Hybrid cloud is coming to be seen by IT pros and business owners as an extremely compelling proposition – in fact, IDC boldly predicts that more than 65 percent of large enterprises will commit to hybrid cloud by next year. Hybrid cloud’s cost savings, business agility and operational efficiencies are the precise qualities organizations need to thrive in today’s mobile and data driven world.
The enthusiasm for hybrid cloud extends beyond large enterprises too – a recent survey from Peer 1 Hosting of more than 900 IT decision makers from organizations large and small found that 28 percent will be using hybrid cloud in three years’ time – triple the number now (10 percent). The same survey, conducted by independent research firm Vanson Bourne, shows that respondents’ top IT priorities are cutting costs (49 percent) and improving operational efficiencies (45 percent). These concerns can help explain the rise of hybrid cloud, which offers cost savings, business agility and operational efficiencies when implemented successfully.
Yet, hybrid cloud growth could be even stronger, and many organizations are still holding back, despite its perceived benefits. One explanation is the security issues hybrid cloud presents to some organizations –an area where businesses cannot compromise. Yet, the security vulnerabilities of hybrid cloud are really no different than those faced in standard on premise or public cloud infrastructure. Fortunately, there are some straightforward ways organizations can minimize the various security issues faced when migrating to a hybrid cloud environment.
Minimizing Human Error Risks
One issue around security in the cloud, whether it’s public or hybrid cloud models, is the perceived lack of control. Because cloud is still a new technology for most organizations, the vulnerability of their data in the cloud is top of mind. However, it doesn’t ultimately matter if data is sitting on premises or in the cloud, or in a hybrid environment; the biggest security threat since the dawn of time (or at least the dawn of servers) has always been human error, and it’s no different in the cloud.
Whether it’s the misconfiguration of a server or a user clicking on a phishing email, humans are the weakest link for all networks and hosting environments. The only thing that can change this is to have good IT policies and work cultures in place – and to have responsible IT providers who are aware of and responsive to your security needs. This is especially true when migrating IT functions to a new environment, like hybrid cloud.
Internally, organizations must educate staff and create a security-aware culture to dramatically reduce the risks of information loss. This means helping staff to make good decisions, so IT won’t have to lock down operations nearly as much. That will give businesses the freedom to grow and evolve, and focus on their core competencies. And these same rules should apply to the service providers that organizations choose to work with to implement their cloud strategies.
Maximizing the Service Provider Role in Security
While caught up in their fear of losing control, organizations forget that often service providers often have more mature and evolved security capabilities than their own internal IT departments. After all, a service provider’s entire business is at stake when a major security issue arises, whereas an IT department is often fighting for budget to fund its core competencies against all the other budgetary demands of the organization, which means security may not get all of the funding and attention it deserves.
Even though service providers should be inherently more robust in security requirements, organizations must still do their due diligence with each provider they are considering, and check their security track record in depth. An IT department looking to a service provider to help them implement hybrid cloud should ask the provider if they have compliance and security certifications, how long they have been focused on these areas, and whether they have specialities in any particular area of security or compliance, particularly ones that align with the business’s focus.
Organizations should also check references for service providers they are considering when moving to hybrid cloud. They should ask directly about how the provider protects data, including the type of technology solution that is the fit for the business, whether it’s managed bare metal hosting, hosted private cloud, or hosted public cloud. A service provider is only as good as the people it employs! This is especially true for security, where people can be the largest data protection threat.
Overcoming a False Alarm
It goes without saying that security should be a top IT concern for any organization, particularly when they are implementing a new IT environment like hybrid cloud. However, hybrid cloud is still just an IT environment like any other, and is subject to the same fundamental risks. So instead of fixating on security as an obstacle to hybrid cloud adoption, businesses and service providers alike should focus on building scalable, flexible and controllable hybrid cloud environments that proactively respond to any perceived ‘data control’ issues.
Don’t let security be a ‘red herring’ when considering hybrid cloud – determine what’s best for your organization, and move forward!
By Toby Owen, VP Product, Peer 1 Hosting
Bio : Toby Owen is aVice President of Product at Peer 1 Hosting, Toby’s vision is for them to become a world-class provider of solutions and expertise that anticipates our customers’ technology needs and partners with them through their growth.
Studying engineering in college led to an interest in computers, and a side business building home computer systems. Naturally, he was drawn to a career with a hands-on role in technology. Since then, He’s worked with networking, computer applications architecture and web security, been responsible for Internet Web Services at Wells Fargo, built and launched Rackspace’s Hybrid Cloud, and immigrated to the UK to lead its International Product Strategy. When not using technology to improve the way we live, Toby ride bikes around London, tours castles in the Welsh countryside, and explores European cities with his family.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.