Hybrid Cloud in the Public Sector: Balancing Innovation and Security (Guest blog from Gigamon)

Author: Allan Fenwick, Senior Sales Engineer, Gigamon

By now, we’re all aware of the benefits of cloud environments – bringing not just optimised workflows and scalability, but also the boosted resource efficiency that so many are already taking advantage of. As such, hybrid cloud infrastructure underpins modern businesses across all industries - but public sector organisations in particular are falling behind.

While there are many good reasons to keep some workflows on premises, with security and control being central to government organisations, these organisations are at risk of falling behind the rest of the digital world. On top of this, the push to rapidly embrace AI – echoed even within the UK cabinet - complicates the equation further. The result is a ‘sink or swim’ moment for the public sector, a rapid, skilled transformation must be prioritised to retain productivity and growth, without allowing the new, necessarily complex hybrid environments to widen organisations’ attack surface or drain IT budgets.  

Challenges of digitising an ancient environment

The public sector faces a unique hurdle in terms of cloud adoption because of its strong reliance on existing legacy systems. With some irreplaceable on-premises workflows and unpatch-able OT, adding cloud to the mix can drastically complicate security processes and, in terms of tool spend, become very expensive. Many monitoring tools are designed for on-premises environments, making them insufficient in addressing unseen weaknesses and security gaps in hybrid landscapes. In turn, cloud-centric tools have little visibility into on-premises traffic. The result is an ongoing visibility challenge that bad actors are keen to exploit.

Without the resources available to their private counterparts, public sector organisations are often left with insufficient security budgets when implementing cloud infrastructure. Without proper investment in monitoring and security tools, organisations not only open the door to threat actors but also raise the risk of infrastructure overwhelm, impacting reliability and speed of services.

This is made worse by spiralling cloud costs, driven by the need for highly scalable environments and the energy expenses associated with running data centres. Whilst the cloud can offer cost-savings, inefficient cloud deployments can actually harm productivity and ROI. When moving towards a hybrid model, it is essential to measure twice and cut once.  

Visibility is key

When security and efficiency is baked in from the very start, there is a very clear benefit to serverless computing. Not only does the cloud allow for more efficient use of resources and streamlined processes, but it is also generally more secure than on site networks and legacy systems. However, It is important to understand that the cloud provider itself is not responsible for the security of the infrastructure and operate a shared responsibility model.

Visibility is at the core of safe cloud adoption. Organisations should look to invest in monitoring tools that address both their on-premises environments and cloud networks to ensure they are addressing all the hidden weaknesses in their hybrid landscapes, closing the visibility gap. It is critical that security teams can analyse all traffic flow within their network with intelligent, real-time network-level analysis, allowing them to detect and intercept potential threats. But security is not the only threat of poor visibility – having a thorough understanding of existing traffic patterns empowers organisations to continually assess and improve network efficiency, optimising IT resources.   

The biggest visibility challenges in the cloud are typically brought on by encrypted data-in-motion. As organisations shift more workloads to the cloud, encryption is often employed to maintain data privacy from would-be attackers - but it also provides the perfect cover for attacks. Threat actors are increasingly using encryption to disguise their malware and exfiltrate data. As the host to swathes of sensitive data, public sector organisations are particularly attractive for cybercriminals, meaning that all organisations within public sector supply chains should ensure that their threat monitoring strategies do not neglect encrypted threats.

However, decrypting and inspecting encrypted traffic requires a large amount of CPU, so efforts should be well-directed. Using traditional decrypting and inspection tools, the sheer volume of traffic that flows through the average network on a daily basis would put an immense strain on security teams and resources. Simple methods such as application filtering – separation of traffic into high and low risk buckets and having ‘trusted’ traffic signatures – could help security teams manage computing costs and improve the efficiency of their cloud networks without compromising security.

There is a real opportunity, and appetite, for the public sector to catch up with their digital efforts and boost productivity – but security must always stay front of mind. Public sector organisations that move to the cloud while baking security in from the outset will be better positioned to defend against future cyber threats and will actively contribute to the cyber resilience and productivity of the nation.