Securing a hybrid cloud architecture: What are the customer's duties?

For many organizations, hybrid cloud is an essential part of the IT picture, providing a way to harness the growing resources of public cloud while keeping sensitive data and fragile processes protected from the uncertainties of operating in the "cloud" at-large. Hybrid cloud implementations often vary substantially based on internal factors and the systems being linked together. This means added security uncertainties and a heightened need for careful, proactive steps. But what's involved in securing a hybrid cloud architecture? MSDW reached out to cloud security pros for perspectives on how to maintain uptime while shutting out would-be attackers.

The ingredients of weak security

All too often, security vulnerabilities creep into hybrid cloud deployments from far upstream. Depending on the organization, developers may not have subjected code to a secure software supply chain. At every step, poor compliance, a lack of encryption or lackluster data redundancy can inject new vulnerabilities. StratusPointIT information security consultant Mihai Corbuleac told MSDW:

With hybrid cloud, organizations have the opportunity to keep some types of sensitive data, such as personally identifiable information (PII) on-premises while still embracing the enormous scaling potential of public clouds. Microsoft invests a lot in improving hybrid cloud security, with Azure Active Directory alerting you to stolen credentials or simultaneous logins to managed devices and applications from different locations; with services like Clutter and Delve for prioritizing documents, Power BI providing historical business intelligence and real-time analysis of data from cloud services and your own SQL Server apps or the Operations Management Suite that analyzes your server setup and warns admins about potential attacks etc.

Umesh Padval, a partner at Silicon Valley-based cloud infrastructure venture capital firm Thomvest Venture  argued that organizations need to create a comprehensive plan for implementing hybrid cloud, assess their security posture, and make tough decisions about security and cost relative to on-prem systems and legacy apps. He said: