* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/)
* [Cloud Computing](https://origin-researchcenter.paloaltonetworks.com/blog/category/cloud-computing-2/)
* The Best of Both Worlds: ...

# The Best of Both Worlds: Building a Secure Hybrid Data Center with AWS

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2016%2F02%2Fthe-best-of-both-worlds-building-a-secure-hybrid-data-center-with-aws%2F)  
[](https://twitter.com/share?text=The+Best+of+Both+Worlds%3A+Building+a+Secure+Hybrid+Data+Center+with+AWS&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2016%2F02%2Fthe-best-of-both-worlds-building-a-secure-hybrid-data-center-with-aws%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2016%2F02%2Fthe-best-of-both-worlds-building-a-secure-hybrid-data-center-with-aws%2F&title=The+Best+of+Both+Worlds%3A+Building+a+Secure+Hybrid+Data+Center+with+AWS&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2016/02/the-best-of-both-worlds-building-a-secure-hybrid-data-center-with-aws/&ts=markdown)  
\[\](mailto:?subject=The Best of Both Worlds: Building a Secure Hybrid Data Center with AWS)  
Link copied  
By [Matt Keil](https://www.paloaltonetworks.com/blog/author/matt/?ts=markdown "Posts by Matt Keil")  
Feb 10, 2016  
3 minutes  
[Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown)  
[Data Center](https://www.paloaltonetworks.com/blog/category/data-center-2/?ts=markdown)  
[Amazon Web Services](https://www.paloaltonetworks.com/blog/tag/amazon-web-services/?ts=markdown)  
[hybrid data center](https://www.paloaltonetworks.com/blog/tag/hybrid-data-center/?ts=markdown)  
[IPSec](https://www.paloaltonetworks.com/blog/tag/ipsec/?ts=markdown)  
[VM-Series](https://www.paloaltonetworks.com/blog/tag/vm-series/?ts=markdown)  
[VPN](https://www.paloaltonetworks.com/blog/tag/vpn/?ts=markdown)

If you're looking for a new car, you may be considering a hybrid -- one that combines electric power for efficiency and mileage with traditional internal combustion to recharge the engine and extend the travel range. For many buyers, it is the best of both worlds, providing greater flexibility to extend your trip as needed. The same concept applies to a hybrid data center -- one that combines your own, dedicated on-premises resources with the scalability and agility of on-demand compute, networking and storage resources such as those from Amazon Web Services (AWS).

As the insatiable appetite for compute and storage resources to support the business continues unabated, customers are using the public cloud as a way to augment their data centers more quickly and more efficiently than in the past. Initially, a hybrid approach was viewed as a step toward migrating all applications and data to the public cloud. In reality, many customers are settling on a hybrid approach as their new data center architecture.

In a recent conversation I had with a customer, two new physical data centers had just come online, and they were already over-subscribed. They were looking to AWS as a way to extend the life of their data center using a hybrid approach. When you think about it, a hybrid approach makes the most sense. First off, it allows you to start small and establish some guidelines around which applications and data should reside in the cloud. There will be legacy applications that cannot or should not be migrated. There will be data that, after careful internal analysis, does not belong in the public cloud. For new applications, you might look at adopting a simple cloud-first mentality that says: for new applications, look to the cloud as the deployment location. A more advanced cloud-first approach entails changing your application development methodology to one that is componentized, makes heavy use of APIs, can be updated rapidly, and can be deployed globally -- in the cloud first.

From a security architecture perspective, a hybrid data center is an extension of your data center and therefore should be treated no differently than your physical data. This means that you should:

* Know exactly which applications are running in the cloud and whitelist them to ensure they are the only ones allowed in the cloud
* Segment the applications to control which can talk to which and limit lateral movement
* Enable applications based on the user credentials and the business need
* Apply threat prevention to block threats from accessing your cloud applications and data while also blocking them from moving laterally

When deployed in AWS, the [Palo Alto Networks VM-Series](https://www.paloaltonetworks.com/documentation/61/virtualization/virtualization/about-the-vm-series-firewall.html) can securely enable your hybrid data center, acting as an IPSec VPN termination point and as a virtualized next-generation firewall, protecting your AWS deployment with application control and advanced threat prevention. More advanced use cases include segmentation for added security and compliance purposes through VPC to VPC and subnet to subnet policies. In effect, you can mimic your physical data center security in AWS.

To learn more about how a hybrid data center with AWS might benefit your organization, check out these resources:

* [SANS Webinar with Dave Shackleford: Know Before You Go: Key AWS Security Considerations](https://www.sans.org/webcasts/go-key-aws-security-considerations-101452)
* [VM-Series with AWS Hybrid Data Center Deployment Guidelines (includes sample deployment script)](https://www.paloaltonetworks.com/resources/whitepapers/aws-hybrid-design-guidelines.html)
* [CSA White Paper: Public vs. Private Cloud Security Considerations](https://www.paloaltonetworks.com/resources/whitepapers/security-considerations-for-private-vs-public-clouds.html)

[](http://go.paloaltonetworks.com/ignite2016)  
[![Ignite 2016 register now](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/02/Ignite-2016-register-now-500x167.png)](http://go.paloaltonetworks.com/ignite2016)

*** ** * ** ***

## Related Blogs

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Healthcare Orgs Move to the Cloud -- Are They Secure?](https://origin-researchcenter.paloaltonetworks.com/blog/2019/05/cloud-healthcare-orgs-move-cloud-secure/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### A Shared Commitment Towards Cloud Security: Expanding Our Partnership with Google Cloud](https://origin-researchcenter.paloaltonetworks.com/blog/2018/12/shared-commitment-towards-cloud-security-expanding-partnership-google-cloud/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### re:Invent 2018 Update - AWS Security Hub Integration and AWS Transit Gateway Support](https://origin-researchcenter.paloaltonetworks.com/blog/2018/11/reinvent-2018-update-aws-security-hub-integration-aws-transit-gateway-support/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Positively Fanatical: AWS re:Invent](https://origin-researchcenter.paloaltonetworks.com/blog/2018/11/positively-fanatical-aws-reinvent/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Microsoft Ignite: Showcasing Our Cloud Offerings and the Depth of Our Microsoft Partnership](https://origin-researchcenter.paloaltonetworks.com/blog/2018/09/microsoft-ignite-showcasing-cloud-offerings-depth-microsoft-partnership/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Visit Us at VMworld 2018 USA](https://origin-researchcenter.paloaltonetworks.com/blog/2018/08/visit-us-vmworld-2018-usa/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language