With hybrid clouds now often the starting point for organizations in their cloud journey, management, access control, data use, and service contracts become more difficult with multi-cloud convergence, according to the Cloud Security Alliance in a whitepaper.
“Although the hybrid cloud environment seamlessly integrates private and public cloud, bringing onboard new IT capabilities to the hybrid cloud environment may introduce new security issues and concerns. Therefore, understanding and managing the associated risks must be a precondition before new capabilities are introduced to the cloud environment,” the Cloud Security Alliance wrote.
Distributed denial of service (DDoS) attacks result in network congestion, however in hybrid environments, they can also disrupt the internal components of the hybrid solution.
Also, malicious attacks can occur through the API interface in order to gain unauthorized access to data or modify configurations in the hybrid cloud through data leakage.
According to the Cloud Security Alliance, hybrid cloud environments also add an extra layer of complexity around compliance. For sensitive operations such as cross-cloud data transfer, users would need to ensure close overall coordination and planning for the purpose of compliance management, according to the whitepaper.
Other key security risks include perimeter protection risks, a misalignment of cloud skill sets and SLAs, and more.
While hybrid cloud environments are more complex, they can also help meet protection requirements if set up properly, according to the alliance.
Important data can be stored in a security-hardened zone, exposing only specific controllable interfaces to external applications in the public cloud.
“Also, the hybrid cloud solution can also be used to deploy applications of different security levels/requirements to different clouds or infrastructure clusters, accessing them through external controllable API interfaces, thereby improving management efficiency,” the Cloud Security Alliance wrote.
Cloud security is a shared responsibility between the cloud service provider and the customer, where security responsibilities are distributed across the entire stack, however in hybrid cloud environments this relationship is more vague due to its customized nature.
“Systematic design requires a complete end-to-end security solution. In addition to existing cloud security risks, users and cloud service providers must consider connection and collaboration, management tools and processes, and recognize the importance of governance, risk and compliance management (GRC), vendor management, legal, operations, and architecture security, the Cloud Security Alliance wrote in a post. Finally, the selection of a suitable hybrid cloud solution is an urgent problem for users from a security and compliance perspective.”