It’s easy to get so caught up in the fervor that is “The Cloud” and “Digital Transformation” that we lose sight of the massive amount of code written over the last 40 years pre-dating the IaaS and explosively expanding SaaS landscape. Mainframe use – a mainstay of computing environments for decades and Hollywood favorite term – continues to grow, despite the transition to SaaS applications. The software code has stayed put, even as IT transitioned to Unix (now Linux) and Windows powered racked servers in the 90s and beyond, and now cloud. So how do we reconcile the explosive growth of IaaS, PaaS and SaaS with a continued reliance on private IT infrastructure?
It’s actually pretty straightforward. Okta, the single-sign-on maven, publishes a report of the applications most commonly accessed through their platform. What do Office 365, Salesforce.com, Jira, Slack and Zoom—all in their “Top 10” list—have in common? They’re productivity applications that provide value common across many industries, not just one industry or company. In no time soon will mass market applications replace massive code bases built over decades in any number of industries for three simple reasons – cost, complexity and intellectual property.
Indeed, a significant percentage of workloads will remain on premises in traditional IT infrastructure and private cloud and third-party colocation – 59% in 2020. This is on top of another trend – cloud abandonment (AKA IT repatriation) – with IDC reporting that 20% of IaaS consumers will return to traditional infrastructure and another 43% are targeting a transition from IaaS to on-premises private cloud.
This mixed deployment environment is what I’ll refer to as “Hybrid IT” – workloads split between third party hosted and privately hosted environments. This is not to be confused with “Hybrid Cloud” in which cloud deployments are split between public and private cloud. This hybrid IT environment presents special requirements for security architects particularly when considering the data that could find itself moving back and forth between the two environments.
Four considerations need to be addressed:
- User protection
- SaaS use governance
- Data exfiltration prevention
- Secure connectivity
User protection is straightforward in concept, but the wrong implementation can cause headaches for both the user and IT managers. The key is to establish consistent protection no matter how that user works or where they are – whether they are in an office or not. A hybrid approach here works well, too, connecting and protecting campus-based workers with dedicated web protection coupled with a cloud model for branch offices and remote users. Maximum end user performance while managing a single policy set for governance and one integration point with DLP for controlling data exfiltration via the web channel.
The cloud channel must be monitored to enable enforcement of organizational governance policy and to avoid use of apps that risk data loss. This same capability coupled with DLP is also essential to avoid the possibility of shadow data and inappropriate sharing of data.
The last but certainly not least element is secure connectivity to web and cloud that does not burden private WAN networks that may connect branch offices to corporate and colocation sites. SD-WAN offloads private WAN to reduce costs and improve performance.
In summary, hybrid IT security focuses on (1) centralizing capabilities like SSL decryption and URL filtering, to reduce the appliance and upkeep costs from an on-premise model and (2) placing controls and protection where applications, people and data are. Not every organization will be 100% cloud and that’s OK. Just be sure to build the compliance and security stack that ticks all the checkboxes.
Watch the webinar, Protect Your Hybrid IT Environment with Direct-to-Cloud Connectivity & Security.