ProcessBolt

Addressing the Challenges of Securing Hybrid Cloud Access: What You Need to Know

Joseph Carson
Chief Security Scientist & Advisory CISO   Delinea

For a growing number of companies, a blend of public cloud services, private clouds, and on-premises infrastructure offer the best solution to the benefits and limitations of each.

Cloud adoption is growing, and the past two years have shown a major increase in the use of cloud services. In addition, emerging technologies like edge computing and virtualization are fueling cloud spending.

Instead of deploying one type of cloud service, companies are choosing a combination to address their business needs. The hybrid cloud model offers unprecedented flexibility for businesses, including the ability to move data and workloads to or from any cloud services or shift capacity as needed.

Unfortunately, that comes with risks. The hybrid cloud presents considerable cybersecurity challenges that – if not addressed – can contribute to significant losses.

Top Challenges of Hybrid Cloud Security

The hybrid cloud is a modular solution that combines the benefits of the public cloud and the private cloud. This is a complex environment that maximizes the benefits, but along with that, it increases the risks that organizations take on.

In addition to control and agility, the hybrid cloud increases the burden on the IT department. With this risk increased, visibility and control are paramount to track any changes and ensure that the entire team is collaborating.

The security responsibilities are also in question with the hybrid cloud. Conventional vendors may have their own proprietary tools to address security in the private cloud, but those don’t often extend to the public cloud.

This also creates issues with accountability – the organization thinks that the cloud provider is responsible for security, leaving huge gaps in their own network. In fact, some organizations may completely neglect their own security because they falsely believe the vendor has them covered.

The shared responsibility model ensures organizations assess and manage their own risks and know where their own responsibility lies in maintaining their own security. The vendor is responsible for the private cloud, but both parties are clear on what is and isn’t on their shoulders. It is critical to clearly understand the service agreement and terms of service with cloud providers, so you are absolutely clear on your own security responsibility.  Don’t assume security is in place and you must always approach cloud providers with zero security assumptions.

Another challenge in the hybrid cloud environment is compliance. If a breach occurs, organizations are often faced with financial repercussions, negative press, and harm to their brand reputation. However, compliance in a complex environment like the hybrid cloud isn’t easy. Compliance needs to be approached individually with each component, as well as approached  wholly as part of a system.

Using Privileged Access Management for Hybrid Cloud Security

Privileged Access Management (PAM) is a useful strategy to control, monitor, secure, and assess privileged identities in a hybrid cloud environment.

Though legacy PAM solutions are an option, they address one network and combine solutions from different vendors. This leaves considerable security vulnerabilities and gaps, which are worsened in a complex hybrid cloud. Each component carries its own risks and managing them all in a distributed environment is no small feat.

The best approach is PAM as a service. Like Software as a Service (SaaS), PAM is offered by a vendor and can be used to manage the cloud. Keeping the environment current and secure is up to the vendor, and it operates on the Principle of Least Privilege (POLP).

Least privilege means that each user is given the minimum level of access necessary for their tasks, and only for the time necessary. With full access, any error or intentional effort from a user can be devastating.

With privileged access, each user is limited in the harm they can cause, whether they make a simple mistake, they have malicious intent, or a malicious hacker has gained control of their account or identity. Unfortunately, people are still one of the biggest targets in cybersecurity, and human misconfigurations occur frequently.

The Principle of Least Privilege also makes PAM more agile. For example, if a user requires privileges to run a specific application, those privileges can be granted with a greater degree of oversight and control. They can complete the task with a time limit, and once finished, their privileges are revoked.

In addition, PAM keeps the security policies consistent across locations, users, or the operating system with regard to access, privilege, and Multi-Factor Authentication (MFA). This ensures a consistent framework that can operate effectively in a complex and dynamic hybrid cloud environment.

Benefits of PAM

As mentioned, people are a big target in cybersecurity. Even with the most stringent security measures, the users can make misconfigurations that open the organization up to considerable risk. Likewise, a user with malicious intent or one who’s abusing the system, or their access level can be disastrous.

External threats also realize that users are a top target. Malicious hackers know that a compromised identity can get them far in the network, and something as simple as a weak password could be all it takes for initial access.

PAM protects the network in these instances by giving all users only the access they need to complete their work tasks. Security teams also have a means to track and identify malicious activities and prevent them from becoming a much bigger problem.

One of the benefits of the cloud is its access and communication between different systems and components. Unfortunately, that’s also one of the weaknesses that’s challenging to address from a security standpoint. A distributed environment has several access points that require privileged access and PAM access management controls the privileges effectively.

The endpoints provide privileges to allow IT teams to fix problems quickly and easily. This also creates security risks that malicious hackers can exploit to gain access to the network and elevate their own privileges as they need. Eventually, they’ll get the information they’re seeking. PAM keeps the local administrative rights limited or removed at endpoints to mitigate this risk.

Finally, compliance is a challenge that PAM can address. When used as part of a comprehensive security strategy, PAM monitors and records all activities that may affect sensitive or privileged data, so in the event of a breach, you can mitigate the damage.

PAM for Hybrid Cloud Security

The hybrid cloud is a modular solution for organizations to gain the benefits of the private and public cloud, but it comes with considerable security risks and vulnerabilities. PAM as a service is a robust solution that can address the challenges of hybrid cloud security.


Joseph Carson

Tags: , , , , , ,