4 paths to hybrid IT security
During the past year, 96 percent of respondents to a recent SolarWinds public-sector survey, reported moving applications and infrastructure to the cloud. Twenty-nine percent, however, ultimately brought some of their work back on-premises because of security and compliance issues, technical challenges or performance problems.
The fact is that the cloud is oftentimes more secure than on-premises implementations, but a successful cloud or hybrid IT implementation depends on IT managers' detailed plans to maximize the cloud's security posture well before the move. By understanding how security demands vary between for cloud and on-premises environments -- and implementing any necessary changes in advance -- federal IT pros can ensure that their applications and data in the cloud are secure.
Although there are many paths to a secure hybrid IT environment, four ways come to mind as the most important.
First and foremost, identify potential areas of vulnerability and ensure counter measures are in place. It is naïve to think an environment is not vulnerable or will not be compromised at some point. Luckily, there is an entire federal organization designed to help combat those threats.
Start by leveraging the National Institute of Standards and Technology cybersecurity framework that guides federal IT pros through developing a framework -- based on existing standards, guidelines and practices -- for reducing cyber risks to critical infrastructure.
For example, NIST specifies that IT pros implement and monitor encryption of data at rest and data in transit. This way, data is protected regardless of which device it’s on, and even as it travels over the wire, regardless of whether that wire is on premises or in the cloud.
Second, understand other tools that can help enhance security. For example, VPN tunneling can provide a highly secure point-to-point connection, and monitoring user access can ensure that only authorized users are able to access and/or control certain aspects of the infrastructure. These types of additional processes are critical to helping ensure data remains secure when it’s traveling from a server closet to the cloud and back again.
Third, cultivate or hire an experienced team to manage a hybrid IT environment. It’s possible that an agency's current IT team will not have the skills required to stand up and successfully operate a hybrid IT environment -- and that’s fine. The key is to start enhancing the team’s skills by adding competencies in hybrid IT management and monitoring, application migration, distributed architectures, automation and programming as well as vendor management. And, just as important, be sure the team has the right tools to manage and monitor both on-premises and in the cloud. Then build up administrator skillsets so the agency can successfully maintain a hybrid environment once it’s implemented.
Fourth, and finally, move all potential workloads into a test environment first. Monitor all performance closely for as long a period of time as possible, to create a baseline and historic perspective. This will provide an understanding of potential limitations as well as opportunities for improvement.
Agencies that take these four items into consideration should be well on their way to a secure hybrid IT environment.
Joe Kim is executive vice president engineering and global CTO at SolarWinds.