The first is the public cloud, where cloud services are provided through the public Internet. The second is the private cloud, whose infrastructure is designed specifically for the single-minded use of a single organization, and is typically managed and administered by the Organization. The community cloud is configured for a dedicated set of users who share common business interests and operational issues (such as security or compliance requirements).
Finally, the hybrid cloud, as defined in the National Institute of Standards and Technology (NIST) SP 800-145, is a combination of two or more different cloud infrastructures (private clouds, community clouds, or public clouds) that maintain the independence of their entities, The combination of standard or proprietary technology enables data and application portability [for example, the load-balancing technology used by the cloud for peak use of cloud resources]. ”
The hybrid cloud is actually a compromise between the public cloud and the private cloud: They provide "the best features in the world", such as the flexibility and availability of public cloud aggregation resources, and private cloud services and specialized security rules. In this article, we will describe the best practices for enterprise hybrid cloud security.
The security of mixed cloud
In a mixed cloud environment, security issues must be addressed at multiple angles. For example, security issues must be addressed where data is moved and moved Izumo, and security issues must be considered for data residing in the cloud. In the main security control measures, data encryption technology is one of them. Prior to implementation, the user should decide whether to encrypt the storage state and transmit state data, and then investigate whether the cloud vendor can accept your encryption requirements. Additional security considerations include determining whether firewalls and other security devices require ICSA authentication, ensuring the security of local data center services and applications, providing security for linked to cloud applications, and ensuring that data stored in more than one cloud environment is secure and secure the connection between your mobile device and your mixed cloud. Technologies to achieve these goals include updating and hardening firewall rules, extending the use of intrusion detection systems and other network monitoring devices to determine whether there are potential malicious code in transit, reviewing update access policies and permissions to prevent unauthorized access , verify both by using dual authentication, smart card, and certificate of authentication before linking cloud resources to your own infrastructure, and even establishing an open source virtual private network (VPN) security link between the cloud and the enterprise.
When addressing mixed cloud security issues, you should achieve an equivalent level of goal from a security perspective between your dedicated infrastructure and your cloud infrastructure. If this is not possible, then you may need to define the data set and system security parameters, and then check with the cloud vendor to see if they can comply with your security specifications. Keep in mind that some applications, such as financial systems, must also consider security concerns related to regulatory compliance. In addition, an organization's ability to proactively manage and influence the security of its cloud-based systems and applications will be a key consideration.
Security advantages and limitations of mixed cloud
The hybrid cloud provides a suitable "mix" of computing resources, so you can build the most efficient and cost-effective operating environment on this basis.
An example of a hybrid cloud is the combination of NetApp and Amazon Web Services (AWS), in which the AWS private storage allows the enterprise to build a cloud infrastructure that balances dedicated resources and cloud resources. Another example is an organization (such as a holding company) that provides systems and services for multiple markets through individual organizations. Each organization may have its own unique service delivery, storage, and network requirements.
Another advantage of the hybrid cloud is the opportunity to leverage multiple resources to achieve the services and performance levels you need. For specific needs, you can get the resources you need and pay for this part of the resource. In theory, if there are various applications and other requirements (such as disaster recovery), then this is very meaningful and can be achieved by changing the way each solution is delivered in one or more clouds.
However, all of these flexibilities have their drawbacks. Today, the hybrid cloud needs to address security and management challenges because you have to monitor the vast array of resources you have. For example, in a hybrid cloud and/or multiple cloud environments, there are often opportunities for more security vulnerabilities, because there are more "entry points" for malicious code implantation in your network and your cloud provider's network. Even assuming that every cloud you use has first-class security and perimeter protection, there is no guarantee that the data transfer between the cloud and the equipment resources is truly secure unless you use some of the options we mentioned earlier, such as linking cloud and corporate network VPN, powerful firewall rules, Powerful data encryption technology and dual authentication strategy.
Professional security professionals should constantly try to reduce vulnerabilities around their networks as much as possible. Using a mixed cloud configuration or simply using multiple clouds can only increase the likelihood that a perimeter vulnerability will occur. You may also need multiple management systems to monitor the different cloud assets you are using. Not only can this increase your overhead, but it can also make it difficult to monitor data flow and malicious code across network traffic.
Another reason that security is a challenge for mixed clouds and multiple cloud environments is that once you migrate systems and data outside of your control, you will need to spend a lot of effort to ensure that the cloud service provider's security controls are protecting your system and data. If you use only your own monitoring tools, that may not be enough to meet your needs; You may not be able to penetrate the other cloud "internally" enough to proactively monitor traffic.
Security recommendations
Start by identifying your technical requirements in advance, such as storage capacity, network bandwidth and latency, and adequate workload processing capabilities. Second, determine how many different cloud resources you may need. See if you can reduce the number of cloud service providers by centralizing multiple workloads and requirements in fewer cloud vendors; Define your security requirements for each application beforehand; Cloud vendors provide these details to ensure that they meet these requirements; Determine what data will be transferred across cloud services, And should try to minimize these transmissions, as this will provide an opportunity for hackers and malicious code. Finally, review the security capabilities of cloud service providers and ensure that they can always meet your needs and ensure that cloud service providers use ICSA-certified equipment in as many locations as possible.
Moving an existing application running on a virtual machine from an enterprise environment to a similar virtual machine in a public cloud sounds like a viable way to go. For example, check to see if the cloud environment is running a virtual machine management program that is different from VMware. Also, determine how your approach to managing security needs to change, because you now need to manage more than one environment that doesn't belong to you.
If you can overcome potential security risks and address the challenges of resource management, performance management, and network management, the hybrid cloud is of great significance to you. In perfect circumstances, a system should run in the most appropriate environment, and its resources would match its work appropriately. The prerequisite, of course, is that the hybrid cloud environment can provide all the required resources when needed.