Having to think about how hybrid cloud operations fit into a company's overall information security management scheme could help IT departments reset the appropriate level of security for the processes across the entire enterprise, argues Pat O'Day, CTO at Bluelock, a VMware based cloud service provider in Minneapolis.
"We now get to think about how to set the right level of security on a application-specific, a process-specific or even a data-specific basis," says O'Day, a condition that gives enterprises a lot of leeway in terms of where they want to spend resources on security.
Rand Wacker, vice president of products for CloudPassage, a cloud server security vendor, suggests customers take the strictest security scenario -- most likely pertaining to hybrid cloud usage because there are direct links between the public cloud and on-premise resources -- and set the most stringent security policy for that level of risk.
ISACA's Spivey advises clients that whatever security policy they establish, they must be sure that it is portable. "Don't lock your policy to your cloud provider," Spivey says. There will be a time down the road where you will want to migrate away from them for either price or performance reasons and you don't want to have to rethink your whole security policy to make the switch, he says.
Burns is a freelance writer. She can be reached at email@example.com.