A report from global market intelligence firm IDC revealed that “90% of enterprise-scale organizations plan to make use of multiple clouds in the next several years.” As organizations become increasingly comfortable with operating within the multi-cloud architecture — and, more apt to access multiple providers to increase customization potential — there must also be an evolution in the security strategies that protect vulnerable platforms.
Unfortunately, explains the IDC, “…as cloud environments become more complex, traditional tools and processes used to manage relatively static, tightly-coupled IT infrastructure struggle to keep up with scaling, pooling, migrations, and rapid pace of change that are the hallmark of cloud IT operations.” For multi-cloud security to be truly effective, a more sophisticated and informed mindset — one that includes distributing workloads, creating purchasing and contractual leverage, and mitigating risk — is the next natural step in securing mission-critical data.
The Fundamental Issues That Influence Multi-Cloud Platform Security
A critical idea to keep in mind is that the multi-cloud market is still in a state of evolution. Despite being relatively fragmented and diverse, it offers a great deal of promise with respect to utility, flexibility, and features. An initial step in creating a multi-cloud security strategy with the ability to keep pace with your organization’s infrastructure and workloads is understanding these fundamental issues.
>> Multi-cloud migrations. This includes the required migrations of workloads across multiple environments to improve fit-for-purpose and eliminate unnecessary downtime
>> Performance and financial controls. Creating standard management of multi-cloud vendors — including billing, tools, and capacity usage
>> Strategic planning and modeling. Creating a future-forward environment in sensible increments that is both stable and sustainable
>> Policy-managed orchestration. Creating automation at every opportunity for operations and tasks such as infrastructure allocation and application deployment
>> Managed services delivery. Creating a seamless, automated integration of on-demand managed services across hybrid environments
>> Usage across multiple environments. Understanding and optimizing current usage across third-party cloud environments — such as Microsoft Azure
The ultimate goal of identifying these platform fundamentals is to provide transparency across the entire IT ecosystem — a condition that empowers the creation of a cybersecurity strategy to meet the demands of your particular multi-cloud architecture.
The Key Elements of a Multi-Cloud Security Strategy That Truly Matter
As the operations potential of the multi-cloud environment becomes increasingly complex — and, unavoidably complicated — it becomes easy to lose focus on the security aspects that are most meaningful for your particular architecture type. The result of an overzealous approach — beyond wasted human and fiscal resources — might be a noticeable decrease in ROI for IT budgets that are possibly already stretched to their limits.
To decrease the potential for squandered resources and diminished ROI, focus on these key elements:
>> Visibility. Gain visibility of all cloud accounts and instances — as well as their connections — and include control access to all public, private, and virtualized clouds
>> Workload security. Transition from rogue to policy-based operations — include corporate-standard templates, control of user options and choices, and automation of deployments
>> Data security. Understand your cloud provider’s terms, agreements, and policies — plan for all compliance requirements (ie. PCI E-Commerce, HIPAA, MPAA, etc.)
>> Network security. Ensure secure cloud connections via HTTPS/TLS, direct connections, and VPN IPSEC — but never SSL as this connection mode has been deprecated
>> Business continuity/disaster recovery. Implementations include comprehensive SLA architecture and the separation of the management plane from the cloud and cloud applications
>> Audit. Feed audit trails from individual clouds to SIEM, from CMP to SIEM, and from instances/servers to SIEM — and, ensure compliance using audit logs to satisfy regulators
>> Evolving cloud services. Include Function-as-a-Service (FaaS), serverless, and microservices such as API Gateway, Lambda Functions, IAM, and IdP for Authentication
Keep in mind that data privacy legislation differs around the world. To maintain control of your data, evaluate your encryption options where you manage the keys (ie. Amazon Aurora) to keep vendors from sharing your data.
Some Final Thoughts on Ecosystem Security to Help Chart Your Course
As you begin the process of creating a comprehensive multi-cloud security strategy — or, if you’ve decided to revamp your current strategy to fill in the gaps and strengthen particular areas — it might help to outline the critical layers of the ecosystem. This ecosystem map can guide you as you evaluate the various products and services available.
>> Perimeter/network/host. Perimeter refers to firewalls and intrusion detection systems that provide strict access to your networks from outside sources — while network and host security describes preventative measures — both physical and software — to protect your network infrastructure and host
>> Application/endpoint. If the security policy of an application — or the underlying applications that the app uses — contains gaps or vulnerabilities. Application security solutions will identify them
>> Data security. Just as the name implies, data security secures your databases from a variety of internal and external threats — including unauthorized users, bot attacks, data corruption, and human error
>> GRC/audit. GRC — or governance, risk management, and compliance — software covers the integration and management of IT operations subject to regulation, typically reserved for publicly-held companies
>> Security orchestration. Security orchestration describes the process of connecting and integrating disparate security tools and systems — including methods of streamlining and automating security processes
While no one product or service can provide a one-stop solution for challenges at every layer of the security ecosystem, understanding the layout and how each layer interacts with another creates opportunities to combine the right tools for a sound multi-cloud security strategy.