The defining characteristic of hybrid cloud is the need for data to be transferred between public and private clouds on an ongoing basis. That means choosing the right data transfer methods and providing complete data transfer security are essential for data protection. It can be challenging to apply the same policies for data protection across multiple environments with different characteristics. Data in a hybrid cloud is exposed to a number of risks that can be mitigated with proper planning.
- Data exposed through lack of encryption
Implementing complete encryption across the hybrid cloud environment is necessary to ensure data is protected during transmission and at rest. Using virtual private networks or dedicated connections between clouds provides security while data is in transit. Most cloud providers offer secure storage mechanisms to protect data at rest. Even if you rely on the cloud provider's encryption mechanism, it's most secure if you retain control of the keys.
- Limited visibility into data storage
Your visibility into your cloud storage is limited to the tools and logs the cloud provider makes available. When possible, the logs from the public cloud should be brought into your data center and integrated with your internal logs for analytics purposes. You can attempt to minimize the need for data movement that makes logs bulky and difficult to understand by locating data closest to where it will be used. By making the necessary data transfers as limited as possible, it will be easier to detect data leaks.
- Identity management across platforms
Maintaining consistent identity management controls across public and private cloud can be difficult unless the public cloud is able to integrate with the access control tools used internally. Because the cloud is dynamic and provides self-service, there is the potential for users to create storage and assign privileges outside of the centrally controlled servers.
- Scaling with data
The volume of data used in the cloud and the easy growth of cloud means that any tools used to provide data protection and data transfer capability need to be able to keep up with the increased scale of the data transfers. The sheer scope of data to be managed makes it easy to lose track of data and how it's being used. Although all data is important, it's best to identify the data that's highest risk and make sure the necessary controls are in place before addressing any other data.
- Data exposed through unprotected APIs
With the primary access to data through remote procedure calls and APIs, it isn’t enough to make sure data is encrypted and end users are authenticated. There needs to be authentication on APIs as well, to ensure that only authorized programs access the data. The credentials used by applications to authenticate themselves need to be managed securely, too.
Achieving security in the hybrid cloud requires thorough evaluation of the data, its risk, and its usage requirements. Using a data fabric such as NetApp is one way to simplify transferring data between environments without losing control or security. Contact dcVAST to learn more about how you can design a hybrid cloud that meets your data performance and security needs.