Asher Benbenisty, Director of Product Marketing at AlgoSec examines current cloud adoption trends and how organizations can select the most suitable locations for their applications
With cloud infrastructures expected to outstrip on-premise networks by 2020, many have anticipated that the move to the cloud would become a standardized, linear journey for enterprises. Organizations would start by migrating specific business applications to the cloud, such as their email, before moving increasing amounts of their network infrastructure into virtualised environments and thus using a hybrid of on-premise and cloud networks. Eventually, it was envisaged, their entire IT infrastructure would be run in the cloud, boosting efficiency, scalability, agility and flexibility.
On the surface, it may appear that this prediction is being realized; that organizations’ cloud adoption maturity has reached the point where a hybrid environment is no longer necessary, and their entire IT infrastructure can be migrated to the cloud.
However, the reality is starkly different. Indeed, the evidence shows that the hybrid environment has not disappeared.
For example, while companies such as Dropbox, Groupon and Twitter all made strategic decisions from their inception to utilize only cloud infrastructures, they have ultimately found greater savings and benefits by combining both cloud and on-premise solutions, signalling that the hybrid environment will be here to stay for the foreseeable future. As such, organizations will need to continue to maintain network security across both their cloud and on-premise infrastructures.
Understanding the best location for each application
So how should organizations approach managing the security of their increasingly hybrid environments?
A fundamental prerequisite to answering this question is to determine from the outset whether the security and compliance requirements for a given business application are better served in the cloud, or in an on-premise environment. Here are four key pointers to help guide that decision.
Applications that store personal information data
Business applications that hold sensitive data, such as personal identifiable information for customers, are probably more suited for on-premise deployments. In most instances, for personal information, there are many data privacy laws that govern where data can be stored when the information is collected, processed or communicated. Over 80 countries and independent territories have adopted comprehensive data protection laws, so it is essential to check and verify what data the application processes, and what is allowed from a legal perspective before moving it to a cloud environment.
Applications subject to strict regulation
If the application, or the data it processes, is subject to regulatory oversight under compliance regimes such as HIPAA or PCI, then there is a clear need to understand the security compliance status of that application, and if moving it to the cloud will risk a compliance violation. For example, HIPAA requires accountability practices on all Local Area Networks, Wide Area Networks, and for users accessing the network remotely through a Virtual Private Network (VPN). If the application needs to be compliant with PCI, you will need to have a firewall at each Internet connection the application uses, and between any network demilitarized zone and the internal network zone. Applications under this regulation, and others, are not ideal candidates for migration to the cloud.
Application already exposed to the internet
In contrast, if there are already parts of the application that are exposed to the internet, such as a web server, the application may well be suitable for migration to the cloud. These applications should already have strong security implemented, and when moving the application to the cloud, this will ensure that the security of both the server and internal network is maintained.
Network segmentation as an indicator
Finally, if you manage your network segmentation correctly, the servers and applications that reside in the least segregated zones may be suitable for migration to the cloud. For instance, the applications and servers that are in a zone with a single firewall are good candidates to be moved. In contrast, those zones that are highly protected and reside behind multiple firewalls should stay in your own on-premise data center so they can be robustly secured.
With hybrid cloud environments here for the foreseeable future, the complexity of ensuring that security is maintained throughout every application migration will remain challenging. However, by identifying from the outset which applications are best suited for cloud deployments, and which should remain on-premise, organizations will be able to bring more clarity to their cloud security strategies – and improve their security posture in the process.