is to assure control of it in transit and at rest,” McGough says. “The more places the data travels, such as in hybrid cloud environments, the more difficult this becomes; the greater number of locations to store it, the same problem.  So, the capability of both the encryption algorithms and the security policies and practices of the various participants is important.”

Yes, encryption and key management are important, but your tools and processes still require human oversight and action.

“Together, the encryption technology delivers data protection, and participant policies and practices delivers system control of that protection,” McGough explains.

Cloud security is a process, not an event

In the early days of cloud computing, perhaps the most common – and often vaguely explained – obstacle to adoption was “security concerns.”

As adoption busted through the floodgates and into the mainstream, that initial fear may be producing a positive outcome by forcing a shift in organizational security mindsets.

A smart hybrid cloud strategy typically involves mothballing incident-driven, patch-and-dash approaches.

In particular, a smart hybrid cloud strategy typically involves mothballing incident-driven, patch-and-dash approaches and making security an ongoing matter of practice and culture.

As Adam Stern, CEO and founder of Infinitely Virtual, explains, scattershot approaches to cloud security typically “fix” issues while ignoring hundreds or even thousands of other vulnerabilities waiting to be exploited.

“Cloud security isn’t like filling out a job application; it’s not a matter of checking boxes and moving on,” Stern says. “Piecemeal approaches to security never work. Patching a hole or fixing a bug, and then putting it ‘behind’ you – that’s hardly the stuff of which effective security policies are made.”

In hybrid and multi-cloud environments, this means doing deep dives on your providers’ security capabilities, for starters. As Stern says, “any provider worth its salt brings to the task a phalanx of time-tested tools, procedures, and technologies.”​

That doesn’t absolve you of responsibility: Hybrid cloud security requires a mindset of active vigilance, according to Stern, one that ferrets out threats and mitigates them rather than waiting for them to blow up on their own.

“The mantra must be: Cloud security is a process, not an event,” Stern says.

Want more wisdom like this, IT leaders? Sign up for our weekly email newsletter.

Pages

Comments 0

Harvard Business Review: IT Talent Crisis: Proven Advice from CIOs and HR Leaders

CIOs: We welcome you to join the conversation

Related Topics

Submitted By Ginny Hamilton
July 20, 2018

When James McPartland took on the CIO role at Torchmark Corporation in 2014, he had a big task before him: Show the rest of the business that IT could help drive growth.

Submitted By Carla Rudder
July 19, 2018

Constant learning is a must in IT. Leaders share how they make it a priority for everyone in their organization.

Submitted By Chris Fielding
July 18, 2018

How does CIO Chris Fielding retain the rising stars on her IT team? She sets a positive, respectful, and inclusive tone – and takes advantage of individual strengths.

x

Email Capture

Keep up with the latest thoughts, strategies, and insights from CIOs & IT leaders.