User:Shawndouglas/sandbox/sublevel1

From LIMSWiki
Jump to navigationJump to search

The Flexera 2020 State of the Cloud Report and its associated survey found that 87 percent of respondents had already taken a hybrid cloud stance for their organization and 93 percent of respondents had already implemented a multicloud strategy within their organization.[1] A 2020 report by IDC predicted 90 percent of enterprises around the world will be relying on some combination of hybrid or multicloud with existing legacy platforms by 2022, though they may not necessarily have a sufficient investment in in-house skills to navigate the complexities of rolling out those strategies.[2] These complexities were discussed in Chapter 1; hybrid cloud reveals a greater attack surface, complicates security protocols, and raises integration costs,[3][4] while multicloud brings with it differences in technologies between vendors, latency complexities between the services, increased points of attack with more integrations, and load balancing issues between the services.[5] Broadly speaking, these complexities and security challenges arise out of the fact more systems must be integrated.

As of April 2021, four providers of hybrid and multicloud technology and services stand out: Cisco, Dell, HPE, and VMware. These providers don't provide public cloud services but rather take a service-based approach to supplying hardware, software, and managed services to assist customers adopt a hybrid or multicloud approach for their business. From a security perspective, we have to ask at a minimum three questions about these companies:

  • How do they manage your data and security in a trustworthy way?
  • How are cloud technologies and services developed and audited for security?
  • What public CSPs do they publicly state their technologies and services support or integrate with?

In this context of trust, these companies should have a "trust center" that helps consumers and enterprises find answers to security questions about their cloud technologies and services. A trust center was found for three of the four CSPs; HPE's trust center could not be located. Whether through internal secure development processes or external auditing practices, the security of the technology and services offered by these providers remains vital, and they should be able to demonstrate by explaining their development and auditing processes. Additionally, hybrid and multicloud providers should make clear which public CSPs are supported for or integrated ideally with the provider's hybrid and multicloud services. Not all public clouds are fully supported by these providers. See Table 6 for links to these three security and interoperability aspects for each hybrid/multicloud CSP.

Table 6. Providers of hybrid and multicloud technology and services, their trust center, their development and auditing practices, and supported public clouds
Company and offering Trust center Development and auditing practices Public clouds supported (U.S.)
Cisco CloudCenter and UCS Director Link According to a 2019 document, Cisco is "evaluating SOC 2 as a potential roadmap item" for CloudCenter. Alibaba, Amazon, Google, IBM, Microsoft
Dell Technologies Cloud Link Link Alibaba, Amazon, Google, IBM, Microsoft
HPE GreenLake Unknown Unknown Amazon, Google, Microsoft
VMware Cloud Link Link (Must be customer/contact sales to access) Amazon, Google, IBM, Microsoft, Oracle

Managing your share of security in the hybrid cloud has several challenges. Most of those challenges involve attempting to manage and control multiple distributed systems. Giving administrators the ability to see into this complex network of components, at all levels, is critical. This is typically accomplished with a centralized management tool or platform based on open standards, providing automated management and control features that limit human error. Automation is also useful when scanning for and remediating problems detected with security controls, which in turn allows for documented changes and more reproducible processes. Disk encryption and network encryption tools may also need to be more robustly employed to protect data at rest and data in motion between private and public clouds. And of course, segmentation of services based on data sensitivity may be necessary.[6][7]

Multicloud has its issues as well. "The challenge that multicloud presents to security teams continues to grow," said Protiviti cloud consultant Rand Armknecht in December 2020. "The number of services that are being released, the new ways of interacting, the interconnecting of services and systems, all of that continues to advance and all of these add new complexities into the enterprise security model."[8] Given the differences in tools and security approaches between cloud providers, stitching together services cohesively requires strong skills, knowledge, and attentiveness. It also requires a security strategy that is well-defined and unified in its approach to data management, minimization, anonymization, and encryption when considering multiple CSPs. Middleware placed between the enterprise and the CSP—in some cases referred to as a cloud access security broker (CASB)—that can "consolidate and enforce security measures such as authentication, credential mapping, device profiling, encryption and malware detection" adds an additional layer of semi-automated security for multicloud.[8]


References

  1. Weins, K. (21 May 2020). "Cloud Computing Trends: 2020 State of the Cloud Report". Flexera Blog. https://www.flexera.com/blog/industry-trends/trend-of-cloud-computing-2020/. Retrieved 21 August 2021. 
  2. International Data Corporation (31 March 2020). "IDC Expects 2021 to Be the Year of Multi-Cloud as Global COVID-19 Pandemic Reaffirms Critical Need for Business Agility". International Data Corporation. https://www.idc.com/getdoc.jsp?containerId=prMETA46165020. Retrieved 21 August 2021. 
  3. "What Is Hybrid Cloud? Hybrid Cloud Definition". Cloudflare, Inc. https://www.cloudflare.com/learning/cloud/what-is-hybrid-cloud/. Retrieved 04 March 2021. 
  4. Hurwitz, J.S.; Kaufman, M.; Halper, F. et al. (2021). "What is Hybrid Cloud Computing?". Dummies.com. John Wiley & Sons, Inc. https://www.dummies.com/programming/cloud-computing/hybrid-cloud/what-is-hybrid-cloud-computing/. Retrieved 21 August 2021. 
  5. "What Is Multicloud? Multicloud Definition". Cloudflare, Inc. https://www.cloudflare.com/learning/cloud/what-is-multicloud/. Retrieved 21 August 2021. 
  6. "What is Cloud Security?". Resource Center. AO Kaspersky Lab. 2021. https://usa.kaspersky.com/resource-center/definitions/what-is-cloud-security. Retrieved 21 August 2021. 
  7. Kerner, L. (2018). "4 hybrid-cloud security challenges and how to overcome them". TechNeacon. https://techbeacon.com/security/4-hybrid-cloud-security-challenges-how-overcome-them. Retrieved 21 August 2021. 
  8. 8.0 8.1 Pratt, M.K. (14 December 2020). "Building stronger multicloud security: 3 key elements". CSO. https://www.csoonline.com/article/3584735/building-stronger-multicloud-security-3-key-elements.html. Retrieved 21 August 2021. 
Retrieved from "https://www.limswiki.org/index.php?title=User:Shawndouglas/sandbox/sublevel1&oldid=46115"