--- title: "Introduction " chapter: true weight: 5 pre: "1. " --- ## How the Hybrid Cloud Changes the Game for Security --- Organizations today are facing significant challenges as they adopt the latest technologies to power business success. With major shifts from physical, to virtual, to cloud having occurred in the past 10 years, architectures have changed significantly and the rate of change is not slowing down. Technologies like containers and serverless functions are already on the horizon for broad enterprise adoption, adding a new set of challenges for security teams. At the center of this technology shift are servers, the workhorse of the enterprise. Gartner, the leading IT research and advisory firm, explicitly points out that “Servers often host the most critical data in the enterprise and have different functionality than client endpoints.” The challenge is that the architectural shifts have established server workloads in multiple locations and in different formats, which makes securing them more complex than ever before. ### WHAT IS THE HYBRID CLOUD? The speed of change in IT architectures over the past decade is unprecedented. The introduction of virtualization technologies from companies like VMware took the deployment of servers from weeks to days, changing the way data center operations and security teams worked, and resetting expectations of speed for business project delivery. Only a few years later, the public cloud market, driven by offerings like AWS and Azure, enabled the deployment of servers in minutes instead of days, empowering businesses to deliver new applications and projects at speeds that have never been seen before. With new technologies like containers, Docker and “serverless” offerings like AWS Lambda or Azure functions, the rate of change for IT is not showing any signs of slowing down. ![Introduction](/images/evolution.png) With such rapid change, the ability for an organization to simply abandon existing deployments in favor of the latest technology is severely limited. The result is that most organizations will have an IT architecture that spans multiple deployment environments, with new projects embracing the most modern approaches, but running projects that continue to operate within their existing environments. This concept is what underpins the use of “hybrid cloud” when describing modern IT. Hybrid cloud includes a mix of on-premises, private cloud and public cloud services with orchestration between the environments. In this model, organizations can allow workloads to move between environments as computing needs and costs change, giving businesses greater flexibility, more deployment options, and increased opportunity for cost savings. --- ### SECURING THE HYBRID CLOUD The challenge of the hybrid cloud is that each environment requires different approaches to the way that security is applied. The good news is that security strategies like defense-in-depth remain relevant across all environments; it’s how they are applied in ways that are both effective and operationally efficient that change. For example, for infrastructure-as-a-service (IaaS) deployments, there is a shared security responsibility, with the CSP responsible for everything up to and including the hypervisor layer, and organizations responsible for everything they put in the cloud. ![Introduction](/images/shared_resp_model.png) It is important to remember that every workload in the data center, the cloud, or in a container has a different level of risk, which means a wide range of capabilities need to be available to appropriately protect instead of a one-size-fits-all approach. While having many security capabilities in a single product will help with this risk-based approach, they are only applicable if those capabilities help organizations solve real-world security challenges. ---