From the course: CompTIA SecurityX (CAS-005) Cert Prep

Securing hybrid infrastructures

From the course: CompTIA SecurityX (CAS-005) Cert Prep

Start my 1-month free trial Buy for my team

Securing hybrid infrastructures

- Before we explore techniques for securing hybrid architectures and hybrid infrastructures, let's go ahead and define this. A hybrid infrastructure is the combination of different infrastructure types as part of an organization's overall infrastructure stack. It can include any combination of on-premises, colo or co-location, bare metal hosting, or cloud hosting. We could have on-premises and public cloud. This would be combining the organization's own data center with public cloud services. We could also call this edge computing or hybrid cloud. We also have colocation and cloud hosting. Using colocation for predictable resource requirements, and then cloud hosting for scalability during demand spikes. So for example, some organizations that do like online retailing may do bursting up to the cloud. Let's say, in the West during the holiday season, they would burst up to the cloud between, let's say, October and late January. And then there's bare metal and cloud. Utilizing bare metal or hypervisor type 1 for baseline resource needs, and then scaling up to the cloud as necessary. Some challenges for securing our hybrid infrastructures would be data movement and transfer vulnerabilities. Ensuring that secure data transfer between on-premises and cloud components is crucial to prevent interception, data leakage, and unauthorized access. There's also the ever present IAM. Managing identities and access across both on-premises and cloud environments demands robust IAM, or Identity Management strategies. This would include technologies like single sign-on or federated access, let's say with SAML 2.0, and introducing different variant factors of MFA. Compliance and regulatory strategy. There's also challenges with compliance and regulations. These hybrid infrastructures often bring complex compliance frameworks, making it essential to navigate various requirements. Cloud providers can be quite helpful with this. So for example, using AWS Audit Manager or their Artifact service. And then of course, data residency and jurisdictional issues. Making sure that data complies with local laws or regional laws and regulations, especially when data is stored in different geographic locations. Visibility and monitoring can be a challenge in hybrid infrastructures. However, there are solutions, for example, in a hybrid Microsoft Azure solution, such as Microsoft Azure Sentinel. Maybe you might want to check that out. That can be critical for identifying potential risks in your hybrid environment. Vendor management. Managing the relationships with multiple vendors and your supply chain and just complexity and skill gap. The complexity of hybrid infrastructures requires special skills and knowledge, which can be a challenge to maintain. We often look towards certifications from cloud providers, like Azure, Google, and AWS architects. Some hybrid solutions would be robust identity management through single sign-on and multifactor authentication. Encryption of data in transit and data at rest. Robust network security often supported by SIEM and SOAR systems. Endpoint security. Going beyond just EDR into next generation, for example, Palo Alto Cortex XDR. Evolving from your traditional syslog systems or SNMP to SIEM systems. Leveraging cloud access security brokers. For example, if you are using multiple SaaS providers to help you with ensuring your compliance or helping you with single sign-on or even data loss prevention. And then a zero-trust architecture. Now, don't forget, we have an entire module or an entire section of the objectives of SecurityX that are solely dedicated to zero-trust architecture. So that'll be coming up later in this training.

Contents