Best practices for multi-cloud security
CIOs increasingly face the challenge of developing an effective strategy to understand and manage the mix of cloud resources upon which their businesses depend.
As far back as 2018, Forrester was advising CIOs to get comfortable with the reality of multiple cloud partners and advised that a clear multi-cloud strategy delivers business value.
It went on to state that the systems of engagement driving business growth often leverage cloud computing for agility, flexibility and cost-effectiveness. In isolation, each of these systems may need only one cloud provider, but the broad portfolio of tools deployed across the enterprise creates a more complex picture.
CIOs face the challenge of multi-cloud and of developing an effective strategy to understand and manage the mix of cloud resources upon which their businesses depend.
Gartner predicts that by 2021, over 75% of midsize and large organisations will have adopted a multi-cloud and/or hybrid IT strategy. Moreover, a recent Gartner survey of public cloud users found that 81% of respondents were using two or more providers. Most organisations seem to adopt a multi-cloud strategy out of a desire to avoid vendor lock-in or to take advantage of best-of-breed solutions. Multi-cloud is here to stay as more and more companies intentionally take this approach.
The move to a multi-cloud strategy has been largely driven by choices −using more than one cloud service provider allows an organisation to choose the specific services and capabilities that best fits its needs.
A multi-cloud approach offers various benefits but there are also caveats.
A multi-cloud approach offers various benefits but there are also caveats.Benefits include downtime prevention and minimising disruptions due to outages. Multi-cloud also brings freedom of choice − you select the best of what each platform has to offer and you can create a customised, flexible solution that meets your needs.
What are the drawbacks?
Straight off, there is the added complexity. Mastering one cloud platform alone takes time to become well-versed in it but having to manage multiple ones can be most challenging. This very complexity adds to the difficulty of finding developers, security analysts and engineers with an appropriate mix of skill sets to manage the different platforms.
Technology expense management becomes more difficult to track in amulti-vendor scenario due to different pricing structures, cost per service, etc, with each vendor.
Maintaining multiple clouds adds to the security issues. Synchronising security policies across vendors is difficult with each vendor having its own set of controls. Also obtaining visibility into different platforms, each with their own security features, is particularly complex in multi-cloud environments. Monitoring is also multifaceted with each provider offering different options. Ultimately, multiple providers translate into a bigger attack surface, giving cyber criminals more ways to infiltrate.
Despite these drawbacks, globally organisations are increasingly choosing to go the multi-cloud route.
A Check Point report offers a set of best practice guidelines to help businesses navigate these pitfalls:
- Synchronise policies and settings.
- Use different security policies for different services.
- Automate from a DevSecOps perspective. This will reduce the human risk factor and allow companies to remain agile. It will also ensure security is a core driver throughout the entire process.
- Get the right tools that allow the business to coordinate security policies across different providers.
- Establish a security monitoring strategy that consolidates logs, alerts and events, from different platforms, into one location.
- Make sure the company deploys tools that help to maintain compliance standards consistently and efficiently across platforms.
- Simplify the sprawl by using a single view tool that gives administrators a solitary point of control to manage all applications, and data security, across all their cloud deployments.
- Minimise point security solutions. Curtail the number of point security solutions that don’t integrate well together. Each additional point solution requires expert staff as well as new integrations and deployment. This adds to the complexity and increases the likelihood of error.
- Get a single tool that is capable of providing unified and consistent coverage across all deployments. While cloud vendor security services may be beneficial within a particular vendor’s cloud deployment, they are insufficient when it comes to securing a multi-cloud deployment. Companies cannot rely on each cloud provider to only protect its own service and assume it is getting universal security coverage.
The key to a successful multi-cloud security strategy is finding a dedicated multi-cloud security solution that will provide flawless coverage between clouds. The right tool should be able to be customised to the company’s individual needs, without forcing the client into its framework.
Choosing a solution that puts the firm’s needs first allows it to take advantage of all the benefits multi-cloud has to offer, while maintaining a secure and compliant environment.
In conclusion, the general consensus is that companies not either implementing or planning a multi-cloud strategy are most likely already losing the race to competitors. Today, most large enterprises are using anywhere from three to five cloud vendors to assist with IaaS, PaaS, SaaS or their variants.
Forbes reports the cloud computing market is primed for significant expansion over the next few years. While this expansion will lead to ground-breaking business innovations, it will also increase security threats, making the adoption of security best practices a crucial requirement.
MD, DRS, a Cyber1 company
Strydom joined DRS in 2006 as part of the finance team and worked himself up through the company and was appointed managing director in 2017.
He boasts a wealth of experience in finance and business, and oversees the smooth daily running of the company, which has over 85 employees and in excess of 130 clients. Strydom took a Bachelor of Social Sciences degree at Rhodes University, and upon graduation, went to London where he spent the next four years in financial management roles.
Strydom joined DRS in 2006 as part of the finance team and worked himself up through the company and was appointed managing director in 2017. He boasts a wealth of experience in finance and business, and oversees the smooth daily running of the company, which has over 85 employees and in excess of 130 clients. Strydom took a Bachelor of Social Sciences degree at Rhodes University, and upon graduation, went to London where he spent the next four years in financial management roles.