Hybrid cloud network security

According to McAfee's report, Building Trust in a Cloudy Sky, released in April 2017, hybrid cloud adoption grew three times in the previous year, which represents an increase from 19% to 57% of the organizations that were surveyed. In a nutshell, it is realistic to say that your organization will have some sort of connectivity to the cloud sooner or later, and according to the normal migration trend, the first step is to implement a hybrid cloud.

This section only covers one subset of security considerations for hybrid clouds. For broader coverage, read A Practical Guide to Hybrid Cloud Computing. Download it from http://www.cloud-council.org/deliverables/CSCC-Practical-Guide-to-Hybrid-Cloud-Computing.pdf.

When designing your hybrid cloud network, you need to take everything that was previously explained into consideration and plan how this new entity will integrate with your environment. Many companies will adopt the site-to-site VPN approach to directly connect to the cloud and isolate the segment that has cloud connectivity. While this is a good approach, usually site-to-site VPN has an additional cost and requires extra maintenance. Another option is to use a direct route to the cloud, such as the Azure ExpressRoute.

While you have full control over the on-premises network and configuration, the cloud virtual network is going to be something new for you to manage. For this reason, it is important to familiarize yourself with the networking capabilities available in the cloud provider's IaaS, and how you can secure this network. Using Azure as an example, one way to quickly perform an assessment of how this virtual network is configured is to use Azure Security Center. Azure Security Center will scan the Azure virtual network that belongs to your subscription and suggest mitigations for potential security issues, as shown in the following screenshot:

The list of recommendations may vary according to your Azure Virtual Network (VNET) and how the resources are configured to use this VNET. Let's use the second alert as an example, which is a medium-level alert that says Restrict access through internet-facing endpoint. When you click on it, you will see a detailed explanation about this configuration and what needs to be done to make it more secure:

This network security assessment is very important for hybrid scenarios where you have to integrate your on-premises network with a cloud infrastructure.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.217.7.174