The benefits of cloud services—along with the advent of hybrid workplaces—have prompted organizations to spend almost $74 billion on cloud infrastructure in 2021, up about 9% from 2020. According to Gartner, by 2026, public cloud spending will account for more than 45% of all worldwide enterprise IT spending, up from less than 17% just five years earlier. What about hybrid cloud security? 

Strong cybersecurity, privacy, and trust practices are imperative to protecting your business and people from online threats and risks, wherever they work. According to our 2023 Global Networking Trends Report, 41% of respondents said that securing user access to cloud-based applications is a top priority for 2023. All of this cloud focus means that most organizations will be tasked with managing and securing a hybrid cloud environment.

What is a hybrid cloud?

Today, many businesses are somewhere along the path of cloud migration as they seek the benefits of cloud services, including Infrastructure as a Service (IaaS) and Software as a Service (SaaS), along with some level of on-premises networking, storage, and software. Some of the most well-known public cloud services include Microsoft Azure, Google Cloud, and Amazon Web Services (AWS). They offer remote storage and SaaS applications, either for free or through purchase. Public cloud providers typically secure the infrastructure while customers must secure the data and workloads themselves.

Meanwhile, private clouds are maintained on premises for restricted access, with the data available only to authorized users. You can rely on a technology partner to provide your private cloud or build and manage it with your own IT team and data center. This offers organizations more control than with public clouds, but they tend to cost more, both to deploy and manage.

Over the past few years, organizations have been shifting workloads and apps from their data centers to multicloud environments. Most of their critical traffic is now internet-based, but they have not been able to move everything to the cloud and instead continue to rely on data centers, which are the heart of traditional architectures. For various reasons—complexity, regulations, staffing issues—many organizations find themselves in a hybrid cloud situation. In fact, our 2023 Global Networking Trends Report found that 92% of IT leaders report using more than one public cloud and over a third reported using four to more than ten. That’s a lot of added complexity!

What is hybrid cloud security?     

Typical network security entails the protection of a computer network and the data it contains. Network security’s primary job is to keep sensitive data safe from cyber attacks and to maintain the usefulness and stability of the network. Before internet and cloud services came into being, most security efforts involved siloed protection for on-premises systems and data centers. Hybrid cloud security encompasses safeguarding on-premises systems, cloud services, and everything in between.

The hybrid cloud, as a transition state for organizations that have not been able to move fully to the cloud, benefits companies by letting them manage workloads between on-site data centers and the public cloud. But with these advances come complex security issues and challenges.

What are the challenges of hybrid cloud security?

Why worry about hybrid cloud security? Let’s take a step back for a moment. Gartner suggests that most enterprise data centers are expected to move to the cloud by 2025, and the pandemic-fueled remote and hybrid working trend has intensified this push. The overall shift in network traffic from physical data centers to virtual public cloud infrastructure means more traffic is navigating public environments, with security becoming critical. The use of public clouds as IaaS and SaaS will continue to grow, yet traditional security approaches will not keep pace and will have a difficult time scaling.

We found that 41% of respondents of the Cisco 2023 Global Networking Trends Report said that securing access to cloud-based applications, mobile devices, or cloud-based solutions is the biggest obstacle IT leaders need to overcome when delivering on digital initiatives.

A very real challenge to maintaining security in a hybrid cloud situation is a skill shortage of professionals who understand the technology. Consider how long it takes your team to neutralize a new and unknown threat. Responding swiftly and effectively can be undermined by many factors, including:

• Mediocre threat intelligence
• Fragmented architecture
• Multi-step critical firmware updates
• Human error 
• Complex network security

What are the top security risks for a hybrid cloud?

Complex networking configurations aren’t the only risks involved in securing hybrid cloud operations. Traffic to the cloud, into the cloud, and across clouds must be secured and encrypted, especially when networking models differ across clouds (for example, using AWS for one and Google for another) it can be difficult to create secure connections among multiple cloud infrastructures.

As the environment becomes more complicated, monitoring and alerting systems must be configured specifically to catch real security breaches. However, when different cloud infrastructures are connected, real-time threat detection systems can sometimes erroneously identify the traffic between clouds as malicious. Such false alarms can be frustrating, and teams risk missing valid alerts in the clutter of erroneous warnings.

In addition to network-related vulnerabilities, SaaS apps can bring security exposure. For instance, users can fall prey to email phishing scams and/or experience frustration with authentication. This hindrance can lead users to employ workarounds that foil your attempt to keep systems safe and secure.

Hybrid cloud security architecture elements

Keep in mind that hybrid or multicloud environments increase operational complexity and can put security resilience at risk. Network complexity is often at odds with business agility and IT teams need dynamic solutions that feature centralized control over policy, access, and identity to deliver trusted, secure experiences at scale.

Many organizations look to evolve to a unified Secure Access Service Edge (SASE) solution to provide rich visibility, proactive insight, and comprehensive control for seamless IT management. Or they might choose cloud-managed access, like Cisco Meraki offers, with enforcement still happening via a virtual firewall appliance deployed in the cloud.

The essentials of a hybrid cloud security architecture include cloud-based security services such as a secure web gateway, cloud-delivered and virtual firewalls, DNS-layer security, robust traffic visibility and analytics through cloud access security broker (CASB), and data loss prevention. The security solution must also be able to receive real-time proactive threat updates from a credible source, such as Cisco Talos Intelligence. This will help keep your network, data, and users secure while freeing your IT team from tracking issues manually.

Best practices for ensuring hybrid cloud security

Despite the challenges we’ve discussed, organizations can employ certain best-practice tactics in a hybrid cloud architecture to reduce potential exposure. As you work to secure your hybrid cloud, be sure to choose a platform that can easily adapt to market changes, either natively or through trusted third parties. You may also want to consider choosing a platform that allows a choice between on-premises and cloud security functions—whichever is right for your specific use case within your environment.

You’ll also want to streamline your environment to avoid complexity. For instance, look for solutions that allow you to manage everything through one dashboard rather than dealing with multiple interfaces. You’ll want the ability to monitor WAN, access, and IoT technologies in one place with end-to-end visibility. And you want to see the overall health of each network and proactively solve issues before they become critical.

In addition, consider the skill sets necessary to implement, configure, and manage the security solution. You’ll reduce costs and the chance of human error when you choose technology that is easy to use and does not require specialized training.

How Meraki can help secure your hybrid cloud infrastructure

Meraki operates the industry’s largest-scale cloud networking service. Our cloud platform powers millions of networks worldwide and connects hundreds of millions of devices every day. The Meraki platform is robust yet simple to use. It can scale to fit the needs of businesses of every size, supporting networks with hundreds of thousands of devices at the enterprise level, as well as small businesses with only a handful of users.

In cybersecurity, we know that every minute matters. With Meraki, you can move at “the speed of cloud,” automatically responding to new threats in just minutes. In fact, security is a strategic priority for Meraki. We design and build all products with security in mind, and we’ll help you build greater network resiliency and strengthen your security posture while safely connecting users across any point of service for secure access. You’ll be able to deliver exceptional experiences that are seamless and secure yet easy to deploy and manage.

Our security technologies are delivered and updated through the cloud automatically. As new threat signatures or updates become available, we deploy them across all our customers, so they don’t have to think about firmware upgrades or schedule network downtime. In fact, Meraki can respond to new threats in less than ten minutes!

Benefit from hybrid cloud security today

The hybrid cloud reflects the transition between 100% on-premises and 100% cloud systems. While most companies fall somewhere in the middle, no matter where you are in your cloud journey, the Meraki platform can manage and secure your network from campus or branch to data center and multicloud.