For over a decade, cloud computing has revolutionized the way we work, and public cloud services from hyperscalers, SaaS companies such as Dropbox, Salesforce, and more changed the way compute, storage and software were consumed.
The use of SaaS, PaaS, IaaS and myriad other ‘as a service’ offerings has only grown since then, with organizations steadily testing and adopting more and more cloud services. In 2020, with the arrival of the global COVID-19 pandemic and shift to widespread remote working, businesses that had been lagging behind quickly took the plunge as well.
Yet for many, there remain nagging concerns around security. In the early days of public cloud, the phrase “shadow IT” came to encapsulate the worst fears of many IT decision makers: People working outside of the IT department were directly purchasing services such as cloud-based ERP systems or document storage for corporate use without involving IT . In doing so, the purchaser put potentially sensitive company data at risk and obscured it from any oversight and governance that had previously been put in place by the IT team. Costs could also quickly mount up, as this lack of transparency left the door open to duplicate purchases and less favorable terms than if the contracts were centrally managed.
While we hear less about shadow IT these days, the issue of data ending up where it shouldn’t and exposing businesses to security risks hasn’t gone away. Sensitive information – be it customer data, confidential financial documents, or intellectual property – can easily be leaked through a misconfigured public cloud storage service, for example.
The challenge for IT decision makers, then, is this: How to make best use of everything that hybrid cloud has to offer, all the way to the edge, without putting sensitive information at risk.
Hybrid: the winning strategy
Hybrid cloud, which allows for a mixture of on premises private cloud, public cloud and colocation, has come out on top as the best strategy for most enterprises. For non-sensitive data or documents, such as user guides, manuals or anything else that’s supposed to be accessed by those outside the business, public cloud is an obvious choice. Details of personnel, and sensitive business critical data on the other hand, are best kept as tightly guarded as possible on premises.
This may seem straightforward, but it’s not as simple a solution as it may first appear. One major hurdle is that data may need to move from where it’s generated to where it’s consumed. This could be from hot to warm to cold storage, from public cloud storage to private (or vice versa), between different public cloud providers, or any other strategic or business need. Navigating data between these environments and ensuring it’s secure in transit and at rest is something that can’t be taken for granted.
It’s also important not to overlook edge computing, where data is created, analyzed, and acted upon at a node on the edge of a network – such as a robot in a factory, sensors measuring performance of specialist industrial equipment, or even a remote worker’s laptop. These devices are generating huge volumes of data, while communicating with and sending data to other parts of this hybrid network, and it all needs to be secure and protected from cybersecurity threats.
Securing such a diverse environment can be incredibly complex, as each different element may need its own configurations, its own layers of security, user access and authentication, and its requirement for cyber skills sets that may not be easy to find. Consequently the cost, both in terms of money and time, can be high.
Zero Trust
HPE GreenLake is known for bringing the flexibility and agility of the public cloud to the data center, but it can also help enterprises keep their data and environments secure in a hybrid world.
HPE takes a zero trust approach to security, which focuses on identity and access management (IAM). It starts from the assumption that anything or anyone trying to connect to the corporate environment hosted in HPE GreenLake – whether that be users, applications, devices or something else – is compromised. This removes the reliance on perimeter security systems, such as firewalls or VPNs, and instead puts the security of individual software systems front and center.
"Zero Trust is not about implementing one or another security or networking technology,” says Simon Leech, deputy director in HPE’s Cybersecurity Center of Excellence. “It's a completely new approach to the way you do security architecture."
This approach really takes into account the realities of modern business networks and the triumph of hybrid computing: Protecting your on-premises infrastructure is no longer enough when so many interactions have to take place outside the corporate firewall.
It also means that a single point of failure is no longer enough for a cyber attacker to gain access to your data – just because someone or something is connected to the network or has been in the past doesn’t mean it’s automatically trusted.
Security isn’t just about protecting data from attackers, though – it’s also about ensuring you have the right backup and recovery in place should the worst happen. Traditional backup and recovery systems are certainly better than nothing and have worked well for many years, however they are vulnerable to errors and attacks themselves. If your backup is unavailable when you need it, you may as well not have it at all.
HPE GreenLake offers continuous data protection (CDP), which delivers always-on data replication and detailed journaling. In a recovery situation, IT professionals can roll back to a particular point in time or even all the way to a backup in a known good state – a gold backup – if need be. It also uses spinning disk or SSD hardware to ensure restore processes are quicker than they could ever be with traditional tape media.
If you’re worried about the time and skills involved in setting up and managing all of these security systems, managed security offered through HPE GreenLake Management Services can help. Services such as security monitoring, vulnerability management, and assigned security officer to liaise between your organization and HPE, can help lift some of the burden of securing your growing data pool.
Managing and securing hybrid IT in a way that can adapt to the changing needs of your business can seem daunting. With the right tools and partnerships in place, however, it can be a pain free and productive experience.
