Q
Problem solve Get help with specific problems with your technologies, process and projects.

How can hybrid app security risks be mitigated?

Despite their appeal, hybrid cloud apps come with a number of security risks. Expert Dan Sullivan explains what the challenges are and how to prevent them.

I've read that "hybridized" apps are enabling employees to take mission-critical enterprise apps off premise. What...

are the primary security risks of hybrid cloud apps, and what controls should be put in place to mitigate these issues?

Hybridized applications allow designers and developers to move parts of the application stack to the cloud while keeping other components on-premises. Private and sensitive data is typically stored on-premises while the user interface layer runs in the cloud. Business logic may run either on-premises or in the cloud, depending on security considerations.

There are a number of considerations organizations must take into account when it comes to hybrid app security. First, you will have to consider how you will authenticate requests for data and ensure it is delivered securely.

Organizations can no longer depend on enterprise network access controls when an application component is moved off premises. For example, in the past, a database server and application server might have been configured on the same subnet. Because of firewall configurations on the subnet, you might make the assumption that all requests are coming from the legitimate application server. If the application server moves to the cloud, you will need to ensure that queries come from a trusted server; SSL certificates can authenticate servers (though SSL has come under fire recently). IP address restrictions may also be used to prevent the database server from responding to any requests not from a trusted server.

To mitigate hybrid cloud app security risks, data transmitted between the cloud and on-premises servers should be encrypted since the data stored within the on-premises database server is considered sensitive. In addition, all channels of communication should be encrypted. This may require some code changes if the application was previously designed assuming data is transmitted as cleartext.

Also consider the implication of multiple logging systems: Components in the cloud might use vendor-specific services, such as CloudTrail, while the on-premises servers use syslog messaging. If you are using a security information and event management, you will want access to logs from all application components.

Ask the Expert:
SearchCloudSecurity expert Dan Sullivan is ready to answer your application security questions -- submit them now. (All questions are anonymous.)

Next Steps

Learn the latest on hybrid applications and hybrid security

AWS and VMware shops clear hybrid cloud migration hurdles

This was last published in April 2015

Dig Deeper on Legacy Application Modernization for the Cloud

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close