Comments
Hybrid Cloud Security: New Tactics Required
Newest First  |  Oldest First  |  Threaded View
JoeEmison
50%
50%
JoeEmison,
User Rank: Strategist
8/16/2014 | 12:05:42 PM
Re: What about hypervisor as 'Goldilocks' zone?
Well, I think that this is functionally what cloud management systems are trying to do (from RightScale to Apprenda to OpenStack to CenturyLink's VMware support)--have a higher-level management layer that controls launching VMs (when, where, how). But the same security problems remain--how are you connecting the private to the public?
JoeEmison
50%
50%
JoeEmison,
User Rank: Strategist
8/16/2014 | 11:48:17 AM
Re: Needed: more comprehensive defense in depth
My main focus in the piece was really to voice an opinion that just isn't out there enough: Hybrid Cloud is hard, and often unnecessary. And it's even harder if you live in the past paradigm of endpoint security, which is still the focus of most enterprise security budgets and the focus of most security audits. I do agree that Amazon has done an amazing job with best-practices security at AWS, but it's just hard (both theoretically and practically) to join an existing enterprise environment to AWS and have things work as they need to...
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
8/15/2014 | 6:39:44 PM
What about hypervisor as 'Goldilocks' zone?
What about Martin Casado's assertion that the hypervisor is the Goldilocks zone for security, neither too hot nor too cold. Can the hypervisor on-premises and in the cloud serve as a valuable vantage point from which to perform watchfulness and security functions?
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
8/14/2014 | 5:57:58 PM
Needed: more comprehensive defense in depth
Good discussion of the issue here. Considering how hard it is to get legacy systems to work in a hybrid cloud setting, I'm not surprised at Joe's figures. But I think he should take a closer look at the PCI-compliant parts of Amazon and other clouds. It's not just VPN access. Also, I think we're on the verge of implementing better, coordinated defenses in depth, which makes the concept of protect-the-perimeter seem a little dated. If we start to apply machine learning to security, we'll make rapid strides. A fuller definition and enforcement of disallowed behaviors in each application setting would weed out a lot of trouble makers.
zerox203
100%
0%
zerox203,
User Rank: Ninja
8/14/2014 | 9:22:46 AM
Re: Hybrid Cloud Security
Your key point here, Joe, seems to be that we should take a long hard look at if we even want to invest in private cloud before we spend a dime, not after there's already a problem. In keeping with that, I'll say that I don't see a hybrid cloud anywhere on my horizon, and I this is not really a pressing concern for me. Nevertheless, I read the whole paper, and I very much consider it time well spent. After all, current trends tend to 'bleed into' one another - for example,  we see the attempt at slapping archaic security onto modern problems in other areas such as mobile.

I agree with most of your issues with hybrid cloud and common problem-solving approaches therein - you've made a very convincing argument. On the other hand, I often feel that we run the risk of preaching to the choir. I'm trying to envision somebody at a healthcare organization not doing due diligence and evaluating if his hybrid cloud strategy violates HIPAA or other regulations... this person certainly exists (and he'll probably have the exact troubles you list), but is he reading tech digests to teach him otherwise? I think that most of us here are probably in your camp already. Still, it's always nice to have a recap and see all this suvery info collected in one place. Thanks!
SaneIT
IW Pick
100%
0%
SaneIT,
User Rank: Ninja
8/14/2014 | 7:18:23 AM
Re: Hybrid cloud use
I'm seeing that as well.  We tend to put things into buckets, group A we can put in a public cloud but group B we really need to keep in house so we'll do a private cloud.  I'm still mostly private because I don't need the hardware behind a big public cloud solution.  I can still easily serve all the needs of the company from inside our own infrastructure but if/when that isn't possible I don't see recommending a hybrid solution.  
ChrisMurphy
100%
0%
ChrisMurphy,
User Rank: Author
8/13/2014 | 4:54:07 PM
Re: Hybrid cloud use
Not terribly surprised. When we asked our InformationWeek Elite 100 if they shifted between private and public clouds based on demand, just 15% said they do. These are the leading innovators. Most companies seem to keep their private clouds and public clouds wholly separate, doing different jobs. 
JoeEmison
100%
0%
JoeEmison,
User Rank: Strategist
8/13/2014 | 3:35:47 PM
Re: Hybrid cloud use
I think it's largely because hybrid cloud is just hard to do properly.  I think the gap between organizations who have wanted to do hybrid cloud and who have actually been successful at implementing is very wide.
Laurianne
100%
0%
Laurianne,
User Rank: Author
8/13/2014 | 2:09:29 PM
Hybrid cloud use
"Of those with functional private clouds, 30% have working hybrid systems, with the ability to deploy workloads on either public or private clouds. Just 18% of them split their workloads fairly evenly." Anyone else surprised by how low these numbers are? I am.


IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.