As more companies move toward hybrid cloud environments, storing data on premises and accessing hosted services and public clouds, many find the best data protection strategies involve cloud-native or cloud-first security tools.
Whether you are migrating internal assets, adopting external cloud services or combining private and public clouds with on-premises servers, in this video, David Strom outlines six general strategies that CIOs have settled on to mitigate hybrid cloud security concerns.
While some of the same security tools are used to protect cloud resources, the nuts and bolts of the way the work gets done changes, "in the sense that Spanish is different from French," reports Strom, a technology journalist and longtime contributor to SearchSecurity.com. Security teams will have to learn a new language and develop different ways to communicate with users as the cloud becomes more popular in their organizations.
For example, if a user has a credit card, they can deploy apps anywhere and on any cloud. Instead of swooping down at the end of a project with all sorts of restrictions, learn how to collaborate with operations and users up front, said Strom.
When all of your assets are just a username and password away, it also makes sense to implement multifactor authentication (MFA) and single sign-on (SSO) methods to bolster hybrid cloud security. Some SSO tools such as SecureAuth, Okta, Ping and Centrify can specify MFA for particular applications as part of a risk-based authentication approach. This makes using SSO a powerful protective tool and can secure logins better than relying on users to choose individual passwords.
It also means that IT can play a more critical role in defining cloud-based assets and matching up the appropriate security levels.