We hear a lot about hybrid cloud. And for good reason: it’s projected to grow at a rate of 80% in 2017. Hybrid cloud solves a lot of problems, but it’s not perfect. We’ll tell you why.
What is Hybrid Cloud?
Hybrid is the bridge step for organizations that have on-premises IT infrastructure and still want to take advantage of the cloud. Many of these organizations are older and weren’t ‘born in the cloud’ as the latest cohort of startups have been. Organizations with existing infrastructure like that hybrid cloud enables them to move to the cloud, but not throw away everything that they already have. The hybrid nature of it means that IT organizations straddle both on-premises and cloud-based environments.
There are a wide variety of architectures for hybrid cloud, but generally they are made to look as if they are an extension of an on-premises infrastructure. Usually this means that there is a dedicated connection from the on-premises network to the cloud infrastructure. AWS has enabled this through their Direct Connect solution. In other instances, there may just be a VPN tunnel between the two infrastructures and that helps it look more like one. Hopefully the organization has leveraged a private cloud infrastructure for the cloud portion which translates to a more secure enclave rather than each device being publicly accessible.
What are the Benefits?
With hybrid cloud, organizations have a completely scalable, pay-as-you-need it infrastructure on call. As their business needs grow and change, they have the agility and flexibility to change. They haven’t invested in the “bricks and mortar” and so have no existing costs to worry about. They can easily pick-up and move to a different provider, service, or even change specific hardware or software needs at the push of a button. That agility translates into a faster moving enterprise. IT organizations know this and that’s why hybrid cloud is one of the fastest growing segments of IT infrastructure.
The #1 Issue with Hybrid Cloud
The one deadly issue with hybrid cloud is security – user management security to be more specific. The problem comes when IT organization’s treat their hybrid cloud as a separate, adjunct IT property. Hybrid cloud needs to be tightly integrated into an organization’s processes and infrastructure. The core of this is user access.
As the cloud side grows and becomes more complex, it will require more user management and reporting. If it isn’t integrated into the central directory services, the chances for a breach go way up. Why? User accounts are created ad hoc and terminated ad hoc. That translates into mistakes and people getting breached. It doesn’t matter to a hacker whether they get into your adjunct infrastructure or your core IT systems. It’s all the same to them. They’ll just move from one to the other and find the core digital assets regardless of their starting point. Creating another directory infrastructure in the cloud and not integrating that into the current directory services infrastructure is a huge mistake.
Making the Hybrid Cloud Secure
The key here is to have one central directory services infrastructure. That means one corporate user identity per individual that IT can control, track, and secure. When somebody is hired they can be quickly given access to everything that the person needs. More importantly, when a user is terminated, their access is deleted everywhere on the infrastructure – including those hybrid cloud resources.
This is so critical and cannot be overstated. Dormant accounts from previous employees are a major security risk (and a compliance violation). User accounts are all too easy to miss when everything isn’t tied together. IT admins face this challenge when they are leveraging Microsoft Active Directory and OpenLDAP. Both of those legacy directory services struggle to work well in the cloud for a variety of reasons.
Is Directory-as-a-Service® Right for You?
If you already have directory services and want to extend them to the cloud, use a cloud-based directory extension solution such as Directory-as-a-Service. If you don’t have a central, core directory, get one now! It is one of the most important steps you can take to securing your hybrid cloud infrastructure. If you would like to talk more about how you can avoid the risks inherent in hybrid cloud, drop us a note. We’d be happy to talk to you about it.