When an enterprise builds a hybrid IaaS cloud connecting its data center to one or more public clouds, security is often a major topic along with the other challenges involved. Security is closely intertwined with the networking choices made for the hybrid cloud.
Traditional networking approaches for building a hybrid cloud try to kludge together the enterprise infrastructure with the public cloud. Consequently this approach requires risky, deep “surgery” including changes to firewalls, subnets and other modifications to the corporate security infrastructure. Connecting a public cloud to the enterprise requires infrastructure changes to limit how deep into the enterprise it can see. For those who have dealt with it, it’s time consuming and risky, requiring a complete InfoSec review of the new structure. More important, even if an enterprise does it once successfully, it has to be repeated for each new project and cloud service provider.