Hybrid multi-cloud deployments have become commonplace in the enterprise, resulting in data becoming more dispersed than ever. Not only do organizations have to consider which services should be run in on-premises, public cloud, private cloud or hybrid cloud environments; they must also determine how data security will be applied to protect and secure such dynamic workloads.

According to IDC’s “2018 Global CloudView Survey” of more than 5,700 firms, 81 percent of companies currently use or plan to use public clouds, and 86 percent of companies currently use or plan to use private clouds. This amounts to an overall increase of more than 30 percent from the previous year’s results.

By 2020, more than 90 percent of global organizations will have a multi-cloud strategy in place. Most organizations using public clouds will also deploy on private cloud platforms and leverage a hybrid cloud strategy.

This trend is reflected in the way organizations are consuming database management solutions. Common patterns include:

  • Deploying database management solutions on-premises or in private data centers (the heritage model). This remains a dominating pattern as organizations progress toward modernizing their workloads based on criticality and business impact.
  • Deploying traditional database management solutions on public cloud infrastructure–as-a-service (IaaS) models. For example, deploying Oracle database server on Amazon EC2.
  • Consuming database-as-a-service (DBaaS) solutions that are hosted and fully managed by a cloud provider. For example, a firm might subscribe to Amazon RDS for MySQL or Azure SQL Database.
  • Deploying database management solutions using cloud native architectures. This includes running databases like MongoDB within containerized environments such as Docker.
  • Combinations of all of the above.

Take Advantage of the Cloud With Visibility and Control

Security and IT organizations are working to keep up with the fast-paced innovation delivered through cloud service providers. At the same time, they are working to keep their data secure in accordance with evolving compliance mandates. As a result, taking a hybrid multi-cloud approach to data security is quickly becoming a critical requirement for organizations of all sizes. While it may seem like too daunting of a task at first, if the new practice is implemented correctly, it can become a source of positive differentiation for any business.

With regard to database management patterns, the fundamental drivers and use cases for data protection remain intact during the shift toward hybrid cloud architectures. Compliance, privacy and data security analytics are still the most compelling drivers. With that said, scaling data security solutions and best practices across a hybrid mix of on-premises, private and cloud deployment models introduces additional layers of complexity that must be addressed.

The widest cloud data security gaps are around visibility and control. While cloud deployment models improve IT speed and business agility and allow organizations to take advantage of the cloud’s elasticity and scalability, they also invoke new data security challenges due to the lack of fine-grained visibility and control. This is because cloud architectures work on a shared responsibility model between the cloud provider and the consumer.

For instance, with an IaaS model, the cloud consumer has the ability to implement data security measures similar to those which they would deploy on-premises. The user can then exercise tight controls through actionable policies. On the other hand, with a software-as-a-service (SaaS) model, cloud consumers often have limited visibility and control over the management of data running through that service — or none at all. They must rely on the limited, one-size-fits-all options offered by the cloud provider. This can greatly limit a company’s ability to exercise the granular controls needed to protect and secure their sensitive data.

Likewise, it is ultimately the customer’s responsibly to ensure proper data protection measures are in place, regardless of the chosen architecture.

Security Must Follow Data to the Hybrid Cloud and Back

A hybrid cloud data protection strategy must address these constraints by providing the means to augment and implement flexible and purpose-built data security measures based on industry best practices and regulatory standards. Specifically, it should fulfill requirements for:

  1. Visibility — The right level of visibility and granularity on data source activities is necessary to take purposeful action.
  2. Control — All normalized visibility must be centralized to make near-real-time, efficient and effective decisions, satisfy compliance demands, and identify data security risks.
  3. Flexibility — The strategy must be able to pivot and adapt to the changing cloud and IT landscape. To avoid cloud vendor lock-in, organizations should select cloud services and data security solutions that have the flexibility to evolve with changing technology and business needs.

When it is implemented correctly, hybrid multi-cloud data protection can help to address the aforementioned challenges and enable organizations to protect critical data across their choice of on-premises, public and/or private cloud services.

Learn more about Guardium multi-cloud data protection

More from Cloud Security

How I got started: Cloud security engineer

3 min read - In today’s increasingly cloud-focused business environment, cloud security engineers are pivotal in protecting an organization’s critical data and infrastructure. As experts in cloud security, they leverage their expertise to ensure that the ever-expanding amount of cloud data is safe from emerging threats and vulnerabilities. Cloud security professionals combine their passion for technology with a deep understanding of security principles to design and implement robust cloud security strategies. What experience do these security experts have, and what led them to the…

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

Lessons learned from the Microsoft Cloud breach

3 min read - In early July, the news broke that threat actors in China used a Microsoft security flaw to execute highly targeted and sophisticated espionage against dozens of entities. Victims included the U.S. Commerce Secretary, several U.S. State Department officials and other organizations not yet publicly named. Officials and researchers alike are concerned that Microsoft products were again used to pull off an intelligence coup, such as during the SolarWinds incident. In the wake of the breach, the Department of Homeland Security…

What you need to know about protecting your data across the hybrid cloud

6 min read - The adoption of hybrid cloud environments driving business operations has become an ever-increasing trend for organizations. The hybrid cloud combines the best of both worlds, offering the flexibility of public cloud services and the security of private on-premises infrastructure. We also see an explosion of SaaS platforms and applications, such as Salesforce or Slack, where users input data, send and download files and access data stored with cloud providers. However, with this fusion of cloud resources, the risk of data…