In the Security Issues in the Hybrid Cloud document that our team published in 2011 we stated that “when securing a hybrid cloud system, you should consider all of the factors for both the public and private cloud.” While this statement is still true, the approach to securing a hybrid environment might not be the same as when you are planning your private cloud security. In a hybrid cloud scenario you can still leverage the major considerations for private cloud security, combined with public cloud security considerations. However on top of that you need to address the different threat landscape that will be introduced by this mixed environment. One way to tackle these concerns in a hybrid cloud scenario is by leveraging and old but relevant security concept called defense in depth.
This article presents a simple network diagram for a hybrid cloud environment and maps some of the key areas that should be addressed by leveraging a defense in depth approach to enhance the overall security of this solution.
Mapping the Core Layers
In order to enumerate the core layers of a Hybrid Cloud scenario we will be using the diagram below:
The areas mapped on this diagram reflect the core components in a hybrid cloud scenario. Each core area must be expanded in order to identify the threats and vulnerabilities that are applicable to it. The numbers on this diagram do not reflect any priority order; it only organizes the six major components which will be covered in the section that it follows.
Remote clients are also known as endpoint or mobile computers. They will have access to resources that are located in both places: public cloud and on-premise. Sometimes the path for accessing cloud resources must be enforced via on-premise connectivity. Depending on how the company wants to enforce their security policy, they might decide to have the endpoint connect to a VPN Server (on-premise) and pass through a series of security validations before allowing access to resources (on-premise and on the public cloud). There are many design options to consider when planning endpoint protection on a hybrid IT scenario. However for the subject of defense in depth for your remote clients the main recommendation is compliance with minimum security requirements, as shown below:
- Endpoint protection should comply with minimum security requirements for workstations that will be accessing companies’ data. Regardless if the data resides on the cloud or on-premise, if the endpoint is compromised and there are data at rest on the endpoint, the data may also be compromised. Minimum security requirements include:
- Drive encryption
- Operating system fully updated
- Third party applications up to date
- Antivirus installed and updated
- Personal firewall enabled and correctly configured
Public Cloud Provider
When evaluating which cloud provider will be used to host your applications you must be diligent about understanding their security strategy, which includes the understanding of their:
- Security controls and protection.
- SLA (Service Level Agreement)
- Data replication
- Deployment model
- Physical security
These are only some of the elements that you must be aware while selecting your cloud provider. Microsoft offers a CIO’s Guide to Negotiating Cloud Contracts that can also help with this selection.
Virtual Servers on the Cloud Provider
From the defense in depth perspective, what can you do to enhance the overall security by adding multiple layers of protection? In a hybrid scenario, and mainly if you are using IaaS (Infrastructure as a Service), chances are that you (in the role of the customer) will maintain the servers on the cloud provider’s platform; therefore you will be responsible for keeping these servers secure. Some recommendations are:
- Ensure that your cloud provider platform offers network isolation capabilities.
- Isolation must also be available for:
- Root OS
- Guest VMs
- Fabric Controllers
- Keep the servers up to date (antivirus, operating system updates and application’s updates)
- Perform server hardening according to the server’s role
- Ensure that data is encrypted while at rest on those servers
- Ensure that the cloud provider platform enables you to easily and precisely monitor the status of the servers that were deployed in the cloud. Monitoring and availability are essential requirements of any security plan.
- Make sure that cloud storage used by those servers has access control capabilities that enable you define what it is publicly readable and what it private.
- VM (Virtual Machine) integrity (protect from unauthorized access)
In a Hybrid scenario edge protection becomes even more important, because some solutions will require a site to site tunnel between on-premise and cloud provider. Some gateways will have the VPN capability built in and will allow you to control your edge protection in a unified solution. When planning edge protection for a defense in depth approach for hybrid cloud make sure that:
- Your solution is supported by the cloud provider. Review the requirement list of your cloud provider to understand the constraints and the supportability option.
- Your edge solution can perform deep inspection, which includes:
- URL Filtering (using reputation services)
- Malware inspection
- HTTPS inspection
- Your edge solution is highly available
If you think that this is an area where security is less important than others because you trust everything that it is on-premise (since you have full control) you are wrong. The level of security on-premise should be at the same level or even higher than others. Internal threats are still a reality and social engineering on insiders is a growing threat. Applying defense in depth at on-premises resources is probably the broadest area since you (customer) has full control over all process and procedures, from the hiring process to the operational process. Ensure that you are tackling this subject not only from the server perspective, all layers must be covered: from the development lifecycle of the internal applications, passing through network protection, workstations, servers, general policies and practices.
As you could see in this post, there are many areas that you can add multiple barriers to enhance the overall security for your hybrid cloud. Defense in depth is all about adding multiple barriers in order to mitigate potential breaches and reduce the likelihood that the attack will succeed.
While this post does not aim to be the ultimate answer for Hybrid Cloud Security, it aims to suggest a set security best practices that can be used while planning the security strategy that will be used for a hybrid cloud. There are many others aspects that must be covered and we have an article at TechNet Wiki called Security Issues in the Hybrid Cloud that you can edit and enhance it with other considerations on this area.
See you next time!
SCD iX Solutions Group