Mitigation Measures for Risks, Threats, and Vulnerabilities in Hybrid Cloud Environment
Blog Article Published: 10/22/2020
Written by: ZOU Feng, Co-Chair, Hybrid Cloud Security Working Group & Director of Cloud Security Planning and Compliance, Huawei
Narudom Roongsiriwong, Co-Chair, Hybrid Cloud Security Working Group & SVP and Head of IT Security, Kiatnakin Bank
Geng Tao, Senior Engineer of Cloud Security Planning and Compliance, Huawei
Hybrid clouds are often the starting point for organizations in their cloud journey. However, any cloud model consists of risks, threats, and vulnerabilities. Earlier this year, the Hybrid Cloud Security Working Group examined hybrid cloud model risks, threats, and vulnerabilities in its ‘Hybrid Clouds and Its Associated Risks’ white paper.
However, after this review of risks, threats, and vulnerabilities, it’s critical to identify adequate mitigation controls. This document covers countermeasures organizations can implement to improve hybrid cloud risk management and cybersecurity practices.
Existing private cloud security, public cloud security, and cross-cloud security environments should determine hybrid cloud security measures. When an organization starts its digital transformation with cloud platforms, most cloud environments begin with hybrid models that provide a smooth transition process with minimum disruption.
This paper elaborates mitigation measures for the following areas:
Mitigation Measures for Risks,
- Mitigate Distributed Denial-of-Service Attacks (DDoS)
- Mitigate Data Leakage
- Improve Perimeter Protection
- Aligned Service-Level Agreements (SLAs)
- Alignment of Cloud Skill Sets
- Comprehensiveness of Security Risk Assessment
Mitigation Measures for Threats
- Mitigate Malicious Insider
Mitigation Measures for Vulnerabilities
- Seamless Operational Processes
- Network Connection Assurance
- Centralized Identity and Access Lifecycle Management
- Integrated Security Management
Systematic design requires a complete end-to-end security solution. In addition to existing cloud security risks, users and cloud service providers must consider connection and collaboration, management tools and processes, and recognize the importance of governance, risk and compliance management (GRC), vendor management, legal, operations, and architecture security. Finally, the selection of a suitable hybrid cloud solution is an urgent problem for users from a security and compliance perspective.
Learn more about the Hybrid Cloud Security Working Group. Those interested in contributing to the Working Group’s body of knowledge are invited to join the group.