momius - Fotolia
Following the major breaches at retail giants Home Depot and Target, cloud security typically tops an organization's list of concerns. And while cloud wasn't directly responsible for these breaches, it's critical to secure sensitive data within the hybrid cloud -- especially if that data is stored or processed in the public cloud. Security breaches damage a company's image, deter customers and result in significant penalties, so it's vital to address security during hybrid cloud planning instead of after a breach.
Data and business protection drive cloud security. To avoid hacking, data interception or data leakage, enterprises can encrypt data in transit and at rest. While there aren't specific standards or practices for hybrid cloud encryption, it's important for hybrid cloud operators to select an encryption platform that works seamlessly between public and private clouds.
Meanwhile, some public cloud providers, such as Amazon Web Services (AWS), include encryption. AWS Simple Storage Service includes encrypted data transfers and automatically encrypts uploaded data. However, if your cloud provider doesn't include encryption, third-party encryption tools, such as Boxcryptor and CipherCloud, can handle it.
Regulatory compliance is another major component of hybrid cloud security. Government regulations restrict where, geographically, sensitive data is stored. Even though cloud computing erases political borders, data still resides on physical hardware subject to local government jurisdictions. And because not all jurisdictions equally enforce intellectual property protections, companies may have to use cloud providers with guaranteed regional presence.
It's important for hybrid cloud operators to work with public cloud providers to maintain geographic limitations -- and to iron out those terms in any service-level agreement (SLA).
Finally, to monitor private and public cloud activity, as well as identify events including unauthorized data access, data leakage or breaches, hybrid cloud adopters must use security tools and policies.
Don't ignore performance or SLA enforcement
While it's important to understand a provider's SLA, it's just as critical to monitor a provider's performance and ensure SLA enforcement. Public cloud providers try to sell more computing resources, while private cloud workloads fluctuate. This means hybrid cloud traffic and load conditions are always changing, so acceptable performance today may not be acceptable tomorrow.
To maintain a positive user experience and ensure providers deliver the service levels promised in the SLA, continuous and proactive performance monitoring is essential. Businesses can employ third-party tools, including those from ScienceLogic, Zenoss and Cloudyn, to help monitor performance.
Hybrid cloud administrators can track performance and make educated decisions about computing capacity. For example, administrators can suggest when it's time to migrate a public cloud workload to a larger VM instance or allocate additional computing resources to a private cloud workload. Tools can also help identify public cloud downtime or other availability issues that might violate SLA terms. While such violations yield few, if any, penalties for the provider, monitoring can prompt the discussions that lead to corrective action.
Stephen J. Bigelow is the senior technology editor of the Data Center and Virtualization Media Group. He can be reached at [email protected].
Creating a hybrid cloud from your private cloud model
Building a hybrid cloud requires control
VMware reinforces its hybrid cloud push
Dig Deeper on Building and maintaining a hybrid cloud
Related Q&A from Stephen J. Bigelow
Learn how load balancing in the cloud differs from a traditional network traffic distribution, and explore services available from AWS, Google and ... Continue Reading
Access management is critical to securing the cloud. Understand the differences between AWS IAM roles and users to properly restrict access to AWS ... Continue Reading
Containers have rapidly come into focus as a popular option for deploying applications, but they have limitations and are fundamentally different ... Continue Reading