Avoid Hybrid Cloud Gotchas: Data Security Strategies

Bryson Hopkins


In my last post, Avoid Hybrid Cloud Gotcha – Part 2: Data Security, I identified where the line between a company’s and cloud service provider’s (CSP) security practices is drawn. Now, I’ll provide strategies that will allow companies to bridge the gap between their protection policies and procedures and those of CSPs, helping to secure enterprise hybrid cloud infrastructures today and well into the future.

Extend your security boundaries

Many IT teams are aware that shadow IT exists in their enterprises, however, they are often unaware of the extent. A survey by the Corporate Executive Board Company shows that chief information officers (CIOs) from 165 organizations (representing more than $47 billion in IT spending) estimate shadow IT to be 40 percent beyond the official IT budget. Given the breadth and accessibility of cloud services within an enterprise, it’s high time businesses learned how to securely incorporate cloud services into their IT plans. They must provide a path that safely and quickly allows for adoption of cloud services within the enterprise and embrace those outlying cloud services within existing IT security perimeters.

Cloud services are changing the game when it comes to the security and protection of information and assets. The old “network security boundary” drawn cleanly around a company’s physical location and isolated network infrastructure is no more. Firewalls and intrusion detection tools can’t monitor all ingress points because enterprise data is increasingly distributed in cloud-based applications that aren’t owned or operated by the IT department. Instead of securing a singular digital fortress, information security teams are now safeguarding many small islands of data/service which exist outside the traditional corporate security boundary. CIOs and chief security officers (CSOs) must adapt their security mindset to incorporate distributed cloud services that house their data and extend their security boundaries.

Sharing is a good thing

Shared security responsibility is now the new norm. Oftentimes, a company’s unique organizational requirements for data protection will force it to use encryption for both in-transit and at-rest data. Back to the analogy I made earlier, companies need to secure and protect their many small islands of information – whether on-premises or in the cloud. What companies need to factor into their security planning is that CSPs will provide security controls up to a certain point and then assume their customers will add additional layers of security according to their corporate policies.

Platform Equinix enables and facilitates an additional layer of security for accessing cloud services by letting companies connect their enterprise network to CSPs over private data connections, not public networks. With these private connections, enterprise data doesn’t traverse the Internet and isn’t subject to the unpredictable traffic congestion, lag times and data exposure risks inherent in public networks.

Using our interconnection solutions, companies can logically extend/consume services over a private, dedicated connection to a CSP of their choice. Data traffic will flow from the enterprise IT infrastructure over a secure, dedicated fiber link that interconnects directly with cloud services within the same data center. This is a powerful concept in security.

Direct interconnections in our data centers are increasingly used to gain private access to cloud services (e.g., AWS and Azure), managed services (e.g., hosting and private storage) or communications services (e.g., metro Ethernet and broadband networks). More than 450 cloud service providers are available within Equinix, and many of them offer direct interconnection to their cloud infrastructure via Ethernet, Equinix cross connects or Equinix Cloud Exchange.

Consider infrastructure-as-a-service (IaaS) providers: Equinix has the ability to privately link a company’s existing network with a cloud provider’s IT infrastructure and avoid routing over the public Internet. This link enables the logical (and secure) extension and bridging of networking routing domains between the company and CSPs.

So when it comes to hybrid cloud data security, sharing can be a good thing. The trick is to ensure that everyone involved in the delivery, consumption and protection of the data moving between your company and the cloud services you use are all working in unison to bridge any security gaps.

Check out our Cloud and IT Services to learn more.