- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - Users and security consultants familiar with the process of securing hybrid clouds have one steady piece of advice to offer: the only way to go is one step at a time.
"Managing hybrid security is a matter of setting policy across all of the security touch points IT is already used to managing. It's about being consistently diligent at every turn," says Joe Coyle, CTO of IT consultancy giant Capgemini North America.
|Hybrid clouds pose new security challenges|
|Cloud security tips and tricks|
|12 hybrid security products to watch|
|Enterprise Cloud Services archive|
Coyle advises clients to regard their hybrid cloud usage as an extension of their network perimeter. "You have to tweak firewall policy, watch IDS traffic more carefully, employ encryption, set up multiple levels of authentication for management access and demand high levels of physical security at providers' sites," Coyle says.
[CLOUD SECURITY: Hybrid clouds pose new security challenges
In terms of securing the link between your data center - virtualized as a private cloud or not - you can go with a direct route or establish a tunnel. Garrett Leap, Director of Network Operations at Direct Insite, a company that delivers on-demand accounts payable and accounts receivable solutions to more than 100,000 corporations across 100 countries, says his company went for a 100MB direct fiber connection for both the increased security it offers and the fact that one of the company's data centers was already collocated at Terremark's Miami facility.
Direct Insite now hosts its customer facing front end in the cloud and all of the client data is hosted and processed in the company's collocated data center. Direct Insite's Leap says knowing that Terremark's virtualized data centers were already rated as Tier IV meant there was a very high comfort level in terms of who has physical access to the servers there.
To secure the direct link, Direct Insite uses a Cisco ASA box. "We only let what we want to come in and we don't let any data out that should not be allowed out," Leap says.
On top of the physical layer security defined by locked server cages and things of that nature, security consultant Joel Snyder of Opus One in Tucson, Ariz., says it's also crucial for customers to understand the provider's access control mechanism for management of those servers.
"These carriers have all the tools to make sure the ankle biters out on the Internet keep away from your data but have they guarded against having one of their guys being bribed by your competitor to pull down all of your sales data?" asks Snyder.
Snyder says companies looking to build hybrid clouds should demand from their service providers proof of two-factor authentication for all server management purposes.
And they should be demanding that all of the security parameters of the hybrid deployment should be manageable from the same pane of glass, says Kevin Jackson, vice president and general manager of NJVC, an IT consultancy catering to highly secure government clients. Jackson contends that unified management is going to be even more necessary as customers evolve to use multiple cloud services providers in the future. He suggests that customers look to cloud service brokerages to provide those management links.