Security assurance provides a wealth of techniques to demonstrate that a target system holds some nonfunctional properties and behaves as expected. These techniques have been recently applied to the cloud ecosystem, while encountering some critical issues that reduced their benefit when hybrid systems, mixing public and private infrastructures, are considered. In this paper, we present a new assurance framework that evaluates the trustworthiness of hybrid systems, from traditional private networks to public clouds. It implements an assurance process that relies on a Virtual Private Network (VPN)-based solution to smoothly integrate with the target systems. The assurance process provides a transparent and non-invasive solution that does not interfere with the working of the target system. The performance of the framework have been experimentally evaluated in a simulated scenario.