The Best Security Practices with Hybrid Cloud — Part 1

By Shantanu Kaushik

Hybrid Cloud adoption is growing day by day. Many enterprises are in the middle of making the shift if they haven’t made the shift already. Like any other product or service that handles large amounts of data or is a connected resource based on an IT infrastructure, a Hybrid Cloud also needs to have good security practices associated with it.

As an IT administrator, one needs to think about a viable protection mechanism for the infrastructure, data, and applications that are running on the Hybrid Cloud setup. Cloud Bursting or workload portability being the primary feature of the hybrid cloud solution, securing the overall data flow across cloud environments, such as public and private clouds, becomes an essential practice.

Security | Hybrid Cloud

The Hybrid Cloud solution leverages the security of the private cloud and gives an option where the administrator can choose to not share any sensitive or critical data over the public cloud. With Alibaba Cloud Hybrid Cloud, you can make a management policy that enables you to choose how and where you wish your workload to be processed. It can be based on any policy, compliance, or security requirements.

The Hybrid Cloud is technically a group of different products and solutions that share functionality and environments to deliver a hybrid solution. These are separate entities, and when used separately, they have their own workflow, just like implementing containers or using DevOps. The Hybrid Cloud uses containers and APIs to interact and work with these entities. This enables the organizations to shift through the workload by assigning tasks to different resources based on the criticality of the workload and security associated with it.

Let’s take a look at how the Hybrid Cloud works:

Quick Tip: Apsara ZStack is an enterprise-level solution that enables the user to fully leverage a hybrid cloud solution based on the Apsara Distributed operating system by Alibaba Cloud.

Security | Hybrid Cloud | Challenges & Solutions

Data Protection

The Hybrid Cloud solution leverages the benefits and functionalities of both public and private clouds. This enables it to take advantage of benefits like reduced security vulnerabilities, direct benefits of a private cloud setup. However, additional security measures must be in place based on an assessment of how secure and critical your data requirement is.

Let’s take a look at the data flow from an administrator using the Hybrid Cloud solution:

Practices for Data Protection

  • Use of SSL or TSL for data transmission security over any network.

Data encryption at every stage. Be it and idle start or during transmission

  • Data at Rest ¨C Data that is sitting on your disk also requires a full-scale security practice. As an administrator, you might think of applying partition encryption to secure your data. This will enable data protection, even when it is not being used.
  • A trusted platform module (TPM) is an industry-leading practice that is based on a hardware chip used to store encryption keys for data access.
  • Encrypting root volumes within your cloud environment is another secure practice. You might need a fully matured and automated practice for this.
  • While Object Storage Service (OSS) is a highly secure cloud storage solution, the disks on your on-premises private cloud still need added security.
  • Data While Transmitting: Typically, your data is at its most vulnerable state when it is being transmitted. Using secure protocols for data transmission is an important practice to implement. As mentioned above, using SSH for data communication and SSL/TSL for data transmission is highly-recommended.

Use of RAM (Resource Access Management) for Identity and Access Control.

  • The Hybrid Cloud is highly dependent on access control, as the administrator has to come up with a policy that grants or restricts data control based on a multiple level user policy. Limiting user access to VPNs (virtual private networks) and defining different policies for such access controls is an important practice to limit data exposure.

Use of APIs

  • APIs are a quick and easy way to get started. APIs can be used to scale automation at many steps. We are going to discuss Hybrid Cloud Monitoring automation later in this article.

Security Updates and User Bulletins

  • Updating your deployment with regular security patches and updates is an excellent practice to follow. The cloud provider issued updates are also mandatory, that is why Alibaba Cloud is very quick with its update policies. As an administrator, any outdated application or environment can lead to major security concerns for the whole setup. Regular updates for the applications are highly recommended.

Monitoring | Risk Assessment | Automation | Hybrid Cloud

Monitoring | Risk Assessment

Let’s list some of the best practices for Monitoring and Risk Assessment:

  • Monitoring the network traffic to evaluate suspicious behavior leads to a viable threat assessment model
  • If migration is an option, evaluation of risk is highly recommended.
  • Security patching of all the applications is a practice you must follow to ensure no vulnerabilities arise from the user data or interactions.
  • All end-points including network and the above-mentioned application end-points must also be patched and updated regularly
  • Alibaba Cloud Security is an excellent solution to secure your setup throughout the product lifecycle.


An automation practice must include:

  • An automated monitoring system
  • An automated patching system backed by a qualified security team
  • Automated reporting of metrics to be used in future releases

Physical Resource Protection

I have chosen Alibaba Cloud for all of my hybrid cloud requirements, based on their massive and secure infrastructure.

More Information in Part 2

  • Human Error
  • Cloud Visibility and Control
  • Endpoint Security
  • Administrative Tools and Practices

Next in Line

The views expressed herein are for reference only and don’t necessarily represent the official views of Alibaba Cloud.

Original Source:

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.