Comprehensive Guide to Hybrid Cloud Data Protection
In this guide learn about the benefits of protecting data in a hybrid cloud environment. Start with some definitions and get to considerations and challenges. Take it all in or feel free to jump directly to any one of the sections listed below.
- What Is Hybrid Cloud Data Protection
- Hybrid Cloud Security vs. Hybrid Cloud Data Protection
- Hybrid Cloud Architectures
- Hybrid Cloud Data Protection: Features and Benefits to Consider
- Challenges of Hybrid Cloud Data Protection
- Streamlining Hybrid Cloud Data Protection
What Is Hybrid Cloud Data Protection?
Hybrid cloud architectures are both common and diverse, with data and applications existing across multiple on-premises and cloud platforms. With data in danger of being compromised or lost due to a cyberattack and other types of disruptions, it must be protected across all the platforms where it resides. Hybrid cloud data protection is the implementation of a data protection strategy across a hybrid cloud computing and storage infrastructure.
The Relationship between Data Protection and Cyber Resilience
Data is a critical resource for operating any organization, and data protection encompasses strategies and efforts to safeguard data by creating backups or recovery data copies from which data can be recovered in the event of loss or compromise. More recently, cyber resilience has taken a more prominent role in data protection strategies as recovering data from a cyberattack like ransomware requires a specific set of considerations. Cyber resilience is one part of a data protection strategy, alongside the ability to recover from non-cyberattack events like natural disasters and accidental deletions. Conversely, data protection in the context of recovering from a cyberattack is one part of a cyber resilience strategy, alongside cyber security and efforts to prevent a cyberattack from happening in the first place.
Hybrid Cloud Security vs. Hybrid Cloud Data Protection
Cyber Security and Data Protection
Cyberattacks are now one of the biggest threats not just for data theft but for holding data hostage through ransomware attacks. Even when victims pay ransoms, they rarely recover all of their data. Cyber security is more important than ever across both on-premises and cloud architectures. While cyber security and data protection used to be separate disciplines, with the rise of cyberattacks threatening data, the two have become more closely entwined with data protection and recovery playing an important role in security frameworks.
Cyber Security and Cyber Recovery in General
The combination of cyber security and data protection includes both prevention, which is classic cyber security, and cyber recovery which is a newer discipline emerging from disaster recovery. Prevention includes security measures like multi-factor authentication, least privileged access and zero-trust policies, intrusion and malware detection, and many other measures intended to prevent attacks from happening. Cyber recovery focuses on restoring data and services after an attack has successfully begun. Since no prevention measures are 100% effective, cyber recovery is crucial to mitigating the damage of cyberattacks that successfully bypass security measures.
Cyber Security and Cyber Recovery in a Hybrid Cloud Architecture
In a hybrid cloud architecture, security can become a little more complex with managing both on-premises and cloud administration accounts, but in some ways this complexity can make it harder to attackers to compromise the necessary accounts to attack both on-premises and cloud systems, particularly when targeting recovery data across platforms. For hybrid cloud security, all of the same security principles apply whether data is in the cloud or on-premises and account security and data security are important for prevention. For cyber recovery, a hybrid cloud environment provides more flexibility in choosing the most secure locations for protecting data in isolated and air-gapped networks. While we are focused on data protection here, it is important to consider the context of a cyber resilience strategy that encompasses both cyber security and cyber recovery in hybrid cloud.
Hybrid Cloud Architectures
Creating a hybrid cloud data protection strategy begins with identifying a hybrid cloud architecture. Some early definitions of hybrid cloud architecture revolved around implementing both private cloud on-premises and public cloud that interacted with one another as extensions of a single managed cloud platform. Since then, many forms of hybrid cloud architecture have emerged, including many combinations of cloud computing services. A combination of on-premises computing and cloud computing is the foundation for any hybrid cloud architecture.
Here are some common hybrid cloud architectures:
● Cloud-based software as a service
Many organizations have adopted software as a service applications (SaaS), such as Microsoft 365, Google Workspace, Salesforce, and others. This software may exist in addition to other cloud infrastructure services or be the only cloud element alongside an on-premises data center.
● Cloud as data protection
Many organizations have adopted cloud as a recovery site to store recovery data and backups, then run applications and provide access to data in the cloud in a disaster event.
● Multiple datacenters across on-premises and cloud
Even smaller organizations may have data and applications running in both on-premises infrastructures using infrastructure as a service (IaaS) or platform as a service (PaaS) offerings from cloud providers.
● Hybrid cloud by mergers and acquisitions
Many organizations have found themselves with hybrid cloud architecture as a result of acquiring or merging with another organization with different cloud services and infrastructure than their own. This can result in multiple cloud platforms and on-premises sites involved.
● Multi-cloud hybrid cloud
As previously mentioned, many cloud services can be involved in a hybrid cloud architecture. Many organizations find themselves operating across multiple cloud platforms rather than a single cloud provider to achieve the desired applications, services, and capabilities they believe are optimal for success.
There are many other types of hybrid cloud architectures based on the cloud services available. A hybrid cloud architecture could be any combination of on-premises and cloud computing imaginable.
