Cloud or not cloud - this is often not a question...
Some even compare the hybrid cloud as a transition technology from one's own data center to the public cloud to drugs - the "first shot" being free...
Accordingly, security concepts and solutions that secure on-premises and cloud-stored workloads (or transition) are dismissed.
Of course, there are use cases in which legal reasons prohibit the outsourcing of data and processes to third parties. Nevertheless, many overlook a crucial aspect: not every company has the necessary size at which it is possible or economical to operate IT in its own data center.
Smaller companies cannot choose whether to vote for or against "the cloud" - many services are now effectively only available as a subscription model in the cloud (SaaS): from such simple things as e-mail, calendars and contacts on laptops and cell phones, to file-sharing and office software, to travel expenses or vacation plans.
Even in the operation of own applications, the trend is moving away from own static to PaaS or IaaS offerings. Especially if the web offering is business-critical, the effort and knowledge required for the highly available operation of root servers is often not affordable.
With PaaS or IaaS offerings, on the other hand, this is often just a checkmark in the configuration interface....
One thing must not be forgotten under any circumstances: The majority of German companies are "hidden champions" in the SME sector. Those companies that are not in the luxury situation of being able to keep everything in-house must also be listened to - and given tools to use the services securely.
Large companies often have their own IT, possibly in their own data center. The path to the cloud leads from hardware via virtualization to IaaS offerings, a classic hybrid cloud scenario. You replace your own hardware in the data center, but retain the operating model.
Some services, especially those developed in-house or internal, may be outsourced to PaaS providers or purchased as SaaS services. From an IT security perspective, solutions that can enforce security measures transparently and independently of the infrastructure are an option here.
Smaller companies often take the opposite approach. The services initially deployed are often found in the SaaS area. As they grow in size, demand increases, and requirements become more specific, individual services may migrate first to PaaS and then to IaaS platforms.
In the case of critical data and processes, the last step that is sometimes conceivable is to move from public IaaS offerings to the company's own virtualized hardware. In this path, the hybrid cloud is something positive even for opponents of the public cloud; namely, the possibility of bringing data and processes back into one's own data center.
Here, too, security solutions that cover all stations play a crucial role. They allow proven security policies and mechanisms to be "carried over" regardless of the underlying platform. One can certainly be divided on the security level of the public cloud.
However, a blanket rejection of the cloud and the demonization of transitional technologies are neither sensible nor effective. After all, many companies simply have no choice!
The use of the hybrid cloud allows the "smooth transition" in both directions - which security solutions and concepts should not stand in the way of, but rather migrate along with. For large companies it is the transition from their own IT to the cloud, for many smaller ones it is the possibility of transitioning from the cloud to their own IT.
Every security manager is well advised not to blindly submit to dogma, but to make an informed decision in the context of "his" company. In addition to the required level of security and the size of the company, this also includes economic framework conditions, both in the present and for the future on the way to the cloud - or from the cloud.
DE
EN
ES
