As organisations continue to embrace hybrid cloud solutions to meet their business needs, they’re also recognising the complex challenges involved in maintaining hybrid cloud security.

The challenges when addressing hybrid cloud security tend to be exacerbated by an increasingly mobile workforce, a sometimes confusing shared responsibility security model and the rise of ephemeral workloads, which may only exist for hours or even minutes but are still a target for malicious actors.

In such a rapidly moving landscape, it’s difficult to make sure you cover all of the bases, but these are our top picks for 2020 to ensure your business remains secure:

Cloud Workload Protection Platforms

Driven by the rise of hybrid cloud environments and constantly changing workloads, Cloud Workload Protection Platforms (CWPPs) are workload-centric security platforms that can provide protection to physical machines, virtual machines, containers and serverless workloads in any environment. The threats to these resources extend from data breaches, account hijacking and Distributed Denial of Service attacks (DDoS) through to poor identity and access management (IAM).

Don’t assume that responsibility for securing your workloads lies solely with your cloud service provider, particularly if you’re taking advantage of Infrastructure as a Service. Under a hybrid model, you may need to extend your on-premise security policies, tools and controls into the cloud in order to secure these workloads.

CWPPs tend to focus on protecting individual workloads via micro-segmentation, application control, host intrusion prevention system (HIPS) and anti-malware. A number of these are integrated with, or are able to integrate with, Cloud Security Posture Management (CSPM) and Continuous Integration/Continuous Delivery (CI/CD) platforms to ensure security is continuously evaluated during the entire life cycle of the asset.

Cloud Security Posture Management

The vast majority of successful attacks against cloud services are the result of customer misconfiguration, mismanagement and mistakes, according to Gartner’s ‘2019 Innovation Insights for Cloud Security Posture Management’ report. CSPM is an emerging cyber security solution category that helps organisations discover, assess and solve cloud misconfigurations that are putting their security at risk.

CSPMs are used to continuously assess cloud environments to measure them against compliance frameworks and detect risky configurations such as publicly exposed bucket or blob stores.

Cloud Access Security Broker

Cloud Access Security Brokers (CASBs) sit between end users and cloud services to allow the constant, real-time evaluation of their activity with a view to detecting and preventing unauthorised, noncompliant or potentially malicious activity.

CASBs can also ensure that enterprise security policies are enforced and regulatory obligations are abided by as cloud-based resources are accessed.

Secure Access Service Edge

SASE (pronounced ‘sassy’) is an emerging offering that aims to combine a number of network security functions, enabling organisations to provide secure access that adapts to the changing needs of their workforce.

Typically, this is a combination of secure web gateways, CASBs, zero trust network access and next generation firewalling. The combination of these allows for the evaluation of end user behaviour, endpoint posture and authorisation to securely access a line of business applications regardless of location.