Massimo Bandinelli, Aruba Cloud Marketing Manager, explains how businesses can deter cyber criminals from attacking their hybrid cloud.
The global cloud market has advanced far further than we could have ever imagined. Hybrid cloud in particular has experience exponential growth and is set to rise to $145 billion by 2026 – and it’s no surprise.
These environments are certainly beneficial for businesses in terms of agility and scalability, not to mention cost efficient. However, because of the flow of data from both private and public environments, they do require a specific security approach to monitor certain vulnerabilities.
It is important for IT decision-makers to realise that a hybrid cloud environment will demand a completely different set of considerations. So, while they may be experienced in securing a public cloud solution, different steps will need to be taken in this instance. These include ensuring supply chain security, protecting data inflight and even preventing physical breaches of security.
So, let’s investigate why addressing these risks is especially important.
Securing the supply chain
Hybrid cloud environments tend to be made up of complex, integrated systems, using software applications from multiple vendors. Cybercriminals, therefore, can now target IaaS/SaaS/PaaS vendors and aim to access customer networks, and their hybrid clouds, through this in what is known as a ‘supply chain attack’.
The same logic would apply to a criminal looking to steal something from hotel rooms. Why would they steal individual rooms keys from guests when they could target the cleaner with a master key, giving access to all the rooms in the building? A successful vendor breach can give cybercriminals access to thousands of end-users much quicker than targeting them individually.
The best way for businesses to protect themselves against supply chain breaches is to adopt a zero trust architecture. These security systems work on a ‘never trust, always verify’ model, giving the bare minimum of system access for users to do their job. Using strong authentication can also aid in protecting a business’ system from attacks.
Protecting inflight data
When data is in motion, it is much more vulnerable. Businesses are more likely to be subject to data, theft, ransomware or ‘man-in-the-middle’ attacks when data is being transported between or within systems.
Data held in hybrid clouds move between different systems and environments much more frequently meaning they are more vulnerable to these threats. Businesses therefore need to be sure to configure their environments correctly to ensure data is secure.
Encryption is the key here. This involves converting data into a format that is unreadable either before it is transferred or stored in the cloud. For businesses handling sensitive personal or financial information, this should be a no-brainer as it ensures that even if criminals were able to access data successfully, they won’t be able to do much with it.
Having encryption in place will also generally make businesses less attractive as targets as cyber criminals know that any stolen data they access through a targeted attack would be unusable.
Physical security breaches
It is also important to remember that all the various environments (public clouds, private clouds, on-premises data centres and edge locations) which made up hybrid clouds should be physically secured, as well as virtually. Unfortunately, data breaches can occur via physical means for example through the insertion of ransomware, which can remain undetected until activated.
While data centre providers tend to invest a great deal in having robust security measures at their campuses including CCTV, anti-intrusion sensors, biometric authentication, and bollards, on-premises facilities tend to be more vulnerable and should take note.
Recommendations
With a huge range of security factors that businesses need to consider when implementing a hybrid cloud infrastructure, first and foremost, they need to focus on drawing up the right strategy. This could include network segmentation, using EDR software and regularly running VAPT. Ultimately, they should aim for a higher level of security than what exists on on-premises or public cloud infrastructure.
As cloud providers, we’ve seen a real increase in demand for managed service providers that help businesses secure their hybrid cloud infrastructure. So, in the future, we expect to see these options grow for our enterprise customers.
