The rise of hybrid IT and the implications for CISOs

Paul Donovan highlights how Hybrid IT is affecting the user, the CISO and the organisation and what should be done to reduce the security risk that this new game changer poses.

Paul Donovan, EMEA sales director, Pulse Secure
Paul Donovan, EMEA sales director, Pulse Secure

Hybrid IT has been touted as the new game changer for enterprises with Gartner saying it's here to stay. It allows workloads to move between internal and external IT infrastructures meaning workers can be more nimble and flexible but there are also security risks from a distributed workforce and a growing population of mobile devices and apps. How an organisation rises to meet the demands and challenges of Hybrid IT is crucial.

Hybrid IT is here to stay

According to Chris Howard, vice president and chief of research at Gartner, Hybrid IT is here to stay. He says, “While the cloud market matures, IT organisations must adopt a hybrid IT strategy that not only builds internal clouds to house critical IT services and compete with public CSPs (Cloud Solution Providers), but also utilises the external cloud to house non-critical IT services and data, augment internal capacity, and increase IT agility. Hybrid IT creates symmetry between internal and external IT services that will force an IT and business paradigm shift for years to come.”

Mobile devices are increasing five times faster than our population

There's no doubt that we are living in a new business environment where mobile devices connect to cloud computing and legacy IT infrastructure. Currently about half the world's population subscribes to a mobile service of some kind, and GSMA intelligence, which tracks data on mobile devices, claims that the prevalence of mobile devices is growing about five times faster than our population.

BYOD is the expectation now

With this proliferation of mobile, people are now used to the quick access to information that comes with mobile devices and their various applications - all in the cloud. And they expect the same utility from their employers letting them access their corporate email and applications with their personal mobile devices via Bring Your Own Device (BYOD) practices. Employees can find customer data, create a document and access financial information with the same agility they have in their personal lives.

Productivity versus risk

With these technological advances, workers can enjoy great productivity and the enterprise can flourish as a result but there are security risks from a remote workforce, accessing data from anywhere at any time and from multiple end points. Utilising BYOD means that sensitive corporate information will reside into the cloud through SaaS vendors such as Dropbox, Office 365, Salesforce and Concur. A safe gateway or tunnel to and through the cloud with access control such as authentication on a variety of endpoints is necessary for Hybrid IT to be secure and successful.

Secure the tunnel

Securing the pathways between devices and data, involves securing the tunnel between them. For this to be effective, the IT team needs to focus on both allowing secure access as well as making sure the tunnel is protected and controlled.

This can be achieved by implementing authorisation access control services for employees and users – from any device, anywhere, at any time. This means using existing Secure Sockets Layer virtual private network (SSL VPN) gateways to access the data centre while also relying on a Cloud Access Security Broker (CASB) to ensure a secure pathway between users and the cloud provider. Enforcing device compliance is key in both cases to protect the integrity of enterprise data. Such tools ensure the tunnel of Hybrid IT use is not only accessible, but secure.

Corporate versus private data

Once the tunnel is secure, the IT team moves to the question of personal and corporate applications on one device. As mobile device ownership and usage grows and matures, knowledge workers increasingly fill their personal mobile devices with the rich offerings of SaaS applications. For workers to be able to utilise BYOD securely for work and their personal lives, a device container is required.  This container eliminates the enterprise need to manage the entire device and protects worker privacy.

Easy does it

As BYOD practices and Hybrid IT solutions continue to increase, enterprises must adapt their compliance, authorisation and access security solutions to provide multi-layered protection but in order for any of these to be successful, they must be done without making applications and information cumbersome to the user.

To make Hybrid IT safe and secure CISOs need to meet all the challenges that it poses. They must authenticate user and device identity and through cutting-edge identity management tools and solutions, provide a safe tunnel by which applications in the cloud and on their very own premises may be accessed and utilised securely. As Hybrid IT succeeds securely, so too does employee productivity and the entire organisation.

Contributed by Paul Donovan, EMEA sales director, Pulse Secure