Operating a hybrid environment – one that’s a combination of on-premises and cloud technologies, continues to grow in popularity, with 45% of organisations currently taking this approach. One potential reason for this uptake is that it’s often easiest for organisations to start with a hybrid option initially, before migrating completely to cloud. For others, this intermediate phase becomes a more permanent part of their strategy.
A hybrid strategy has numerous benefits:
- Increased agility, flexibility, and productivity
- Cost reductions related to on-prem hardware, power, and maintenance costs
- Enhanced visibility, automated security, and compliance
However, in a hybrid cloud environment, IT organisations must meticulously consider their cyber security posture, as the integration of private and public networks presents unique vulnerabilities that could potentially compromise defences.
The need for a security posture update
The consequences of ignoring hybrid cloud security can be costly, both financially and to productivity. “Ponemon shares that there’s a significant decrease in the time it takes to identify and contain a breach for organisations that have no cloud security maturity as compared to those who are in the mature stage,” explained Ryan Crochet, Fortra’s Alert Logic Sr. Product Marketing Manager. “For example, the time it takes to identify and contain a breach is a direct determining factor in the costs associated with that breach. There’s a $750,000 difference in the average cost of a breach based on maturity level.”
Just as with an only on-prem environment, some organisations hesitate to accept the fact that it isn’t if they are going to experience a threat or some sort-of incident in their hybrid environment, but when it is going to happen. Security strategy and preparation from the beginning of the decision to adopting a hybrid option is the key to keeping threats at bay.
5 Hybrid cloud security challenges
As you prepare to secure your hybrid environment, understanding the cloud security challenges ahead makes the process easier to navigate. Five of the top hybrid security challenges are:
Increased complexity: “In a cloud environment, businesses have a tendency to overly deploy, getting things into the cloud as quickly as possible, forgetting there are some security practices that go hand-in-hand with the deployment,” explained Zuri Cortez, Fortra’s Alert Logic Principal Sales Engineer.” With a hybrid environment, the information framework is more complex; more complexity can equate to more vulnerability and potential blind spots. Keep security top of mind during your hybrid cloud migration journey including awareness of potential misconfigurations and improper identity and access management.
Shortage of cyber security experts: “Probably the biggest hybrid cloud security challenge is the shortage of expertise, as there just aren’t enough security professionals to fill all the needs,” said Cortez. “This challenge isn’t going to go away anytime soon.” If you have in-house security team members, consistently train them in areas such as emerging threats. If you have a gap, make sure you partner with the right external services organisations to provide the security you need.
Shifting security responsibilities: “As businesses shift into the cloud, some have gotten lax on risk and responsibilities as far as what they are responsible for and what the cloud provider is responsible for,” said Cortez. “Organisations can’t forget that there are best practices that need to be applied as there is a shared responsibility model for operating with a cloud provider.” If you operate in a hybrid environment, make sure you know what your responsibility is and what is the responsibility of your cloud provider. Within your organisation, establish a culture where security is everyone’s responsibility.
Misunderstanding/overselling tools: There are numerous tools available to help with your hybrid security strategy. But with some service providers, there’s a lot of ambiguity when it comes to what service they actually provide. If you’re looking to partner with an external service provider to help fortify your security strategy, make sure you really understand the proposed service or tool to determine if it’s the best fit for your environment before you move forward. You don’t want to purchase a tool and then realise, “this is not enough” or “this is way too much.” Ensure you’re choosing a partner who can meet your specific requirements and whose coverage and solutions meet your defined outcomes.
Managing and understanding the data: Some organisations are not prepared to handle the amount of data that is going to come down the pipe to them once they are operating from a cloud environment. And the reality is, it’s more than collecting the data, it’s being able to familiarise yourself with the data to minimise risk. As you move forward with your hybrid cloud strategy, be realistic about your organisation’s ability to manage data volume.
3 benefits of automation to overcome hybrid cloud security challenges
Automation adoption is on the rise; in fact, in 2022, it was at an all-time high. Based on findings at Ponemon, fully automated organisations grew from just 21% in 2020 to 31% in 2022. Despite the complexity associated with automation, organisations can reap substantial benefits from its implementation:
Increased Efficiency: Research indicates organisations that have adopted automation in their best practices experience a reduction of 74 days in the time it takes to identify and contain a breach. With automation and AI, your team members can focus on prioritised tasks that bring value and speed to the way your organisation operates. From a volume standpoint, automation and AI allow for data-driven learning that can help to prevent future risk.
Cost reduction: Businesses that go from not deployed to partially deployed automation achieve a $2.5 million decrease in the average cost of a breach when utilising AI and automation. The utilisation of AI automation leads to further cost reduction through increased efficiency and accuracy in threat detection, response, and remediation processes.
Enhanced productivity: Automation alleviates the need for your team members to spend time on tasks identified as trivial, keeps false positives in control to maintain uptime numbers, and minimises human reaction to every alert. Implementing AI automation reduces manual efforts for routine tasks, enabling security teams to focus on more complex and strategic activities such as threat hunting. Automation and AI also can be of interest to potential security employees who know they’ll be able to focus on higher impact work as well as help you to retain existing talent.
“Automation is not a replacement to what you already have, it’s a supplement to bolster your security posture within your organisation,” said Crochet.
Achieving hybrid cloud security
For many businesses, ensuring their security posture meets the needs of their hybrid cloud environment means partnering with a service provider to reach their desired outcome. Using managed detection and response (MDR) as your hybrid cloud security solution provides the flexibility and security necessary for this environment.
Advanced work with security partner – Fortra’s Alert Logic, to provide organisations with fully managed security for any environment, including hybrid, on-prem, public cloud, and private cloud. With security and compliance needs that adapt as your hybrid environment changes, Alert Logic MDR gives you 24/7 coverage for every stage of your cloud journey.
Get in touch today to learn more.
Guest blog written by Forta's Alert Logic