BLOG: Security Challenges in a Multi-Cloud Environment

April 13th, 2020 BLOG: Security Challenges in a Multi-Cloud Environment
Dave Santeramo
Security Architect

 

Today’s businesses are adopting cloud platforms at an ever-increasing rate. A recent IBM Institute for Business Value survey found that 85% of companies are already consuming resources from multi-cloud platforms—from private cloud to public cloud to hybrid cloud environments. Companies turn to cloud computing seeking the benefits of flexibility, scalability, and elasticity that cloud services provide. However, that flexibility, scalability, and elasticity present a significant security challenge when consuming multiple cloud resources.

Information technology teams are continuously challenged to meet the ever-growing and diverse business needs of their organization, pressed to deliver computing resources faster and faster. IT governance and maintaining control and management over a system architecture as flexible and scalable as the cloud is difficult, to say the least. IT teams are finding that the tools they’ve been using for years to run their on-premise IT environments lack cloud integration capability.

Before we dive into the nuts and bolts of what companies need to do in order to make multi-cloud successful, let’s take a step back and define what a multi-cloud environment is. Multi-cloud is defined as using cloud services from two or more providers and being able to switch workloads between the platforms. Using multiple cloud platforms, organizations afford themselves flexibility and avoid vendor lock-in.

Challenges of Multi-Cloud Adoption

There are five specific areas that CIOs identified as the most challenging in adopting a multi-cloud strategy:

1) Management Strategies: Cloud First and Cloud Smart
CIOs today are being challenged to push the limit of what is possible from an organizational as well as a technological standpoint. The concepts of “Cloud First” and “Cloud Smart” have been born out of this push. Cloud First is the concept of promoting the adoption of cloud technologies for new and existing architectures. Cloud Smart takes a different approach, utilizing cloud resources only if it is in the best interest of the organization. From a strategic standpoint, the concepts of Cloud First and Cloud Smart present unique hurdles when thinking of utilizing multiple clouds. Those challenges require CIOs to think outside the box and implement strategies that reinforce the adoption of DevOps.

2) Configuration Compliance
Configuration compliance is a challenge to most IT organizations. Being able to assess and determine risk for network, server, and storage configurations is a requirement in today’s business world. A single misconfigured device can lead to a security breach that can put the entire company at risk. Adoption of a multi-cloud strategy makes the challenges associated with configuration compliance even more difficult. With some companies making hundreds, if not thousands, of changes per day, it is vitally important that deployments are checked on a continuous basis. Further, any configuration defects need to be corrected upon detection and not when an overburdened administrator has the time to get around to the issue. Adopting automation must be at the very core of multi-cloud security. As with anything related to security in the cloud, it is best to leverage automation over using time-consuming and error-prone manual intervention to respond to events.

3) Multi-cloud Orchestration and Automation
Orchestration and automation are two words that have been at the forefront of cloud architects’ thoughts for many years. The challenge with orchestration and automation is how to get there. Most IT teams today are barely able to keep up with the daily needs of their organization. With the increasing challenge of finding trained and skilled resources, being able to adopt a new method of operating can be a monumental hurdle. However, developing and implementing a multi-cloud orchestration and automation strategy is key to success. Any attempt to implement a multi-cloud environment without including orchestration and automation capabilities will lead to increased security risk and, more than likely, compliance failures.

4) DevOps Processes
DevOps is a set of practices and procedures that lend to the merging of development and operations inside of an IT organization. For many years, organizations functioned in silos around the framework of a plan-build-run model. The goal of DevOps is to facilitate a safer, faster rate of product development and delivery. DevOps has changed the very way most IT organizations function. A well-groomed DevOps pipeline is perhaps the most critical part of a successful multi-cloud strategy. Attempting to maintain a plan-build-run model with a multi-cloud approach will undoubtedly lead to failure. On a positive note, most cloud tools being adopted today have DevOps as a core component.

5) Asset and Financial Visibility
For years, IT organizations kept a watchful eye over their assets using tried-and-true methods. When discussing network management strategies, most companies were of the belief that using a network management system (NMS) would be enough. Moving to a multi-cloud architecture changes the way that an environment is monitored. Companies were forced to implement APIs in order to communicate with their cloud-based resources. The use of multiple cloud platforms increased the visibility challenge even more so. With multi-cloud, companies cannot utilize the native tools provided by the cloud vendors, plus there is the added challenge of financial visibility. Multi-cloud adoption has led to organizations having to be keenly aware of the total cost of ownership of their cloud resources, making budgeting and forecasting even more difficult. Not only does an organization need to know what is currently deployed, but they also need to be aware of the cost of data movement between cloud providers. Companies must develop management strategies and adopt solutions that are not dependent on what the cloud vendors provide.

Proven Solutions Aid in Multi-cloud Adoption

Mainline has architected solutions that have successfully allowed our customers to securely adopt and manage multiple cloud architectures. For a large insurance company, Mainline designed and implemented an architecture that allows for workloads to be moved between two different cloud platforms. In the Financial Services sector, Mainline designed a solution that integrates cloud assets with their existing security incident platforms. We have helped companies across industries create a multi-cloud environment that optimizes the benefits they were searching for in the first place: flexibility, scalability, and elasticity.

To learn more please contact your Mainline Account Executive directly, or click here to contact us with any questions.

Related articles and information:

Blog: Avoiding Business Disruption from Ransomware Attacks

Article: Mainline Recognized By CIOReview as “Most Promising ERM Solution Provider

Video (2:06): Getting More Out of Your SIEM Solution

Webinar Replay (42:42): Getting More from Your IBM QRadar SIEM Investment

Mainline