The difficult, we do immediately; the impossible takes a little longer” is a phrase familiar to many IT teams. That’s because they’re used to senior executives making challenging demands, such as “Our competitors are making big savings by moving to the cloud, and we want to do that too. So can we move our core business applications to the public cloud by the end of this year? It won’t affect security, will it?”
If only it were that simple. Managing network security across a hybrid cloud environment is still an emerging area with many challenges, as highlighted in a recent AlgoSec survey that looked at the issues IT teams face in trying to unify security policy management across on premise and public cloud environments. Of the 360-plus senior IT professionals surveyed, 66 percent agreed that it’s difficult for them to extend the corporate network security policy to the public cloud. Worryingly, a third of companies planning to deploy business applications in the cloud did not know which tools they will use to manage their network security policies after deployment.
So moving to a hybrid IaaS environment isn’t something that can be done overnight – it needs preparation and careful management to ensure security is maintained. To help with preparation, here are five tips to help in devising a strategy for a migration.
Choose the right security controls
There are three basic methods to secure network access on public clouds. Commercial-grade firewalls for the public cloud are available, but the level of support and functionality varies greatly between vendors. Their benefits include unified management with their respective on premise firewalls as well as familiarity with how policies are defined and enforced. Cons include cost (although some vendors are now offering pay-as-you-go or bring-your-own-licenses pricing models), scalability and a limited feature-set for some vendors.
Alternatively, some cloud providers will provide their own security controls (e.g. Amazon Security Groups). These controls are generally free – which is always attractive – and provide a good level of functionality. However, they may lack enterprise-grade management and do not work across different cloud providers since every provider’s controls are different.
Then there are host-based firewalls, which can offer an effective cross-cloud solution, but can involve additional security management overhead and a limited feature set.
Network security controls in the cloud are still fragmented, and there is no single correct answer when it comes to selecting the best option, so make sure you carefully evaluate the options and choose the controls that best suit your business needs.
Visibility across the cloud
Without visibility across hybrid cloud environments, you can’t see what’s going on, let alone secure it effectively. Regardless of which security controls you choose, visibility is key to a successful migration and deployment. Make sure you implement controls that provide visibility across the entire hybrid environment.
Automate to improve security processes
Security automation goes hand-in-hand with visibility, and is the key to effectively migrating to and managing a hybrid environment – especially given the flexibility offered by cloud environments as, when you’re trying to manage hundreds or even thousands of policy rules, automation is the only way. Manual processes for security change management would simply be unable to keep up with the constant updates needed across a large, hybrid infrastructure. Automation helps to reduce unexpected business outages caused by changes, speeds up application deployments in the cloud, and also eases inter-team working.
Segmentation, segmentation, segmentation
The cloud creates a much wider attack surface for your organization. So as network segmentation is critical to security in the on premise data centre, to stop infections and attacks spreading, it’s doubly critical for hybrid environments. Make sure you lock down access to your internal corporate networks from the IaaS platform as much as possible. This will not only cut your exposure to risk, but will also improve incident response by enabling you to quickly identify and focus on any emerging issues – helping to reduce the scope, time and effort involved in security audits, which your IaaS-based applications will now be subject to.
While enabling the different teams to work together using automation tools is critical to an easy migration and successful deployment of a hybrid cloud environment, it’s also important to ensure the right team is leading security efforts. Our survey found that large and small companies were uncertain about where responsibility for security in hybrid cloud environments should lie: with the Information Security team, IT operations, or with platform providers? It depends what best suits your organization, but make sure that someone takes responsibility.
These points can help you keep security front-of-mind as you evaluate IaaS platforms and plan a move to a hybrid cloud environment – in turn making the move easier, while ensuring you can maintain a strong security posture.
By Nimmy Reichenberg