Backgrounder The move to hybrid cloud is growing.
One recent survey found 58 per cent of companies are planning a hybrid cloud strategy, where organisations connect systems hosted by a public cloud provider to their own on-premises equipment, and balance workloads and services across the lot.
This is up from 51 per cent the year before. Hybrid cloud offers the best of both worlds – scale of compute and control of data, which can be held on-premises.
But hybrid is not the monogamous relationship it once was during the early days of cloud. Organisations are knitting virtual platforms that involve more than one provider in the fields of infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS).
Moving to any hybrid comes with challenges, of which managing complexity is arguably the biggest. But that complexity increases as you bring more cloud providers services into the fold of your IT infrastructure. Indeed, in its State of Hybrid Cloud 2017 survey [PDF], Microsoft found that increased complexity was the biggest challenge for its respondents – 53 per cent identified this as an issue.
But how does complexity manifest itself, and what can you do?
Bring in cloud and you have the chance of data leakage, so the more clouds you use the greater the chance of data getting out through deliberate or accidental means. Accidental human error is a common cause, with sensitive data mistakenly pushed to public servers. This could be caused through the misconfiguration of a MongoDB or Elasticsearch databases, and there’s an army of armchair security researchers with their Shodan accounts at the ready waiting for you to slip up.
Human error can also apply to the pursuit of ease of use in the hybrid world. For example, turning off localhost binding without turning on authentication controls is convenient in an on-premises development environment, where a handful of people are iteratively testing. But it becomes a problem when the hapless dev publishes the database environment to the cloud without reconfiguring settings.
Automation can help iron out these human problems. In its 2017 security survey of cloud computing users, SANS found just under one in five respondents use automated configuration management to secure their hybrid cloud. A centrally managed system of automation controls, however, lets you override local human error with a set of rules and policies.
A good approach is to create models of applications that you can then use to define standard configurations as part of a devops strategy. Creating models and establishing automated rules will let you define a set of workflows and managed polices, and impose controls on who has access to a database in the example above and what they do with it. These rules can then be rolled out across different cloud providers and enforced through the lifecycle of an application in its multi-cloud home.
But even within this answer lurks complexity. For example, AWS CloudFormation provides a common language to describe provisioning and support automation, but it doesn’t easily span hybrid – which is a challenge given AWS’s reign as the industry’s most popular cloud. That may demand alternatives like VMWare's vRealize for AWS, Azure and Google Cloud Platform or Red Hat’s Ansible.
Of course, you can protect data stationed in the cloud using encryption – an approach favored by a third of respondents in the SANS survey. You should really consider using encryption for data in transit and at rest and you should certainly encrypt your data before it hits the cloud.