Balancing security in hybrid cloud environment

In hybrid cloud environments you can actually setup higher security than needed. A balanced level of security is a matter of overview, expertise and costs.

Private cloud and public cloud combined is hybrid cloud. Under the clouds, physical data centers are hiding. Thus, two or more different security plans are needed.

“Also on safety, private clouds are characterized by greater layout flexibility than in public clouds,” says Esten Hoel, SVP Quality & Security in Basefarm.

Often, security from private cloud services is delivered as a basic package with the opportunity to add additional services. Private cloud service providers work dedicated with each customer, in Basefarm’s case with dedicated customer teams. Such vendors manage the customer’s IT operations. They will thoroughly analyse customer needs and recommend a sensible security services combination.

Consultant supported self service

«Also, public cloud providers give you basic possibilities and a choice of add-ons,” says Arvid Grøtting, Chief Information Security Officer in Basefarm.

«But, it’s a little more like in a self-service shop where you pick the goods from the shelves. Whether or not the security solutions you pick are appropriate, is for you and your consultants to decide».

Physical security is also a matter of great importance. Fortunately, professional providers has this in place and documented – also concerning their IT security systems.

Hoel explains that many companies use private clouds for production and public cloud for development. In such a layout, it should be possible to make sure sensitive personal data never even reaches the public cloud

In other use cases, businesses choose to distribute data to public cloud locations closer to customers, to avoid latency; slow response times.

Compliance is crucial

«This illustrates two situations which require different security settings,» says Hoel.

«When data is involved, compliance is also crucial. You should choose a setup where you comply with todays rules. The setup should also provide the flexibility for changes on relevant data protection legislation. I guess there will always be ongoing political and legal considerations and litigation that affect compliance. To stay ahead, you need platforms that are prepared for quick changes and a partner with a holistic overview and responsibilities.»

Hoel points out that you with two different platforms need to solve security twice, often with different tools. Naturally, for example two Unix environments or two Microsoft environments will not be completely different. Still, you need to focus and know what you are doing..

Risk assessment

«In Basefarm we like to start the journey by taking the customer through a risk assessment process. In principle, it may be tempting to make all possible efforts and fill your security shopping cart with all available items. But, this can be costly and sometimes even reduce the users experiences, he says.

«Based on the security assessment, we then perform the setup. We also have our own staff dedicated to compliance and whom follows the legal movements in this area.»

Also, when data transfer between private and public clouds is needed, Basefarm will analyze the situation and prescribe solutions for encryption and protocols.