Our organization is moving to hybrid cloud with procurement staying partially on-premises due to sensitive supplier contracts and pricing data. We need to establish security best practices covering encryption at rest and in transit, centralized audit logging across both environments, and permission synchronization between cloud IAM and on-prem Active Directory. What approaches have others used to maintain consistent security posture across hybrid deployments? Particularly interested in key management strategies and how to ensure audit trails remain intact when data moves between environments.
Emergency access uses a break-glass procedure with strong audit controls. We have privileged access management software that can grant temporary elevated permissions to both environments simultaneously. Every break-glass access requires approval from two managers, generates alerts to security team, and auto-revokes after 4 hours. All actions under elevated permissions are logged with video session recording. The audit trail includes requester, approvers, justification, duration, and all activities performed.
The role template approach makes sense. How do you handle permission changes that need to happen immediately for operational reasons? If someone needs emergency access to procurement data during a supplier issue, do you update both environments manually or is there automation? Also wondering about the audit trail when permissions change - does it clearly show who authorized the change and why?
Permission synchronization is tricky. We use Azure AD Connect to sync identities from on-prem AD to cloud, but Epicor permissions are managed separately in each environment. Our approach: define role templates in a central repository (Git), then deploy those roles to both cloud and on-prem using infrastructure-as-code. This ensures role definitions stay consistent even though the underlying IAM systems differ. Monthly audits compare actual permissions against templates to catch drift.
Centralized audit logging is critical for compliance. We implemented a SIEM solution that ingests logs from both cloud and on-prem Epicor instances. All procurement transactions generate audit events that flow to the central SIEM regardless of where they originate. This gives us unified reporting for SOX compliance and makes forensic investigations much simpler. The key is ensuring timestamp synchronization across environments using NTP so event sequences remain accurate.