The Best Security Practices with Hybrid Cloud — Part 1

Security | Hybrid Cloud

Let’s start by looking at the security model implemented by Alibaba Cloud:

Security | Hybrid Cloud | Challenges & Solutions

Data Protection

Data protection is among the key concerns faced by any IT service that handles large amounts of data. The cloud is no different. Even though a private cloud is a physical resource located on-premise, it still is a cloud resource that could be vulnerable to attacks or issues.

Practices for Data Protection

  • Use of SSH protocols for data communication between unsecured networks.
  • Use of SSL or TSL for data transmission security over any network.
  • A trusted platform module (TPM) is an industry-leading practice that is based on a hardware chip used to store encryption keys for data access.
  • Encrypting root volumes within your cloud environment is another secure practice. You might need a fully matured and automated practice for this.
  • While Object Storage Service (OSS) is a highly secure cloud storage solution, the disks on your on-premises private cloud still need added security.
  • Data While Transmitting: Typically, your data is at its most vulnerable state when it is being transmitted. Using secure protocols for data transmission is an important practice to implement. As mentioned above, using SSH for data communication and SSL/TSL for data transmission is highly-recommended.

Monitoring | Risk Assessment | Automation | Hybrid Cloud

Security vulnerabilities and patching practices are often defined as a race. Any network or cloud service may become vulnerable to threats and attacks at any point. With automation in monitoring, assessment, and patching of a lot of issues listed above can be reduced.

Monitoring | Risk Assessment

Monitoring your hybrid cloud solution to have regular assessment reports and threat analysis is among the top practices to implement. There are products within Alibaba Cloud’s product and service lineup that provide seamless threat analysis and solutions to counter them. There are also risks due to cloud service downtime. The Cloud Monitor helps you collect metrics related to your cloud practice to depict the true status of your cloud.

  • If migration is an option, evaluation of risk is highly recommended.
  • Security patching of all the applications is a practice you must follow to ensure no vulnerabilities arise from the user data or interactions.
  • All end-points including network and the above-mentioned application end-points must also be patched and updated regularly
  • Alibaba Cloud Security is an excellent solution to secure your setup throughout the product lifecycle.

Automation

Automation keeps you ahead of the game. Manual monitoring caps the possibility of a self-sustaining system. It reduces the overall productivity of the whole system as manual patching and configuration across teams needs to be a complete in-sync cycle. Automation responds to this challenge in a more hands-on and transparent manner.

  • An automated patching system backed by a qualified security team
  • Automated reporting of metrics to be used in future releases

Physical Resource Protection

A hybrid cloud setup is location independent and may span across locations. It depends on where your private cloud is deployed. As an administrator, the best practice is to have good Service Level Agreements (SLAs). Choose your cloud resource provider based on the type of services and security they offer. Reliable service providers have reliable physical resources.

More Information in Part 2

  • Cloud Orchestration and Access Control
  • Human Error
  • Cloud Visibility and Control
  • Endpoint Security
  • Administrative Tools and Practices

Next in Line

  1. The Best Security Practices with Hybrid Cloud C — Part 2

Original Source:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store