How to tackle the multi-cloud security challenge
A growing number of organisations are adopting a multi-cloud strategy in a bid to avoid over-reliance upon one vendor and reduce the risk of threats like DDoS attacks. This generates cost savings, yields performance optimisation, and improves up-time to ensure that operations run at all times.
Abandoning a ‘one-cloud-fits-all’ approach and using multiple services from different cloud providers delivers a raft of other organisational benefits, as well. Through this approach, businesses have the freedom to select offerings that suit their specific needs while structuring different workloads into separate environments in order to stay in line with their business goals and policies. In other words, they maintain their flexibility and operate in the fashion that they prefer.
With enterprises in fast pursuit of digital transformation, the number of multi-cloud deployments is rising rapidly. Companies are moving their data to the cloud to automate operations, enabling bring your own device (BYOD) systems, as well as integrating technologies like AI, IoT, blockchain, and new cognitive tools in order to increase overall efficiency. According to research by the Cloud Industry Forum, 75 percent of UK organisations currently deploy two or more cloud-based services, with 84 percent planning to increase their use of cloud.
Rethinking the enterprise security strategy
While improvements to cloud management tools have made it easier for multi-cloud IT environments to deploy and operate, some challenges still remain. Security is a fundamental issue that can’t be ignored, and while cloud providers have appropriate protocols and tools to ensure that their offerings are safe, the responsibility for securing data itself (particularly at access) still lies with the enterprise. CISOs usually understand the criticality of data and threat security, which is why they are selective when it comes to cloud vendors and third-party tools for securing data access.
There are three key factors that are necessary for enterprises wanting to harness the benefits of multi-cloud without compromising on security.
Come to grips with the reality of the cloud
When it comes to using the cloud, and even more so with multiple cloud vendors, the traditional models of data management and security don’t apply. No longer confined to a controlled environment on premises, employees have the ability to access enterprise data from any location, on any device, and at any time. This means information will be flowing in and out of cloud applications via infrastructure that the enterprise does not own or control.
Traditional security tools are not built to protect cloud data that is accessed from these personal devices and off-premises networks. What’s more, as companies begin moving data from on-premises solutions to the cloud, they must address new cloud-specific types of threats and vulnerabilities.
As the number of cloud services adopted increases, monitoring these data flows can become increasingly challenging; however, companies must still maintain full visibility and control over their information.
Similarly, enterprises need to re-evaluate how they protect against cyber threats like malware. Implementing tools that can stop known and unknown threats in the cloud, on any device accessing data, and in real time is necessary for complete security.
In other words, unique security solutions are needed in this unique cloud environment.
Gain visibility and control over data
While many cloud services come with native or built-in features that offer some degree of visibility and control within their specific applications, applying policies or making changes across every individual cloud service in use can be painful and problematic.
For example, a healthcare provider may need to comply with a new privacy regulation for health records or other protected health information (PHI). This institution would need to add new policies for identifying sensitive data patterns, as well as controlling who can access this data and when.
Dependency on native security tools alone would result in the IT team confronting the massive task of manually adding or editing policies in each and every application. This scenario is further complicated by the fact that some apps’ native security features may be less granular than others, making it difficult to apply these changes on a uniform basis; some apps simply cannot be secured as well as others.
To address these challenges, organisations need a single solution that delivers visibility and control across all their cloud applications.
Replicate due diligence in the cloud
Making the move to multi-cloud doesn’t necessarily mean that the practices applied in on-premises environments should be discarded. While this may require different technologies and implementation strategies, enterprises will still need to maintain comprehensive data protection, threat protection, visibility, and identity management to prevent unauthorised access to their data.
To ensure comprehensive protection, the security solutions selected must be easy to deploy and integrate with existing on-premises tools. This will assure continuous and consistent security across the enterprise no matter where its data goes. These advanced solutions will also need to be scalable enough to cope with the addition of more cloud applications and cloud-based workloads.
Initiating effective real-time security and governance that is appropriate for the multi-cloud world is vital to ensuring the delivery of persistent protection for data and its users. Recognising this need and reframing security strategies appropriately will ensure organisations can take advantage of a multi-cloud environment with confidence.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.
- » Digital Realty to acquire Interxion for $8.4bn in biggest data centre deal ever
- » Microsoft beats AWS to $10bn JEDI contract: Defining multi-cloud and analysing administrative influence
- » Platform as a service solutions are secure – as long as they’re not misconfigured
- » Looking to the ‘HyPE’ of cloud storage: How HPE is looking to help with hybrid cloud
- » Exploring the commercial advantages of blockchain technologies – and what CIOs need to do about it