SafeBits by Luci

Securing Hybrid Architectures

Cloud technologies have been trending for a fair number of years now and for good reason – they offer benefits difficult to replicate with traditional infrastructures. In fact, forecasts expect annual growth in the industry of 15-20% in 2023 and beyond.

That doesn’t mean organisations should abandon existing infrastructures or should rely exclusively on cloud computing for emerging projects. As is always the case with technology, choosing the right tool for the job is imperative for any investment.

Whichever the approach, today’s landscape means security can no longer be an afterthought. A cybersecurity professional is here to help with that.

Securing Hybrid Architectures

What I can do for you

With a strong technical background and experience with on-premises, datacentre, public cloud and hybrid infrastructure architectures, I can take a leading role in projects comprising:

  • information security assessment for designs or deployments;
  • analysis of competing alternatives for designs, in terms of their risk exposure;
  • evaluation of providers or the security technologies they make available;
  • migration of existing systems to take advantage of cloud technologies;
  • development of cybersecurity policies, standards, guidelines or procedures for the architecture of new products or services.

It is important to remember that different architectures will have different cybersecurity implications and, often, require specialised solutions to reduce risks.

Why choose the public cloud

Public cloud technologies, whether from AWS, GCP, Azure or others, are attractive for two main reasons:

  1. on-demand resources – a vast amount of computing resources put at one’s disposal, with instant availability and the ability to pay for them only when they are needed;
  2. solid building blocks – in effect, a framework that offers a standardised foundation for building complex systems, with a focus on security and scalability.

While the former is certainly great for sustaining growth and simplifying costs, sometimes even reducing them, it’s the latter that offers even greater opportunities for cybersecurity. These building blocks impose a structure that can automatically bring very useful benefits. It’s enough to look at one example to understand this: data stores.

Most cloud providers offer a mix of various data storage technologies, with particular properties and suitable to different types of data flows: object storage, wide-column databases, document databases, relational databases. Designing systems using them means that:

  • the right type of store for each data class can be used, as they are all already integrated into an ecosystem;
  • the use of a unified, enforced access control mechanism, usually as part of the entire framework’s IAM system, can be leveraged to achieve good confidentiality and integrity protection levels;
  • information security is also improved in terms of availability, through built-in resilience and scalability capabilities;
  • some options provide traceability guarantees, through the use of tamper-proof audit logs;
  • with compute services discouraging data persistency, a clearer picture of all the data and its flows becomes apparent, greatly aiding the enforcement of a security policy.

Some of these properties actually emerge because an organisation using public cloud services is not in full control of the systems and its data and, effectively, it is the cloud provider that imposes limitations. Take, for instance, the tamper-proof audit trails: it is the fact that no staff member has to manage the audit trail that offers the guarantee that an attacker cannot meddle with it, either. While the theoretical implication here is that an attack on the cloud infrastructure itself, whether from an internal or external actor, can interfere with an organisation’s operations, providers do go to great lengths to reduce the risks as much as possible.

As this section highlights, cloud technologies can enhance a system’s architecture, but they do require specialised expertise to securely and effectively bring it to life.

Why choose the private cloud

Private cloud infrastructures bring the technologies that the public cloud providers offer to an organisation’s own, on-premises or datacentre hardware. Similar benefits unfold from this approach, but it is the differences which are more interesting to emphasise:

  • the hardware will effectively impose limits on processing and storage, which requires appropriate dimentioning to support growth, as well as any unexpected peaks;
  • solutions can be more easily chosen to avoid vendor lock-in;
  • the organisation has full control over customisation;
  • specialised expertise is required to manage the systems;
  • the organisation is exclusively in charge of its systems, which has upsides and downsides.

Choosing a private cloud solution means that an organisation can leverage the dynamic resource allocation and the structure imposed by the building blocks to achieve an efficient investment, in spite of the relatively high operational costs.

Why choose on-premises or datacentre solutions

While the term ‘legacy’ is sometimes applied to contrast ‘cloud-native’, the simple fact is that not all systems can take advantage of the properties of cloud technologies. In some cases, these add a layer of complexity that is unnecessary – complexity often increases risks and costs for cybersecurity.

For some off-the-shelf or simple solutions, forcing them to an IaaS environment may be possible, but overall detrimental. For other complex architectures, it can be a matter of:

  • stringent compliance requirements;
  • intrinsic inability to benefit from flexible resource allocation;
  • necessity for fine-grained control;
  • avoiding vendor lock-in;
  • cost.

These all derive from the fact that cloud technologies are a framework, an abstraction layer that offer incredibly useful features, but not without a price.

Best of all worlds

The great news is that a system does not need to be restricted to a single type of technology. With the help of an information security professional, taking advantage of strengths inherent in each can lead to a design that is future-proof, secure, efficient and cost-effective. I am always happy to have a chat about your requirements.