The trend to operating a hybrid environment – one that’s a combination of on-premises and in the cloud – continues to grow every year. According to the 2022 Cost of a Data Breach report, 45% of organizations operate a hybrid strategy.1 For many organizations, transitioning to operating in the cloud is easier by starting with a hybrid option first, then migrating completely to the cloud. For others, this intermediate phase becomes a more permanent part of their strategy.
A hybrid strategy has numerous benefits:
- Increased agility, flexibility, and productivity
- Cost reductions related to on-prem hardware, power, and maintenance costs
- Enhanced visibility, automated security, and compliance
These are just a few of the ways organizations benefit from a hybrid cloud strategy. But what about security? With the transition from being fully on-prem, are organizations meeting hybrid cloud security challenges and responsibilities?
Hybrid Cloud Strategy Requires Security Posture Update
Once an organization opts for a hybrid environment, it is imperative that they update or even overhaul their security measures. Yet, more often than not, they neglect or delay this critical step, resulting in compromised security within the hybrid environment.
The consequences of ignoring hybrid cloud security can be costly, both financially and to productivity. “Ponemon shares that there’s a significant decrease in the time it takes to identify and contain a breach for organizations that have no cloud security maturity as compared to those who are in the mature stage,” explained Ryan Crochet, Fortra’s Alert Logic Sr. Product Marketing Manager. “For example, the time it takes to identify and contain a breach is a direct determining factor in the costs associated with that breach. There’s a $750,000 difference in the average cost of a breach based on maturity level.”
Just as with an only on-prem environment, some organizations hesitate to accept the fact that it isn’t if they are going to experience a threat or some sort-of incident in their hybrid environment but when it is going to happen. Security strategy and preparation from the beginning of the decision to adopting a hybrid option is the key.
5 Hybrid Cloud Security Challenges
As you prepare to secure your hybrid environment, understanding the cloud security challenges ahead makes the process easier to navigate. Five of the top hybrid security challenges are:
- Increased Complexity – “In a cloud environment, businesses have a tendency to overly deploy, getting things into the cloud as quickly as possible, forgetting there are some security practices that go hand-in-hand with the deployment,” explained Zuri Cortez, Fortra’s Alert Logic Principal Sales Engineer.” With a hybrid environment, the information framework is more complex; more complexity can equate to more vulnerability and potential blind spots. Keep security top of mind during your hybrid cloud migration journey including awareness of potential misconfigurations and improper identity and access management.
- Shortage of Cybersecurity Experts: “Probably the biggest hybrid cloud security challenge is the shortage of expertise, as there just aren’t enough security professionals to fill all the needs,” said Cortez. “This challenge isn’t going to go away anytime soon.” If you have in-house security team members, consistently train them in areas such as emerging threats. If you have a gap, make sure you partner with the right external services organizations to provide the security you need.
- Shifting Security Responsibilities: “As businesses shift into the cloud, some have gotten lax on risk and responsibilities as far as what they are responsible for and what the cloud provider is responsible for,” said Cortez. “Organizations can’t forget that there are best practices that need to be applied as there is a shared responsibility model for operating with a cloud provider.” If you operate in a hybrid environment, make sure you know what your responsibility is and what is the responsibility of your cloud provider. Within your organization, establish a culture where security is everyone’s responsibility.
- Misunderstanding/Overselling Tools: There are numerous tools available to help with your hybrid security strategy. But with some service providers, there’s a lot of ambiguity when it comes to what service they actually provide. If you’re looking to partner with an external service provider to help fortify your security strategy, make sure you really understand the proposed service or tool to determine if it’s the best fit for your environment before you move forward. You don’t want to purchase a tool and then realize, “this is not enough” or “this is way too much.” Ensure you’re choosing a partner who can meet your specific requirements and whose coverage and solutions meet your defined outcomes.
- Managing and Understanding the Data: Some organizations are not prepared to handle the amount of data that is going to come down the pipe to them once they are operating from a cloud environment. And the reality is it’s more than collecting the data, it’s being able to familiarize yourself with the data to minimize risk. As you move forward with your hybrid cloud strategy, be realistic about your organization’s ability to manage data volume.
[Recommend reading: The Importance of Cloud Application Security for Your Business]
3 Benefits of Automation to Overcome Hybrid Cloud Security Challenges
Automation adoption is on the rise; in fact, in 2022, it was at an all-time high. Based on findings at Ponemon, fully automated organizations grew from just 21% in 2020 to 31% in 2022. Despite the complexity associated with automation, organizations can reap substantial benefits from its implementation:
- Increased Efficiency: Research indicates2 organizations that have adopted automation in their best practices experience a reduction of 74 days in the time it takes to identify and contain a breach. With automation and AI, your team members can focus on prioritized tasks that bring value and speed to the way your organization operates. From a volume standpoint, automation and AI allow for data-driven learning that can help to prevent future risk.
- Cost Reduction: Businesses that go from not deployed to partially deployed automation achieve a $2.5 million decrease in the average cost of a breach when utilizing AI and automation. The utilization of AI automation leads to further cost reduction through increased efficiency and accuracy in threat detection, response, and remediation processes.
- Enhanced Productivity: Automation alleviates the need for your team members to spend time on tasks identified as trivial, keeps false positives in control to maintain uptime numbers, and minimizes human reaction to every alert. Implementing AI automation reduces manual efforts for routine tasks, enabling security teams to focus on more complex and strategic activities such as threat hunting. Automation and AI also can be of interest to potential security employees who know they’ll be able to focus on higher impact work as well as help you to retain existing talent.
“Automation is not a replacement to what you already have, it’s a supplement to bolster your security posture within your organization,” said Crochet.
Achieving Hybrid Cloud Security with Alert Logic
For many businesses, ensuring their security posture meets the needs of their hybrid cloud environment means partnering with a service provider to reach their desired outcome. Using managed detection and response (MDR) as your hybrid cloud security solution provides the flexibility and security necessary for this environment. Fortra’s Alert Logic MDR provides unrivaled security for any environment, including hybrid, on-prem, public cloud, and private cloud. With security and compliance needs that adapt as your hybrid environment changes, Alert Logic MDR gives you 24/7 coverage for every stage of your cloud journey.
Learn more about our hybrid cloud security solutions or request a MDR demo today.
Additional Hybrid Cloud Security Resources
- On-demand Webinar: Keys for Securing Your Hybrid Environment
- Guide: Key Steps in Defining a Shared Responsibility Model for Public Cloud Environments
- Blog: Can Cybersecurity Be Automated?