Security in the hybrid cloud
- 17 April, 2018 10:05
Cloud services are not new. Many of the technologies, such as remote access to applications, ready-to-use infrastructure and pre-configured environments have been around for many years. What has changed is the scope of different services and the scale they can offer. The idea of having to size a system before deploying it is disappearing as new cloud platforms offer almost infinite scalability.
Recent research suggests that businesses will be spending more on the cloud than ever before with a recent Forbes report finding more than half of the global expenditure on IT to be cloud-based this year and that 60–70% of all software, services and technology spending will be cloud-based within two years.
And a report conducted by Intel recently found that 80% of all IT budgets will be committed to cloud apps and solutions in the coming year with "cloud first" being a common buzzword in corporate boardrooms.
But that opportunity also brings new challenges, particularly when it comes to security. Different types of cloud services provide a wide range of different protection for your applications and data.
For example, when you subscribe to an online accounting or customer relationship system service, you are trusting that the service provider will handle your data appropriately, protecting it when it's at rest and in-flight, as well ensuring it's backed up. In order to ensure those activities are carried out to a level you're satisfied it may be worth adding your own security processes to those of the service provider.
“All public cloud providers provide some level of security, but they also are careful to point out that BYO Security is welcome and encouraged. After all, the data you store whether your own or your clients, is your responsibility, and with great emphasis on accountability and breach reporting, it pays to understand what Security is baked into the public cloud provider’s offering and what gaps do you need to fill yourself," says Swapneil Diwaan, Business Manager, Fortinet at Ingram Micro, the largest Fortinet distributor and Authorised Training Centre.
But platform providers, sometimes called Platform as a Service (PaaS), that offer environments with operating systems, databases and other foundational software provide different service levels, as do businesses that simply provide hardware for you to install everything to. These are Infrastructure as a Service, or IaaS, providers.
A few years ago, public cloud providers were still new to the market and hadn't yet built trust with potential customers, especially the lucrative enterprise and public sectors. Part of building that trust comes through proving compliance with important laws, regulations and standards. This is why the likes of Amazon Web Services and Microsoft Azure have invested heavily in not just building physical infrastructure but ensuring compliance with regulations and standards with hybrid clouds provided by local MSPs filling the gap to secure those services.
However, while hybrid cloud providers have improved their systems, the onus remains on customers to ensure they remain compliant. It is possible to deploy a system on a cloud provider's infrastructure but not ensure compliance or security. That's where trusted partners, like your MSP, Fortinet and Ingram Micro can help as they offer specialty services and systems to ensure your security and compliance go beyond the usual cloud provider checkboxes and differentiate them from competitors that might be using similar service providers.
Compliance is an important element of any business' security planning. And with new regulations such as the recently introduced National Data Breach (NDB) notification scheme in Australia and the General Data Protection Regulation (GDPR) in the European Union taking effect in May 2018, it's important to ensure businesses have their infrastructure and processes in order.
These changes in regulatory systems and the rapid change in how applications are designed, deployed and used have resulted in some significant challenges for companies. Scale is no longer a limiting factor with service providers offering services such as FortiVM that let you quickly deploy virtualised appliances such as firewalls and purpose-specific servers.
There is now a global skills shortage in information security and compliance that has resulted in both a scarcity in the number of qualified and experienced people that can be hired and an increase in their salaries as a result of that supply and demand. Managed service providers are able to assist as they can hire people with the skills needed. And, as one cloud provider can host thousands of environments, one security team can look after all those systems so the costs are shared.
Cloud service providers live and die by their reputations. That makes security one of their highest priorities right through the entire design of the services they deliver. The cloud environments they create are designed to be shared. So the protection of data that ensures one client doesn't see another's data and that unauthorised access is blocked is built into the design of the environment. Security by design is a core service - not something that's added later.
Service providers need to provide services that can meet the needs of many different clients. As a result, they have built their systems so that they can be rapidly updated to take advantage of the latest security features because that's part of their market advantage. That includes ensuring their systems support compliance with international standards such as GDPR.
Getting that right, for new aspiring hybrid cloud service providers seeking to offer more than the players already in the market, means finding the right partners, such as Ingram Micro and Fortinet, can help them build differentiated services that meet the needs of businesses making the move to cloud services.
The expertise that service providers bring to this goes beyond the technical. The right service provider for your business won't just provide a room filled with server hardware and applications. A trusted partner, like Fortinet, will support you so the deployment of your systems is done with the utmost attention to security and compliance.
As cloud service continue to become the first option for businesses, finding the right partner that can offer services, systems and support that deliver the best options to support your business are vital. That means finding someone that can work with you to choose the right cloud solutions, with training and support for your business so that it remains secure and compliant.
For more information on how to build and configure your hybrid cloud offering, contact Ingram Micro's Solution Architects:
James Meuli - James.Meuli@ingrammicro.com
Rod Christie - Rod.Christie@ingrammicro.com