Tia Hopkins Reveals Methods for Finding Balance in Hybrid Cloud Environments

When considering your cloud migration journey, there are many factors to evaluate to ensure efficiency, productivity, and security in a new environment. Hybrid clouds are a combination of public cloud, private cloud, and on-premises data centers that work together to share processes and data.

The concept is constantly evolving and presenting new management challenges for IT teams. What tasks go into the public cloud, and when? What data must stay on-premises? Who is responsible when something goes wrong?

In this archived keynote session, Tia Hopkins, chief cyber resilience officer and field CTO at eSentire, and Mayank Gupta, director of product marketing, AIOps and DevOps at Nutanix, share best practices and tips on finding the right balance for managing your hybrid cloud.

This segment was part of our live webinar titled, “Hybrid Cloud: The Great Balancing Act.” The event was presented by InformationWeek and sponsored by Nutanix on April 30, 2024.

A transcript of the video follows below. Minor edits have been made for clarity.

Tia Hopkins: I'm Tia Hopkins, I'm super excited to be chatting about hybrid clouds today. I really love this title, “Hybrid Cloud: The Great Balancing Act,” because the concept of a balancing act when it comes to managing hybrid cloud environments, it really is what it is.

Related:[Free Webinar] Hybrid Cloud: The Great Balancing Act

There is no magic formula for when you should move to the cloud, how far left you should shift in the cloud, or what workloads you should move to the cloud. It all comes down to the needs of your business, essentially, and how far down the path of digital transformation you want to go with the process.

So, we're going to talk about the security implications of clouds and the top threats, as well as other things to think about. We'll get into the operational aspects of it later in the presentation, so I'll just jump right in here.

Reasons Why Businesses Migrate to Hybrid Clouds

I wanted to start by talking about some of the top reasons businesses even migrate to the cloud, and there are several reasons on the slide here. Essentially at the crux of it, moving workloads and resources to the cloud becomes a business enabler.

It allows you to leverage the resources that you need, instead of over investing so that you have things when you need them. It allows you to scale for flexibility as well, which are all things we're familiar with. It also enables you to rapidly adopt technology or fail fast.

You're not over-investing in things to see if something will work or to see if it's the right thing, which wastes investments when you need to pivot from any strategy. The cloud really enables us to be more flexible, more agile, and rapidly adopt technology.

Related:How Today’s CIOs Drive Value

Obviously, moving to the cloud has great benefits that we're all familiar with it. When I think back to the beginning of the pandemic, we were figuring out how we were going to have users working from everywhere.

The most top of mind item for most businesses was migrating to the cloud, but there weren't many businesses that were ready to move. As I mentioned, there are several benefits to the cloud, but as we all know, with great power comes great responsibility.

Common Cloud Migration Challenges

I'm going to get into some of the challenges with migrating to the cloud, and being in a hybrid cloud environment as it relates to security. I'm going to start with evolving threats. This isn't much different from a fully on-prem environment, or a hybrid or fully cloud environment, but the threat landscape is evolving quickly.

Part of the reason for that is that the adversaries are leveraging advanced technologies as well. Think about AI, for example. The second that we get a new technology, the adversary has it as well, and attackers are looking to grow, scale, and be flexible, just like we are. So, the faster we move, the faster threats move.

Related:Exploring Ways to Enable Innovation and Efficiency Through Automation

And obviously, even though the cloud is enabling our businesses, it's also enabling the businesses of the adversary. So again, threats will continue to evolve, and this will continue to be a challenge.

Talent Availability

Moving on to talent availability, I'm sure we're all familiar with the cybersecurity skills gap. This doesn't change just because it's specific to the cloud.

I've had several conversations with organizations where one day, you've got someone that's specifically focused on developing applications in the cloud, and suddenly, they feel like they must become a security expert.

There are all these things that they need to be worried about when it comes to coding securely, being concerned about who has access to what application, or not even users, just different resources within the way the application is built. Having access to identity is a major concern as well.

Configuration Risks

Moving on to configuration risks, I'm going to foreshadow a bit here. There was a survey that indicated that the top threat that was discovered in cloud environments was misconfiguration.

The cloud is broad, especially if you've got multiple cloud environments, where you've got a hybrid environment and you're integrating them. There is a lot of risk for configuration, including errors that lead to gaps in your environment, especially moving from one environment to another.

Compliance Requirements

Moving on to compliance, obviously, moving things into the cloud broadens the attack surface, but your compliance requirements don't go away. Whether it's regulatory compliance that your organization needs to follow, pressure from your customers to ensure that their data is safe or ensuring that the applications that you're providing them with are available.

Whatever you're on the hook to comply with, hybrid cloud environments do complicate that because again, you're in multiple environments, which creates the risk of configuration errors that open gaps that could result in having a negative impact on the environment.

Security On-Prem Doesn't Extend to Cloud

Next up, unfortunately, security on-prem doesn't extend to the cloud. This is painful sometimes, because I have conversations with organizations that are fully on-prem who are looking to move into the cloud.

They're thinking about what we refer to as a lift and shift, where they just want to unseat what they have in their data centers and make it show up the same way in the cloud. You can do that to a degree, but it is still a different environment.

So, you do have to evolve the way you're thinking about the threats that could come against the environment, because you're not just within the four walls of your organization anymore. You're now behind the technologies that you've configured based on the risk assessment that you've done for your on-prem environment.

You will need to do another risk assessment when moving into the cloud, and assess the criticality of the workloads that you're putting in the cloud because the reality is, it might make more sense to keep some of those workloads on-prem.

The point here is that it's important to understand how you've secured your on-prem environment when extending it to the cloud, or completely moving it to the cloud. You must also understand the implications of moving into the cloud and consider what additional controls, processes, and policies that you may need to implement.

Limited Visibility

Limited visibility is a tough one, especially in the public cloud. Again, I've had several conversations where companies tell me that they have two accounts that are basically set up to choose their flavor of public cloud, and then an assessment is run.

And it turns out that there's multiple accounts and multiple public cloud environments. Then, when you bring shadow IT into the picture, there is no possible way to feel like you have your arms around everything that's going on in the environment.

So, limited visibility is really a challenge for organizations trying to secure their environments because you can't secure what you can't see if you can't see it. You don't know what it is that you need to protect.

And again, that opens gaps that could potentially lead to disaster in the environment. Having the right level of visibility into the environment is critically important to properly securing a hybrid environment.

Watch the archived “Hybrid Cloud: The Great Balancing Act” live webinar on-demand today.