With the digital transition to the cloud accelerated by the pandemic, businesses and users worldwide need to think more about security. One way to deal with a multitude of security issues within the cloud domain could be adopting the hybrid cloud.
The International Data Corporation (IDC), a market intelligence company, claims that a staggering 90% of new enterprise applications will be cloud-native by 2022. With the majority of the businesses adopting cloud, questions about cloud security become unavoidable.
Johannes Drooghaag, EU director at the Global Cybersecurity Association (GSA), a not-for-profit cybersecurity association based in Zürich, thinks one way to mitigate growing risks is the hybrid cloud model.
Hybrid cloud solutions aim to combine a private cloud with one or more public cloud services, enabling communication between different services. One of the key advances hybrid cloud offers is more substantial control of one’s data since only necessary operations need to be carried out using public cloud service providers.
When we are not optimizing and controlling its usage, we could end up paying significantly more than we did before,Johannes Drooghaag.
According to Drooghaag, maneuvering between public and private clouds allows businesses to take responsibility for data under their control, which helps build trust with the end-users who know who is the owner of their data.
Private data, for example, could be stored in a secure private cloud, whereas services that employ that data could run on easily accessible public clouds. Drooghaag thinks that this allows to run a smooth operation, retain clear responsibility for data, and tighten cybersecurity.
“It also opens doors for us to implement the zero-trust model in which we create significantly better protection of the data that we own […] and still enjoy all the flexibility that those wonderful ecosystems and development environments offer,” he said during ‘The Global Dilemma. Meeting the AI, Cybersecurity & Cloud Challenges. Looking Beyond’ conference organized by the GSA.
Drooghaag noted that many companies make a fatal mistake by trying to transition too quickly. That often means that businesses move their existing environments to the cloud, bypassing optimization for the cloud. Not only does that not allow to use all the benefits of the cloud-native technology, but it might also increase operational costs.
“When we are not optimizing and controlling its usage, we could end up paying significantly more than we did before. And when we then analyze where the majority of the cost is, we see that data, especially when we have large domains of data, can be a big part of the price,” Drooghaag said.
He noted that data protection plays a bigger role due to divergence in regulations in the US and the EU. The CLOUD act in the US authorizes access to data, no matter where it is processed, and according to Drooghaag, companies recognize that as a serious risk.
One of the critical issues related to cloud-bound data refers to the storage of data that is not being used. Drooghaag notes that there are few problems with data in transit and data in the process, but the same cannot be said about data in rest.
He notes that 90% of the data breaches in the past years are related to data in rest, when data that is not actively processed was leaked or stolen. A hybrid cloud-based solution would allow keeping encryption keys in the private cloud, whereas firms could store encrypted data on public clouds for organizations to use.
The same rationale, Drooghaag thinks, can be applied to companies that are unwilling to share sensitive information from foreign organizations or competitors. In theory, the hybrid cloud would allow for storage of intellectual property privately, while services based on that property would be supplied via public cloud solutions.
Earlier this year, IBMs Arvind Krishna also discussed the push towards hybrid cloud rather than focusing on a private or public cloud solution separately.
He emphasized that to avoid attacks similar to one that struck Solarwinds last December, companies need to leverage heterogeneity to reduce the probability of becoming a single point of failure.
“We can do the analogies to biology. If you don't generally have only one organism but one DNS system, it can get attacked by a certain, let’s say, a virus, so we can all get attacked by the same thing. If you have a lot of heterogeneity across species, then you tend not to have the same vector of attack for everyone,” Krishna said in February.
More from CyberNews:
Subscribe to our newsletter