The following is a guest article from Suresh Sridharan, Senior Director, Technology Strategy at CA Technologies.
When it comes to the cloud, companies and organizations are often separated into two distinct categories: those who were born in it and those who adapted to it.
Companies like Salesforce were born in the cloud and are leading the charge when it comes to fully embracing a complete cloud-based business. On the other hand, many larger, legacy organizations operate a hybrid IT environment typically made up of public and private clouds, data centers housing servers, on-premises and Software-as-a-service-based applications and, yes, mainframes.
In a Gartner study published last year, 60 percent of respondents said they have replaced more than one-third of their IT infrastructure with cloud products. While the balance of cloud versus not cloud will shift, multi-cloud, virtual and on-premise are here to stay for the foreseeable future — with more than 90 percent of companies using a mix of hybrid cloud solutions.
Regardless of the pathway an enterprise takes to the cloud, security is a necessity. By understanding the differences in security demands for cloud and on-premises environments, enterprises can be confident applications and data across a hybrid IT landscape are secure from cyber attacks.
Securing hybrid IT
Operating hybrid IT environments expands the attack surface, intensifies risk for a business and exacerbates three common IT security challenges: IT complexity, cybersecurity workforce shortages and compliance violations.
Here are three tips on how to manage these challenges and secure hybrid IT environments with confidence no matter a company's size:
1. Reign in complexity
Complexity is a byproduct of hybrid IT. When an enterprise makes the decision to adopt a hybrid IT environment, they often face challenges with the lack of a consistent architecture running from end to end.
If done incorrectly, this can force a company to run heterogeneous environments with different identity management paradigms, security systems and overall experiences. This approach to hybrid IT can be costly, complex and risky to the overall security of the enterprise.
One way to reign in this complexity is to introduce automation into the process of monitoring for security threats across a hybrid of mainframe, distributed and cloud environments. In addition to simplifying the process, automation increases security by helping to look for abnormal user behavior and patterns and to respond more quickly. Cybercriminals are increasingly using automation in their attacks, and enterprises need to be ready.
2. Engage the business user and lessen the burden on IT staff
In today's digital economy, every business is a software business. The demand on IT staff — especially security staff — is growing despite a cybersecurity skills shortage. In last year's Harvey Nash/KPMG CIO Survey, 65 percent of CIOs said they believe a lack of talent will prevent their organization from keeping up with the pace of change.
This workforce and skills shortage puts an added burden on the IT team and increases the chance of error and business risk. To lessen the burden, some processes and decisions, such as who should administer a specific application for a business unit, could be shifted to the business user to streamline operations.
3. Address compliance more efficiently
In a hybrid environment where data may live in many different locations, adhering to regulations, like Global Data Protection Regulation (GDPR), Sarbanes-Oxley or PCI-DSS — can be a challenge.
Automation and enhanced analytics powered by machine learning can help jumpstart compliance initiatives by making data, regardless of where it is located, easier to gather, analyze and report to U.S. or global regulatory bodies. This gives auditors better visibility into known and unknown risks, which is especially helpful when it comes to addressing areas of known unmitigated risks.
Hybrid IT is here to stay
Hybrid IT is not likely to go away any time soon. Organizations will continue to blend on-premise data centers with mainframes, servers (virtualized or otherwise) and both public and private cloud. This mix invites security risk because of the complexity a hybrid model brings to corporate IT infrastructure.
How do you support IT and security pros who are managing this model? How do you address compliance across the new, blended environment? Each of these questions are critical for organizations seeking a successful transition to a hybrid cloud model.