Security Approaches for Hybrid Cloud Environments

Digital transformation initiatives, along with cloud-first policies intended to gain greater business agility, have resulted in the broad adoption of cloud services as well as an unintended consequence—a cloud security readiness gap. This dynamic is highlighted by research conducted by ESG in which nearly nine out of ten (88%) surveyed organizations agreed that they need to evolve their cybersecurity program for cloud-native applications and their use of public clouds. 1 Amidst the shift to public clouds, customer-managed environments, including those that are on-premises and in co-location facilities, remain a critical and prominent aspect of the modern IT landscape. As such, hybrid clouds are, indeed, the norm of the modern data center. The disparate environments that comprise hybrid clouds have increased complexity, with many organizations finding it challenging to unify best practices across teams, technology stacks, and environments, impacting operational, security, and compliance objectives and requirements.

As a result, operationalizing hybrid cloud security is a strategic imperative, one that requires a holistic and layered approach to assure consistency across a heterogeneous landscape. While tried and true cybersecurity approaches still apply, including implementing defense in depth, new methodologies and technologies necessitate the modernization of cybersecurity programs across the core pillars of people, process, and technology. The objective of this paper is to explore the composition of hybrid clouds as well as the challenges associated with securing these dynamic and complex environments to set the stage to offer a series of best practices for a full stack, full lifecycle approach.

The Composition of the Modern Data Center

Hybrid Clouds are Heterogenous

Central to the adoption of cloud services are cloud-native applications and environments. Cloud-native applications are those built on a microservices architecture, deployed on elastic infrastructure, and delivered and managed via the automated continuous integration and continuous delivery (CI/CD) orchestration processes of a DevOps methodology.

Cloud technologies, such as containers, Kubernetes, and public cloud services, play leading roles in cloud-native environments, with serverless functions now emerging, adding to the heterogeneity of modern applications. It is important to note, however, that cloud native is not exclusive to public clouds. In fact, while there is a shift of production workloads to public clouds, container portability and the desire by some enterprises to manage Kubernetes deployments both on-premises and in the cloud means that cloud-native applications span both public and private clouds—i.e., hybrid clouds

Broad-based digital transformation (DX) initiatives that have been further accelerated by the increase in remote work have led to a retooling of the enterprise to leverage new technologies for all aspects of business operations. Part and parcel of DX programs are cloud-first policies, which require new IT projects be delivered via cloud services when possible. As a result, there is an increase in workloads that are now candidates to move to a cloud implementation. However, ESG research paints a clear picture that customer-managed environments will continue to be an important part of the equation as enterprises continue to rely on existing workloads and infrastructure. The resulting complexion of today’s data center is a hybrid cloud comprised of disparate environments that create challenges for cybersecurity and compliance programs.

The good news? Efforts to gain consistency across the modern data center are well underway with organizations moving to centralize the responsibility for securing application infrastructure based on unified policies, a collaborative culture, and a common vernacular. Implementing unified policies will require a focus on securing the software supply chain, leveraging enterprise-ready and, thus, secure Linux distributions such as Red Hat Enterprise Linux, and leveraging automation, all critical capabilities of an agile enterprise.