Mixed cloud: It's not that safe.

Although many people now call for a hybrid cloud, some IT managers are concerned about whether handing over all production applications to third parties will lose the real input of the local infrastructure. In such cases, a mixed environment can take advantage of public and private clouds.

But the hybrid cloud is not perfect; it still contains some security hurdles. Remember the following five questions when analyzing business and technical barriers to maintaining a mixed cloud.

Mixed Cloud Security 1: lack of data redundancy

Public cloud providers provide important resources to ensure that their infrastructure is available and accessible to end users. Despite the best efforts of cloud providers, the problem remains inevitable.

A number of advertised downtime events highlight the risk of running applications in a single data center and failing to recover from other data centers. Cloud architects need redundancy across data centers to mitigate the impact of single data center downtime. Lack of redundancy can be a serious security risk for mixed clouds, especially if data redundancy backups do not spread across the datacenter. Transferring virtual machine (VM) instances between data centers is much easier than in large datasets.

Cloud Architects can use multiple data centers of one vendor to achieve redundancy, or multiple public cloud vendors or hybrid clouds. You can also use a mixed cloud to improve business continuity, because this is not the only reason to implement this model. At the same time using multiple data centers from a single vendor, you can save costs and achieve the same level of risk reduction.

Mixed Cloud Security Issue 2: Compliance

Maintaining and proving mixed cloud regulations respect from more difficult. Not only do you have to make sure that your public cloud provider and private cloud provider are compliant, but you must prove that the two-cloud coordination is compliant.

For example, if your business processes payment card data, you may be able to prove that your internal system and your cloud provider comply with the payment Card Industry Data Security standard (Payment cards Industry data Standard (PCI DSS)). With the introduction of a hybrid cloud, you must ensure that data transfer between two clouds is protected.

In addition, you need to ensure that card data is not transferred from a private cloud's compliance data center to a less secure public cloud storage system. The vulnerability-prevention approach used by your internal system may not be translated directly into the public cloud.

Mixed Cloud Security Issue 3: SLA for poor architecture

You may be confident that your public cloud provider will consistently comply with the expected details of the service level agreement (SLA), but does your private cloud have the same SLA? If not, you may need to create SLAs based on two cloud expectations, probably based on your own private cloud.

Collect data under the display workload of your private cloud's availability and performance. Integrating public and private clouds to seek potential problems can destroy services. For example, if a private cloud's key business driver maintains sensitive and confidential data locally, then your SLA should reflect the limitations of using these services in the public cloud.

Mixed Cloud Security Issue 4: Risk Management

From the business perspective, information security is the management of risk. Cloud computing (especially hybrid cloud) uses new application interfaces (APIs) that require complex network configurations and challenge the knowledge and capabilities of traditional system administrators.

These factors introduce new threats. Cloud computing is no less secure than an internal infrastructure, but a hybrid cloud is a complex system in which administrators with limited experience can create risks.

Mixed Cloud Security Issue 5: Security Management

Existing security controls, such as identity authentication, authorization, and identity authentication management, need to work together in public and private clouds. To integrate these security protocols, you can only choose one: Replicate control in two cloud and maintain secure data synchronization, or use identity authentication Management services to provide a single service running in the cloud. Allocate enough time in the planning and time stages to address these fairly complex consolidation issues.

The introduction of hybrid cloud is not only a technical problem, IT managers need to address security issues. By understanding and mastering these five barriers, the hybrid cloud will provide more benefits.