Hybrid cloud infrastructure security best practices

24/07/2021

Hybrid infrastructures, which combine physical servers, on premise or private cloud IaaS platforms, with one or more public cloud services are increasingly common.

This modality offers a series of advantages by offering flexibility, versatility and scalability, while diversifying providers to avoid dependencies. And all this without the need for large investments in IT infrastructure and with a high degree of control over your critical data and applications. 

This kind of infrastructure has a high level of adoption. According to a 2020 study by O’Reilly, 39% of organizations use a hybrid cloud infrastructure. The study also points to an increasing use of the cloud by companies – trend that is set to continue. 

Hybrid infrastructure security challenges 

While a hybrid infrastructure offers many benefits, their deployment requires various security considerations to be taken into account. The complexity of such infrastructures presents a series of challenges when it comes to managing their security. 

Migration, interoperability and configuration 

Setting up all systems and components securely is key to preventing unwanted access and leaks. A phased cloud migration strategy will help you maintain control over the process and configure and test each element to maintain a high level of security. 

In order to take advantage of the flexibility and scalability of the cloud, it is important that firms integrate well all the different technologies with which they have built their infrastructure. Ensuring the interoperability of the different elements is essential for taking advantage of the hybrid infrastructure, and is an area that needs to be determined at the beginning of the architecture-planning phase. This will make the execution of the plan as well as business and security objectives easier to achieve. 

Monitoring and visibility 

The diversification of services that make up a hybrid architecture should not impede the monitoring of critical equipment. A monitoring solution allows firms to integrate different systems, centralize data capture from different environments, and manage alerts and automatic responses to events. 

The scale at which a hybrid environment operates requires a solution that enables the integration, processing and analysis of the various data sources, in order to visualize anomalies and possible threats in real time. Automating responses through configuration changes and code execution is crucial for responding as quickly as possible to mitigate potential damage and avoid outages. 

Risk evaluation 

Developing a risk profile allows firms to assess and quantify the risks their infrastructure faces and identify the resources and security budget necessary to address them.

With a risk profile firms can implement proactive policies to mitigate these risks, reducing possible threats. 

Human errors 

According to a study carried out by Gartner in 2019 and cited by the Wall Street Journal, 95% of data leaks in the cloud are caused by human errors, such as configuration errors in access policies, outdated systems or even architecture design flaws.

Cloud security adheres to a principle of shared responsibility. Although public cloud providers provide a certain level of security, it is the responsibility of each customer to secure their documents, communications, and servers. 

Eliminating security threats caused by human error requires taking certain steps. A training policy is recommended so that each member of the team knows how to manage and implement security measures and avoid the most typical errors that could put the firm’s infrastructure at risk. Having an in-house team of well-trained specialists will also reduce the risk of errors and internal threats. 

Data Protection 

Another key challenge in hybrid infrastructures is data protection. The transfer of data between the private cloud or on-premises computers and the infrastructure in one or more public clouds is a potential risk, especially if open connections are used. In such cases, the best thing to do is to use an interconnection service with public clouds that provides a secure, direct, private and reliable connectivity, avoiding the public internet. 

Keeping data encrypted is also necessary to ensure its security, both while it is hosted and when it is transmitted. This may mean having to decide whether to sacrifice a degree of performance for the benefit of security. 

In any case, for security and regulatory compliance reasons, the most critical data should be located in the private part of the infrastructure, either on an IaaS platform or on-premise servers, thus solving any issue related to the legal location of the data. 

Cybersecurity best practices in hybrid infrastructures 

1. Apply the principle of least privilege. Services, applications and users should only have access privileges to the data and servers they need. This will limit the damages that can occur if an attacker manages to gain access fraudulently. Configuring identity and access policies allow firms to regulate access to information in a granular way. Implementing these policies correctly requires paying attention to the differences in the way firms manage access to in cloud and on-premises infrastructure; this allows firms to increase security by strictly implementing the least privilege policy. 
2. Constantly audit your systems. Establishing a system of periodic audits allows firms to identify configuration problems and adapt their systems to the needs of each moment, optimizing their resources, eliminating bottlenecks and ensuring legal compliance with regulations such as the GDPR.
3. Secure all public equipment. Servers, routers, smart devices, sensors … in a hybrid infrastructure, the number of publicly accessible computers increases. This means there is also an increase in the attack surface and risk. Access controls, firewalls and other security measures on the network allow firms to keep computers secure in a scalable way as their infrastructure grows. 
4. Implement disaster recovery strategies. As in any other type of infrastructure, having a backup system and a business continuity and disaster recovery strategy allow firms to recover their systems and data in the event of a disaster or attack. Although many cloud solutions have built-in backup and recovery systems, it is necessary to configure similar solutions for on-premises teams or the private cloud where firms have the most critical and sensitive data and applications. Ideally, for a higher level of protection, their backups should be located at different geographical points in their infrastructure. 

Hybrid infrastructures: complex environments with specific security needs 

The complexity of a hybrid infrastructure is determined by the way it combines different environments. However, at the highest level, the security challenges implied by such complexity are not so different from those of other infrastructure typologies: understanding the level and types of threat from malicious actors, and applying best cybersecurity practices enable firms to maintain a safe and reliable environment.