Hybrid cloud segmentation is an approach to cloud security that divides a hybrid cloud infrastructure into different segments or zones. By protecting each segment with its own set of security controls and policies, hybrid cloud segmentation enables security teams to better isolate and protect workloads, apps, and sensitive data.
In recent years, microsegmentation has emerged as an essential technology for improving security and for preventing breaches in one part of an IT environment from impacting the rest of the network. Microsegmentation divides a network into a collection of discrete sections that may be as small as an individual application or workload. By enabling IT teams to protect each segment with granular security policies, microsegmentation prevents unauthorized entities from accessing or communicating with workloads and applications.
The need for hybrid cloud segmentation
Cloud computing presents IT teams with a host of new security challenges. When data, applications, and infrastructure reside with public cloud service providers instead of being on-premises, IT teams may lack the visibility and control required to successfully protect these assets from cyberattacks and data breaches. At the same time, the complexity of hybrid cloud and multicloud environments makes many traditional security technologies virtually obsolete. Additionally, when working with multiple cloud providers, security teams may have to deal with widely varying security standards and capabilities. Traditional solutions like signature blocking or application allowlisting may be easily subverted by sophisticated attackers. Solutions focused on blocking attacks at the point of entry are impractical at a time when the network perimeter has all but disappeared.
Hybrid cloud segmentation addresses all of these challenges by shifting the focus of cybersecurity from intrusion prevention to workload and resource protection. Supporting a Zero Trust security model — where every user, device, and application inside or outside the organization is considered suspicious until authenticated and verified — hybrid cloud segmentation protects individual workloads and resources by strictly enforcing access and communication policies, and giving IT teams greater visibility into activity throughout a hybrid cloud architecture.
How hybrid cloud segmentation works
IT teams can segment hybrid cloud environments in several steps:
- Discovering applications and workflow processes: Before segmenting hybrid cloud workloads, resources, and apps, IT teams use automatic tools to uncover all communicating components in the hybrid cloud environment and collect data about normal east-west and north-south traffic flows related to each component. This enables teams to understand the context around communication to each resource and dependencies between applications.
- Segmenting the environment: Teams can use microsegmentation techniques to create logical boundaries between assets in a hybrid cloud infrastructure. Segments may be individual applications and workloads, managed cloud resources, groups of applications, or larger sections of the overall environment.
- Establishing security policies: Teams create granular policies that determine who and what can access each segment. Leading segmentation solutions include options for filtering on multiple application attributes, which facilitates the grouping of assets that can share policies. Policies may be high-level best practice compliance rules for large segments, or highly granular rules for individual microsegments.
- Implementing security controls: Firewalls, access control mechanisms, and microsegmentation solutions regulate the flow between segments and enforce security policies. Automation and orchestration capabilities help manage and enforce segmentation policies across complex hybrid cloud environments.
- Detecting breaches: Integrated breach detection and incident response capabilities alert security teams to any suspicious activity or unauthorized attempts to access segments, enabling earlier identification of cybersecurity threats.
- Monitoring and reviewing segmentation strategy: By continuously monitoring and auditing segmented environments, IT teams can review and update strategies and rules to better align security policies with business requirements and emerging threats.
Obstacles to cloud security
IT and security teams must overcome several unique challenges when seeking to ensure cloud computing security.
- Poor visibility: Cloud platforms, and public cloud services in particular, make it difficult for IT teams to have 100% visibility across their entire digital ecosystem. Visibility for cloud services is typically based on raw logs of the flows between different workloads. Unless teams can visualize the relationships between various workloads and applications inside a cloud network, they cannot create effective security policies.
- Lack of unified policy: When you only have cloud native security tools, creating a consistent security policy across hybrid cloud environments is extremely difficult. Each cloud instance has its own objects, rules, and policies, leading to hybrid environments with fragmented policies.
- Lack of unified governance: Because security is not always a priority with cloud resources, security teams may experience friction with app owners who spin up workloads without considering the implications for security.
The advantages of hybrid cloud segmentation
Effective use of hybrid cloud segmentation enables organizations and their IT teams to:
- Improve security posture: Hybrid cloud segmentation reduces the attack surface, improves data protection, prevents unauthorized access, and blocks lateral movement threats. Incorporating segmentation in a cloud strategy ultimately increases the security posture of the organization.
- Ensure compliance: Segmentation ensures that data handling practices meet the requirements of a broad range of data privacy regulations and industry standards by ensuring that sensitive data is protected and that access is tightly controlled.
- Optimize performance: Segmentation can help IT teams to balance workloads and network traffic, resulting in better performance.
- Accelerate incident response: When a malware infection or security breach successfully penetrates defenses, segmentation enables security teams to contain the attack to a specific zone, enabling faster incident response and recovery.
- Scale rapidly: When cloud resources are segmented into manageable units, scaling to meet new business requirements becomes much easier.
Frequently Asked Questions
Network segmentation is an approach to network security that divides an on-premises network into smaller, isolated segments or subnets to improve security and enhance manageability. Hybrid cloud segmentation is a cloud security solution that segments a hybrid cloud environment, which may comprise both on-premises and cloud environments. Network segmentation relies on VLANs, firewalls, and access control lists (ACLs) to create and manage segments, while hybrid cloud segmentation deploys technology like software-defined networking (SDN), microsegmentation, IAM, and automation/orchestration tools to simplify management of segmented environments across diverse cloud platforms.
Threats to hybrid cloud security include malware and ransomware, data breaches, misconfigurations, insider threats, API vulnerabilities, advanced persistent threats (APTs), denial-of-service attacks, compliance violations, and risks from third-party services.
Why customers choose Akamai
Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence.
