Making hybrid cloud environments more secure and manageable
By Lennie Tan, Regional Director of Asia Pacific and Japan for One Identity
CLOUD has become the new normal. When it comes to cloud adoption, it is no longer a question of “if” but rather “when”. Asia Pacific is at the forefront of embracing the technology. The Cloud Readiness Index 2016 from the Asia Cloud Computing Association places Hong Kong, Singapore, New Zealand and Australia above markets such as Germany, the United Kingdom and the United States, for example.
As cloud adoption grows, hybrid cloud solutions are gaining traction. IDC has predicted by the end of 2017, 60 percent of the top Asia Pacific 1,000 enterprises will have digital transformation as a key part of their strategies, underpinned by hybrid cloud architectures.
In its annual report for 2016, released last October, Microsoft reported over 70 million people worldwide use its cloud-based productivity tool Office 365. In Asia Pacific, Microsoft saw its cloud platform Azure grow in the triple digits in the first 10 months of 2016. What these statistics show is strong recognition of the benefits of on-demand cloud services in the enterprise and support for a growing number of forecasts for hybrid cloud adoption in the region.
— Red Hat Ansible (@ansible) June 16, 2017
However, while enterprises in the region are open to relying on cloud services for part of their business needs, many remain firmly in the on-premise world at the same time. This hybrid environment, coupled with the ubiquitous use of mobile devices for checking email and other work purposes, has many benefits such as increased agility and scalability. On the downside, it can become more difficult to track who has access to data, where that data resides, or even how that data is accessed when an organization has to manage multiple clouds as well as on-premise solutions.
Take for example the need to maintain Active Directory (AD) for on-premise Windows authentication and authorization, as nearly 90 percent of organizations worldwide do, and cloud-based Azure Active Directory (AAD) for the same purposes so that employees can use Office 365 and Exchange Online. These two directories must be synced and managed properly, but this is easier said than done.
There are features in AD which do not exist in AAD, and vice versa. As a result, IT departments typically need two tools for directory management – one for AD environments and another to perform the same tasks for AAD environments, analyst firm Kuppinger Cole has noted.
This is cumbersome, and as each tool may have widely different capabilities, enterprises maintaining such hybrid environments could end up struggling with dangerous gaps in security and crippling inefficiencies. In worst case scenarios, organizations may be wasting time and money on their technology and cloud investments, suffering data breaches, or facing compliance failures.
What organizations need are solutions that can address these issues across the entire hybrid cloud platform. Some key characteristics organizations should consider:
- Support of strong integration across on-premise and cloud solutions. A management console for the AD/AAD hybrid environment that unifies the critical account and group management requirements across both environments would be very useful.
- A high degree of automation to streamline workflows and increase consistency across the hybrid environment is ideal. Automation reduces human error and helps secure the administration of hybrid environments.
- Secure access management. In the case of AD and AAD, there are tasks such as providing new employees with privileges to all the necessary applications, such as Exchange, Exchange Online, SharePoint, SharePoint Online and Office 365. What is sometimes overlooked in popular tools is the need to remove such accounts from the system when an employee leaves or is terminated, so that unauthorized access to sensitive data through human error, oversight or malice can be virtually eliminated.
- Privileged account management. Analyst firm Forrester estimated in a Q3 2016 report 80 percent of security breaches involve privileged credentials. In hybrid environments, the challenge is doubled as there are distinct and separate privileged credentials for AD and AAD. Privileged users should only be assigned just enough permission to do their job – nothing more and nothing less. It removes the potential for individuals to inadvertently or maliciously take actions beyond their role and responsibility.
The need to support hybrid cloud environments, particularly in the AD/AAD world, is only going to grow in the region over time as companies execute their digital transformation strategies and deploy hybrid cloud solutions in their push to deliver innovation. Organizations that adopt solutions which can effectively integrate, automate, secure and streamline various aspects of the hybrid cloud will ensure they can truly benefit from their cloud investments.