The Doppler Quarterly Fall 2019 | Page 19

GCP, offer encryption management capabilities foundational to their platforms. They have made enterprise encryption easy, so there is no reason you should not encrypt everything. Doing so also provides a failsafe in case of any misclassified data. But this encryption advantage becomes complex when managing data across a Hybrid IT, Hybrid Cloud or Multicloud landscape. While standardizing on data risk classification across Hybrid estates is somewhat straightforward, the execution of both encryption and key management should be evaluated based on business needs and the environ- ment’s capabilities. Key management functions from different cloud service providers vary, and your key scoping strategy needs to reflect these differences. If you adopt a multicloud strategy, you will have to determine if the edge of your key scope is also the edge of your CSP environment, and how to address decryption/re-encryption for data transfers between environments, egress costs notwithstanding. Alternatively, you can either: abstract out your key management strategy; leverage a hardware security module (HSM) to help manage keys; or leverage one cloud provider’s key management system (KMS) as the master key provider. Each of these approaches has advantages and disadvantages, but it is critical to work through them for the most effective Hybrid deployment. Responding to Threats If you are implementing security practices across environments, your team will need to understand the architectural differences between environments so they can remediate them effectively. They also have to understand how the access to all the environments interoperate. What, if any, logical firewalls do you have between environments? And how are you monitoring them and doing threat hunting as a whole? This is where training and automation play key roles. Your staff needs to be fully trained in the relevant architectures to be able to investigate and remediate threats properly. Over time, you want to integrate principles of SOAR (Security Orchestration, Automa- tion and Response), so you can automate remediation for straightforward tasks such as malware protection. Automate those things you know are a problem in your environ- ment and address them in a standardized way. That allows your team to focus on those things you know are higher value. Conclusion Companies that fail to embrace a strategic approach to security in Hybrid IT miss out on the real value cloud can provide. Many are trying to pay attention to their security needs, but often they do not know where to start. Many have not made the transition to security automation at scale, and do not understand what the adoption of infrastructure as code will mean to their security operations. Demand for these capabilities will increase in order to operate securely and effectively when scaling any variant of a Hybrid model. One size does not fit all. There is a lot to consider, and companies should not enter into this challenge without a lot of thought. Deploying the right mix of standardization, instrumentation, training and automation, they can develop a plan that addresses both their security and their operational needs in the cloud. FALL 2019 | THE DOPPLER | 17