Hybrid Cloud Data Protection: Features and Benefits to Consider
As hybrid cloud architectures can be more complex than on-premises or pure cloud architectures, it is important to consider certain features that are particularly beneficial to hybrid cloud data protection.
Agile Solutions
With so many potential components to a hybrid cloud architecture, a data protection solution should be agile in terms of ease of implementation so that new data and applications in the architecture can be protected quickly and easily.
Flexibility
Managing multiple on-premises and cloud platforms can be challenging. A data protection solution that can flexibly support multiple platforms can simplify management.
Expense Management
A common benefit of cloud computing is that it can be billed as a service or operational expense (OpEx) rather than a capital expense (CapEx). With a data protection solution, this may also be desirable to make expenses more predictable and flexible.
Data Control and Privacy
As with any data, data in the cloud needs to be protected, even from the data protection designed to protect it, so there should be features or methodologies in place like role-based access control, least privileged access control, and multi-factor authentication.
Disaster Recovery and Business Continuity
Backup solutions are available on nearly all on-premises and cloud computing platforms, but backup alone may struggle to meet service level agreements (SLAs) or desired recovery point objective (RPOs) or recovery time objectives (RTOs). Being able to replicate data in real time and fail over within minutes during a disaster event can allow an organization to be back up online, in production in a fraction of the previous time, with nearly zero data loss.
Multiple Platforms and Accounts
Having multiple platforms and accounts may seem like an unwanted complexity rather than a benefit; however, this can offer layers of protection against cyber criminals. System vulnerabilities are often platform-specific, so using different platforms for data protection can make it more difficult for attackers to access the other platforms. Similarly, if a privileged account is compromised by an attacker, the attacker only has access to what that account can access. If each platform uses a different account to manage it, it can make it very difficult for an attacker to gain access.
Challenges of Hybrid Cloud Data Protection
Hybrid cloud architectures can range from basic to very complex, but there can be challenges specific to hybrid cloud data protection no matter how simple or complex an architecture is.
Shared Security Responsibility
Cloud services have a shared security responsibility with you to make sure your data and applications are not compromised as they reside on their infrastructure. While it is important to choose a reliable cloud provider, you must be diligent in how you configure user access to applications and data in your networks that access the cloud applications and data.
Incident Handling
The more cloud platforms you have in your hybrid cloud, the more subject matter experts and cloud providers you must bring together when a disruption incident occurs to resolve the issue. This can be mitigated with careful planning and making sure all responsibilities are managed, but because having so many experts involved requires more coordination, it can slow response times.
Compliance and Auditing
Reporting for compliance and auditing can be more challenging across multiple cloud platforms due to differences in reporting and metrics associated with each platform. This can make auditing more complex and more costly.
Multiple Vendor Solutions
Data protection solutions are typically limited to specific platforms and services they support. Having to deploy multiple vendor solutions to provide data protection can result in varying levels of RPOs and RTOs and various sets of expertise needed to administer the different vendor solutions. Where possible, having a single vendor solution that can protect data and applications on multiple on-premises and cloud platforms can greatly simplify data protection and require fewer administrators to manage it.
Cloud-Specific Experts
No two clouds have the same interface or operational controls. With each cloud comes new expertise needed to take advantage of the features of that cloud platform and its services. While some IT professionals can become experts on multiple platforms, the workloads and duties often present the need for specialized cloud experts per platform.
Many-to-One or One-to-Many Architectures
Having multiple sites and clouds will often lead to more complex data protection topologies, including one-to-many or many-to-one architectures. Not all data protection solutions can perform these more complex topologies, so make sure the data protection solution you choose meets these needs as appropriate.
Native Cloud vs. VMware in the Cloud
Most public cloud providers offer some form of VMware service in their cloud, which helps to simplify cloud management where VMware is running on premises also. However, VMware services in the cloud are often more expensive than native cloud IaaS, so it can be more cost effective to use the native platforms if you have the right expertise in place to do so. Each native cloud IaaS platform is different; the more platforms in an environment, the more expertise is needed to manage them.
Streamlining Hybrid Cloud Data Protection
Hybrid cloud architectures come in many shapes and sizes, but one thing is certain: the data and applications that organizations rely on need data protection regardless of where they exist in the hybrid cloud. In the increasingly data-driven, digital, 24/7/365 world we do business in, backup technologies are not meeting the data protection needs alone anymore. Data protection strategies need to include backup, disaster recovery, and cyber resilience to meet today’s recovery needs.
There are many data protection solutions to choose from and choosing the solutions for any hybrid cloud architecture requires careful consideration. Zerto, a Hewlett Packard Enterprise company, provides data protection solutions for on-premises virtualization, cloud platforms like AWS and Microsoft Azure, and SaaS applications like Microsoft 365, Salesforce, and Google Workplace.
Learn more about using Zerto as your data protection solution. Or, try out Zerto for yourself and see just how easily and quickly workloads can be recovered in our on-demand, hands-on labs. Our on-demand labs are available in a sandbox environment with an optional guide.
David Paquette 
