The common mantra among companies today is to do more with less, working faster and more efficiently than ever before while keeping an eye on the amount of money you spend to do so.
It may seem counterintuitive to spend less money to do more innovative, forward-thinking work, but that’s the promise cloud computing offers: To bring agility and flexibility to your creaking IT infrastructure, catering to today’s BYOD world where you can access apps, websites, countless data points, and other resources on any platform you need – from desktops and laptops to tablets, smartphones and your Apple Watch.
Before you light a match and set fire to your server room, know that you can create a successful IT strategy combining your existing on-premises infrastructure with cloud computing, also known as “hybrid IT”.
Hybrid IT, however, introduces new cybersecurity challenges you can’t address with your current compliance technologies. You can’t fix 21st century problems with 20th century methods. Here are three ways you can craft a hybrid IT plan that enables you to take advantage of today’s disruptive tech trends while ensuring your data is secure.
One: Establish who is responsible for security.
When you create a hybrid IT environment, you are combining your existing infrastructure with a third-party cloud service provider such as Amazon Web Services (AWS) or Microsoft Azure. First, you need to understand what you’re doing in the cloud. Are you dipping your toes in software-as-a-service (SaaS) applications, such as customer relationship management and file sharing apps like Dropbox, or are you building application and development environments in a platform-as-a-service (PaaS) or infrastructure-as-a-service (IaaS) model with AWS or Azure?
You cannot assume the cloud provider will take care of every single security issue – it just doesn’t work that way. Draw clear lines of demarcation for who is responsible for what facet of your cybersecurity. In a SaaS model you are still responsible for your data; cloud providers are only really responsible for network connectivity. If it’s a PaaS or infrastructure-as-a-service model, you’re not only responsible for data, you’re also responsible for the operating system and the application.
Hybrid literally means a combination, so think of your hybrid IT environment as one single environment that requires one single, consistent security strategy.
Two: Adopt a workload-centric mindset to instill security controls across your IT environment.
Consistency, again, is of paramount importance here. The cloud gives you the flexibility to access more computing power when work is at its busiest and your on-premises IT infrastructure is running at maximum capacity, also known as cloud bursting. The great thing about this is you can then scale back down once you return to normal demand, which is much more cost-effective than buying and maintaining too much hardware on the off chance you need more power.
The business benefits are clear, but the security issues that come to the fore are important to address. Every time you spin up cloud computing resources to meet high demand, you expand your exposure to cyberattacks. It’s vital you automatically provision security controls alongside these newly provisioned servers and workloads to ensure you don’t weaken your security posture while you’re busy meeting business demands.
Implement standard security controls into every workload so you are safe every time you scale up or down. One way to accomplish this is through a SecDevOps (Secure Development and Operations) program that brings development and operations teams together. You bring more agility into your business and make it more flexible and adaptable to changing situations, such as cybersecurity.
Three: Don’t just rely on compliance certifications your cloud vendors possess.
It’s a good start, but you need to cover all your compliance bases with a combination of provider certifications and your own. Why? There are too many different regulations today, including HIPAA, PCI, and Safe Harbor, critical for keeping customers’ data safe and ensuring there’s a clear audit trail for where the information is stored and how it’s used.
When you have a hybrid IT environment, you could have information stored on-premises, in the cloud, or both – again, you have a shared responsibility with your cloud provider for the safety of this data. New guidance published by the Cloud Security Alliance recommends masking or removing personally identifiable information such as customer names, addresses, and social security numbers. It also recommends implementing strong encryption methods such as AES, RSA, or Secure Hash Algorithm 2 because of the inherent weaknesses in non-relational databases, such as NoSQL. Code and encryption keys should be stored separately from the data storage or repository, and backed up offline in a secure location.
Look for a security and compliance solution that works both on-premises and in the cloud so business and cybersecurity can work together to help you meet your needs. US Cyber Vault can help. We work with companies in various industries to deploy secure cloud environments with Vault, our flagship solution. Vault protects your assets with hardened security implemented at every layer, from hardware to application. Military-grade encryption is applied to all your data and communications by default and the speed of our threat detection is unparalleled: less than 24 hours, not the industry standard of 7 months. If an unplanned event should occur, countermeasures trap the attacker and mitigate damage while our seasoned cyber-intelligence team responds immediately.
US Cyber Vault also works with you secure your existing IT environment with Shield, which instantly detects and neutralizes cyberthreats before they reach your network. Our expert team of cyber intelligence agents – combined with distributed denial of service protection, next-generation firewalls, advanced malware, intrusion protection and detection, and data loss prevention technology – will secure you from threats without expensive purchases of brand-new IT infrastructure.
Written by Rob LaMear, CEO, US Cyber Vault
Once a month we share where we will be speaking in the world as well as expert opinions on cyber security, data loss prevention, and information security that we like from the larger community. Receive our next issue by signing up here.