How To Manage Data Sovereignty In Multiple Domains
One security issue related to hybrid cloud that’s discussed less frequently relates to geography. Transporting data across national boundaries raises concerns about data sovereignty, according to Brockway.
Cloud providers must comply with the regional jurisdictions where their data resides. Companies such as VMware offer tools that can ensure that data stored in the cloud satisfies local regulations.
Encrypting data is key to protecting it as it moves into a hybrid cloud, Brockway says. As data is transported from one environment to another, it must be encrypted to ensure that no exposure points exist, he explains. Companies must also ensure that no personally identifiable information is exposed as data sets move from one domain to another. In certain jurisdictions, encryption is another way to satisfy data governance requirements.
DIVE DEEPER: Discover the basic steps to optimize your organization’s hybrid cloud environment.
How To Maintain Visibility in a Hybrid Cloud Environment
Visibility across on-premises data centers and the public cloud is another challenge organizations face. Orchestration- and infrastructure-as-code tools allow companies to gain this visibility, experts say.
In addition, observability tools from companies such as AppDynamics, Cisco Systems and Splunk can expose blind spots on multiple networks, Townsend says.
Townsend also suggests that organizations use single-policy engines across multiple cloud and on-premises environments. Policy engines enable companies to develop rules and enforce them on a network using analytics and role-based permissions.
Visibility should take into account the microservices needed to manage cloud platforms. Integrating infrastructure will require securing the application programming interfaces for these microservices, Townsend suggests.
“Integration often relies on API calls, and many Software as a Service apps make hundreds to thousands of calls daily that are often not monitored and could be thwarted,” he says.
Logging security alerts in a single platform can help organizations manage incident response and maintain threat visibility across a hybrid cloud. Auto-remediation of violations will also be helpful, according to Yeoh.
“Having new systems that can help auto-detect and auto-remediate some of your policy violations are going to be really key going forward,” he says.