Security controls consideration in hybrid cloud
Since hybrid cloud is a combination of a private and a public cloud, we will divide this section into the parts and implement the controls individually in both of the clouds. We are again going to be using HIPAA as an example, as in the previous section, to elucidate our point.
Common controls
As we have already looked at HIPAA controls in the previous section, if we notice carefully, the administrative controls are something that are common to both the clouds. The policies will have to be made for the systems. Hence, we are adding that here. If the organization already has HIPAA compliance policies for the in-house data centers, the process for the public cloud can be appended and that should take care of it.Â
The technical controls are also common, as they might have a different implementation on different clouds. For example, we may use AWS Directory Service instead of Active Directory on the private cloud, but the concept remains the same...
