KuppingerCole Report
Advisory Note
By Mike Small

Hybrid Cloud Security

Organizations now commonly use multiple cloud services as well as on-premises IT. This KuppingerCole Architecture Blueprint provides a set of building blocks needed to design, implement and integrate security for the Hybrid Cloud.
By
sm@kuppingercole.com

1 Summary

Organizations are moving from using IT services that are exclusively delivered by equipment on-premises to a mixture of delivery models that also incl ...

Login Free 30-day Select Access Get full Access

2 The KuppingerCole Hybrid Cloud Reference Architecture

The KuppingerCole Hybrid Cloud Reference Architecture provides a comprehensive and evolving foundation for deriving and implementing a standardized, y ...

In the hybrid model a service is deployed using some combination of on-premises, public, or private clouds. These are integrated using technology that ...

This division of responsibilities makes the management of security in the hybrid cloud complex. A business system may contain components that are deli ...

Login Free 30-day Select Access Get full Access

3 Blueprint for a Hybrid Cloud Security Architecture

Organizations typically, use multiple cloud services from different CSPs including: office productivity tools from one service CSP, a CRM system from ...

Login Free 30-day Select Access Get full Access

3.1 Security Architecture Elements

A security architecture comprises six Elements and these need to be treated in a common way for all IT services however they are delivered:

  • Govern ...
Login Free 30-day Select Access Get full Access

3.2 Hybrid Cloud Security Architecture Blueprint

How these security dimensions fit together to form a complete security architecture is illustrated in Figure 5. Governance sets the business objective ...

Login Free 30-day Select Access Get full Access

3.3 Hybrid Cloud Governance Management

It is vital that common governance approach is adopted that covers all IT services however they are delivered.

Cloud services are outside the direct ...

The governance process starts from business objectives and defines a policy for the IT services to deliver on those objectives. These lead to the proc ...

Login Free 30-day Select Access Get full Access

3.4 Risk Management

There should be a common approach to managing risks across the organization and across the different IT service delivery models.

The risk management ...

In KuppingerCole’s view the most important risks associated with cloud computing are those described in the KuppingerCole Advisory Note – Cloud se ...

Login Free 30-day Select Access Get full Access

3.5 Standards

Security management processes and controls should be based on standards and best practices.

Standards are the distilled wisdom of people with expert ...

Cloud services are built using a technical architecture that may include both proprietary and standard protocols and interfaces. Many of these standar ...

Login Free 30-day Select Access Get full Access

3.6 Controls for the Hybrid Cloud

Controls are measures that reduce either the probability of a threat succeeding in compromising an asset or reduce the impact if it does succeed.

IS ...

There is no such thing as perfect security; managing security is always a question of balancing risk against rewards (see KuppingerCole Executive View ...

Policy, Organization and HR

Figure 10 summarizes the critical policy, organizational and HR security controls for the hybrid cloud:

  • There should ...

The controls over access to cloud services and data held in them are especially important since the cloud customer is always responsible for this. The ...

To ensure continuity of service and security, it is important that a cloud service is provided from an environment which is resistant to natural disas ...

Cloud services are provided by a third party and the security of these must be managed through a formal supplier / customer relationship. Organization ...

Login Free 30-day Select Access Get full Access

3.7 Audit and Assurance

Since cloud services are outside the direct control of the customer independent assurance of the service provided is critical.

The objective of the ...

Some relevant certifications and attestations include:

  • The ISO/IEC standards 27001, 27017 and 27018 are well established and compliance with these ...
Login Free 30-day Select Access Get full Access

3.8 Example Architecture for SaaS

As an example, to illustrate how this architecture could be applied Figure 16 shows a security architecture for SaaS. In this case the customer organi ...

  • The customer sets the objectives, policy and organization within which the SaaS service is used.
  • The customer is responsible for classifying the d ...
Login Free 30-day Select Access Get full Access

4 Recommendations

The hybrid IT service delivery model adds complexity to the management of security and compliance. Responsibilities for security are shared between th ...

Login Free 30-day Select Access Get full Access

Copyright

©2019 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole Analysts, founded in 2004, is a global analyst company headquartered in Europe focusing on Information Security and Identity and Access Management (IAM). KuppingerCole stands for expertise, thought leadership, outstanding practical relevance, and a vendor-neutral view on the information security market segments, covering all relevant aspects like: Identity and Access Management (IAM), Governance & Auditing Tools, Cloud and Virtualization Security, Information Protection, Mobile as well as Software Security, System and Network Security, Security Monitoring, Analytics & Reporting, Governance, and Organization & Policies.

For further information, please contact clients@kuppingercole.com.

top