Hybrid Cloud Security: New Tactics Required - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
Hybrid Cloud Security: New Tactics Required
Threaded  |  Newest First  |  Oldest First
Laurianne
100%
0%
Laurianne,
User Rank: Author
8/13/2014 | 2:09:29 PM
Hybrid cloud use
"Of those with functional private clouds, 30% have working hybrid systems, with the ability to deploy workloads on either public or private clouds. Just 18% of them split their workloads fairly evenly." Anyone else surprised by how low these numbers are? I am.
JoeEmison
100%
0%
JoeEmison,
User Rank: Strategist
8/13/2014 | 3:35:47 PM
Re: Hybrid cloud use
I think it's largely because hybrid cloud is just hard to do properly.  I think the gap between organizations who have wanted to do hybrid cloud and who have actually been successful at implementing is very wide.
ChrisMurphy
100%
0%
ChrisMurphy,
User Rank: Author
8/13/2014 | 4:54:07 PM
Re: Hybrid cloud use
Not terribly surprised. When we asked our InformationWeek Elite 100 if they shifted between private and public clouds based on demand, just 15% said they do. These are the leading innovators. Most companies seem to keep their private clouds and public clouds wholly separate, doing different jobs. 
SaneIT
IW Pick
100%
0%
SaneIT,
User Rank: Ninja
8/14/2014 | 7:18:23 AM
Re: Hybrid cloud use
I'm seeing that as well.  We tend to put things into buckets, group A we can put in a public cloud but group B we really need to keep in house so we'll do a private cloud.  I'm still mostly private because I don't need the hardware behind a big public cloud solution.  I can still easily serve all the needs of the company from inside our own infrastructure but if/when that isn't possible I don't see recommending a hybrid solution.  
zerox203
100%
0%
zerox203,
User Rank: Ninja
8/14/2014 | 9:22:46 AM
Re: Hybrid Cloud Security
Your key point here, Joe, seems to be that we should take a long hard look at if we even want to invest in private cloud before we spend a dime, not after there's already a problem. In keeping with that, I'll say that I don't see a hybrid cloud anywhere on my horizon, and I this is not really a pressing concern for me. Nevertheless, I read the whole paper, and I very much consider it time well spent. After all, current trends tend to 'bleed into' one another - for example,  we see the attempt at slapping archaic security onto modern problems in other areas such as mobile.

I agree with most of your issues with hybrid cloud and common problem-solving approaches therein - you've made a very convincing argument. On the other hand, I often feel that we run the risk of preaching to the choir. I'm trying to envision somebody at a healthcare organization not doing due diligence and evaluating if his hybrid cloud strategy violates HIPAA or other regulations... this person certainly exists (and he'll probably have the exact troubles you list), but is he reading tech digests to teach him otherwise? I think that most of us here are probably in your camp already. Still, it's always nice to have a recap and see all this suvery info collected in one place. Thanks!
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
8/14/2014 | 5:57:58 PM
Needed: more comprehensive defense in depth
Good discussion of the issue here. Considering how hard it is to get legacy systems to work in a hybrid cloud setting, I'm not surprised at Joe's figures. But I think he should take a closer look at the PCI-compliant parts of Amazon and other clouds. It's not just VPN access. Also, I think we're on the verge of implementing better, coordinated defenses in depth, which makes the concept of protect-the-perimeter seem a little dated. If we start to apply machine learning to security, we'll make rapid strides. A fuller definition and enforcement of disallowed behaviors in each application setting would weed out a lot of trouble makers.
JoeEmison
50%
50%
JoeEmison,
User Rank: Strategist
8/16/2014 | 11:48:17 AM
Re: Needed: more comprehensive defense in depth
My main focus in the piece was really to voice an opinion that just isn't out there enough: Hybrid Cloud is hard, and often unnecessary. And it's even harder if you live in the past paradigm of endpoint security, which is still the focus of most enterprise security budgets and the focus of most security audits. I do agree that Amazon has done an amazing job with best-practices security at AWS, but it's just hard (both theoretically and practically) to join an existing enterprise environment to AWS and have things work as they need to...
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
8/15/2014 | 6:39:44 PM
What about hypervisor as 'Goldilocks' zone?
What about Martin Casado's assertion that the hypervisor is the Goldilocks zone for security, neither too hot nor too cold. Can the hypervisor on-premises and in the cloud serve as a valuable vantage point from which to perform watchfulness and security functions?
JoeEmison
50%
50%
JoeEmison,
User Rank: Strategist
8/16/2014 | 12:05:42 PM
Re: What about hypervisor as 'Goldilocks' zone?
Well, I think that this is functionally what cloud management systems are trying to do (from RightScale to Apprenda to OpenStack to CenturyLink's VMware support)--have a higher-level management layer that controls launching VMs (when, where, how). But the same security problems remain--how are you connecting the private to the public?


The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll