© Copyright 2019 • NTT Com Asia Limited

Cloud Security Will Blow Your Minds and Companies

By Dave Scott, Solutions Director, NTT Com Managed Services

The hybrid cloud is a double-edged sword when it comes to security.

Our recent whitepaper “Going Hybrid: Demand for Cloud and Managed Services Across Asia-Pacific”, based on conclusions from an independent study conducted by 451 Research of more than 400 IT decision makers representing Asia’s largest businesses in key vertical markets, noted that companies believe hybrid clouds can improve operational security (59 percent), disaster recovery (34 percent), and network security (31 percent).

However, the same respondents believed that a hybrid cloud exposes major security flaws in a number of key areas. They include encryption (46 percent), management and monitoring (44 percent), and identity and access management (33 percent).

The problem lies in our approach. Traditional security approach defines perimeters, raises firewalls around the core system to keep out intruders, posts vigilant intrusion prevention systems to root out unwanted programs and hackers, and guards the most valuable parts with strong access control.

In a hybrid cloud environment, the perimeter is blurred. Data flows freely between your systems and those of the cloud providers. Clearly, cloud security requires a rethink.

Server-centric to data-centric

The biggest difference between traditional and hybrid cloud environments is the way we handle data security.

Traditional on-premise architecture assumes that sensitive data will never leave the perimeters of your core IT infrastructure. So, security teams monitor access to this data by establishing control at the perimeters to the infrastructure and access to the apps and systems that use the data.

In a hybrid cloud environment, data moves outside of enterprise perimeters easily where it is no longer under the control of the security team. So, drawing perimeters that use signature-based defenses and restricting access to servers are not enough. Instead, security teams need to focus on securing the data when it is at rest or transit.

Here, data encryption becomes your most important ally. No longer just a “nice-to-have” option, strong data encryption should be the first consideration to keep your sensitive information from prying eyes. And you can assume that in a flexible, multi-tenant environment like clouds, those eyes are always looking for vulnerabilities.

Also, data is most vulnerable when it is traveling between your on-premise infrastructure and the cloud provider’s premises. It is the reason why many security-minded use private leased lines, both for latency and security.

Security policy compatibilities

In a dynamic cloud environment, threats can strike anywhere and at any time. Sometimes, it may not even be your fault. A simple oversight like patching network devices incorrectly during regular maintenance at the cloud server farm or a sophisticated attack on a less secure app in the cloud provider environment can increase your security risk.

Due diligence of the cloud provider environment is vital. Sitting back and thinking that someone else maintaining the cloud infrastructure will be equally vigilant about your security is wishful thinking. Cheaper subscription or operating costs count for nothing when there is a breach and it severely impacts your operations and reputation.

It is also important to find out whether the providers’ security policies are compatible with your own company’s. If it is not, you need to at least discuss on addressing the policy gaps. After all, you are liable to your customer for any breach.

Equally crucial is the ability to monitor security policies and readiness across your infrastructure and that of the cloud’s continuously. This allows you to take proactive measures in case of a breach, if it does not impact your operations directly. Building such capabilities take time but does provide a strong secure foundation to build your hybrid cloud environment.

Lastly, your cloud provider should be well aware of the compliance needs. This is especially vital when the cloud servers are situated in jurisdictions that have strict data sovereignty or data privacy laws, like GDPR or general data localization requirements by Indonesia. So, choose well.

Portability and Zombies

In cloud environments, it is easy to spin up new instances. But what happens to old ones?

This is an area that is often termed as zombie instances or cloud zombies. They are active but unmonitored. The problem with cloud zombies is that they become outdated quickly and are seldom patched, making them vulnerable to exploits.

Your cloud provider will need to have an established process in eliminating instances that are no longer required. A clear and strong lifecycle management and governance process can help, but one that you will need to examine closely.

As important is the ability to migrate your workloads to another cloud. This is becoming common for hybrid environments where specific workloads are moved to different environments for regulatory, disaster recovery or performance reasons.

A clear service level agreement (SLA) on how a provider handles such migration is vital, especially when looking to avoid lock-ins that puts you in a disadvantage.

Be Partner Savvy

Despite the rhetoric that cloud is less secure, often the opposite is true. After all, established cloud providers are motivated to keep their infrastructure secure which sees them investing huge amounts on the latest security solutions, enforcement and talent.

Cloud providers also use the latest best practices and adhere to current industry practices to accommodate to demanding customers. These efforts mean that companies can benefit from the investment and initiatives, and in some cases further strengthen their security posture.

But cloud security can be complex and requires a new approach. According to our study, it is why where many are looking toward managed security services.

Key areas where companies surveyed are looking at include professional and consulting services (45 percent), risk and compliance management (38 percent), and incident response and remediation (37 percent).

Managed security service providers can also assist in designing the right framework for your own security policies across hybrid cloud. They can help you to manage your risk and fulfill compliance requirement in highly regulated industries or geographies.

When a breach occurs, managed security service providers can help you with incident response and remediation processes that require specialist skill sets and tools as it involves more than your own infrastructure. Overall, they provide a holistic perspective to cloud security and offer insights into vulnerabilities that internal security teams may sometimes miss.

Having access to this talent pool and knowledge is important in a hybrid cloud environment. It ensures that you are always in control of your data – whether it is on premise or in the cloud.

Download The Whitepaper

Gain an in-depth analysis of the current Enterprise Hybrid Cloud Demand

Commissioned by:

NTT Communications solves the world’s technology challenges by helping enterprises overcome complexity and risk in their ICT environments with managed IT infrastructure solutions. These solutions are backed by our worldwide infrastructure, including industry leading, global tier-1 public and private networks reaching over 190 countries/regions, and more than 400,000m² of the world’s most advanced data center facilities. Our global professional services teams provide consultation and architecture for the resiliency and security required for your business success, and our scale and global capabilities are unsurpassed. Combined with NTT Data, NTT Security, NTT DOCOMO and Dimension Data, we are NTT Group.

VMware, a global leader in cloud infrastructure and business mobility, helps customers realize possibilities by accelerating their digital transformation journeys. With VMware solutions, organizations are improving business agility by modernizing data centers and integrating public clouds, driving innovation with modern apps, creating exceptional experiences by empowering the digital workspace, and safeguarding customer trust by transforming security. With 2016 revenue of $7.09 billion, VMware is headquartered in Palo Alto, CA and has over 500,000 customers and 75,000 partners worldwide.

Share This Page:

Fix the following errors: