How to overcome the multi-cloud security challenge
Article by David Shephard, Bitglass Australia
A growing number of organisations are making strategic choices to avoid relying too heavily upon any single cloud service provider. In other words, they are pursuing multi-cloud strategies.
These strategies entail using a variety of cloud services rather than just one, an approach that reduces the likelihood of stoppages and bolsters up-time. For example, if one cloud service goes down temporarily, it doesn’t mean that all activity in the organisation comes to a halt.
Abandoning a ‘one-cloud-fits-all’ approach and using multiple services from different cloud providers delivers a raft of organisational benefits. Multi-cloud gives businesses the freedom to select offerings that suit their specific needs – different departments are allowed to use the tools that best enable them to perform their work. This leads to enhanced organisational flexibility and productivity.
To improve their operations, companies are moving data to the cloud, adopting multiple cloud services, and enabling bring your own device (BYOD). However, this must be done securely in order to be done successfully.
Rethinking enterprise security
While improvements to cloud management tools have made it easier for multi-cloud IT environments to deploy and operate, some challenges remain. CISOs usually understand the criticality of data and threat protection, so they are selective when it comes to cloud vendors and third-party tools for securing data access.
Security is a fundamental issue that can’t be ignored, and while cloud providers have appropriate protocols and tools to ensure that their offerings are safe, the responsibility for securing data, particularly at access, still lies with the enterprise.
Three key factors are essential for enterprises seeking the benefits of multi-cloud without compromising on security.
Come to grips with cloud reality
When using the cloud, especially using multiple cloud vendors, the traditional models of data management and security don’t apply. No longer confined to a controlled environment on-premises, employees are able to access enterprise data from any location, on any device, and at any time. This means that information will be flowing in and out of cloud applications via infrastructure that the enterprise does not own or control.
Traditional security tools are not built to protect cloud data accessed from these personal devices and off-premises networks. As companies begin moving data from on-premises solutions to the cloud, they must address new cloud-specific threats and vulnerabilities.
As the number of adopted cloud services increases, monitoring their data flows can become increasingly challenging, yet companies must maintain full visibility and control over their information.
Similarly, enterprises need to re-evaluate how they protect against cyber threats such as malware. Implementing tools that stop known and unknown threats in the cloud, on any device accessing data, and in real time, is essential for complete security.
Unique security solutions are needed for this complex cloud environment.
Gain visibility and control over data
While many cloud services come with native or built-in features that offer some degree of visibility and control within their specific applications, making changes across every individual cloud service in use can be painful and problematic.
For example, a healthcare provider may need to comply with new privacy regulations for health records or other protected health information (PHI). The institution would need to add new policies for identifying sensitive data patterns and controlling who can access the data – as well as when they can do so.
Relying upon native security tools alone would result in the IT team confronting the massive task of manually adding or editing policies in every application. This scenario is further complicated by the fact that some apps’ native security features may be less granular than others, making it difficult to apply these changes on a uniform basis; some apps simply cannot be secured as well as others.
To address these challenges, organisations need a single solution that delivers consistent visibility and control across all of their cloud applications.
Replicate due diligence in the cloud
Making the move to multi-cloud doesn’t necessarily mean that the practices applied in on-premises environments should be discarded. While this may require different technologies and implementation strategies, enterprises will still need to maintain comprehensive data protection, threat protection, visibility and identity management to prevent unauthorised access to their data.
To ensure comprehensive protection, the security solutions selected must be easy to deploy and integrate with existing on-premises tools. This will ensure continuous and consistent security across the enterprise and wherever data goes. Advanced solutions will also need to be scalable enough to cope with the addition of more cloud applications and cloud-based workloads.
Initiating effective, real-time security and governance that is appropriate for the multi-cloud world is vital for protecting sensitive information and, ultimately, ensuring organisational success. Recognising this need and reframing security strategies in the appropriate fashion will allow organisations to take advantage of a multi-cloud environment with confidence.