For the majority of companies today, their journey to cloud has become a vital component of digital business transformation. However, being dependent on just one cloud provider for all of your IT requirements no longer makes good business sense. These days, the perceived wisdom is very much around adopting a multi-cloud strategy.
More and more companies are discovering that using multiple public clouds can materialise genuine business advantage. Flexibility, price competition between providers, the option to use best-in-class clouds for each application, improved network connectivity and latency – these are all examples of advantages you can gain from a multi-cloud approach.
The Move To Multi-Cloud Can Open Gaps In Your Security Posture
The benefits are compelling, but at the same time, adopting a multi-cloud strategy can also expose your organisation to a wider range of cyber risks. Therefore, if security is not at the core of your multi-cloud plans, you are likely to leave gaps that threat actors are actively looking to exploit.
So where can the gaps appear?
Application protection and hardening. Application Programming Interfaces (APIs) have become a popular target for cybercriminals. Cybercriminals are aware of the fact that API and patch management across applications and across different clouds adds a layer of complexity for multi-cloud businesses. Similarly, cloud-based databases are also a common weak link. When it comes to multi-cloud deployments, businesses often have trouble keeping track of databases across cloud instances, which can increase the risk of exploitable security gaps.
Authentication and authorisation. Multiple clouds require multiple logins and user accounts, but it’s actually more complex than that. It can become challenging when you have to ensure that the correct users and administrators have the correct level of access and authorisation across multiple cloud instances. Not keeping track of these levels of authorisation will leave gaps in your security posture.
Multi-cloud monitoring. While each cloud provider may provide their own monitoring tools, they will not give you visibility of their competitor’s cloud. This lack of visibility can become a huge problem from a security perspective. Therefore, it’s important to have a central monitoring capability across your multi-cloud estate.
Shared security and compliance responsibility. Your responsibility for compliance doesn’t disappear when you move data and applications to the cloud. Every cloud provider offers completely different “out of the box” settings that affect whether your own security compliance requirements are met. If you don’t use automation to help with compliance, the chance of compliance gaps appearing increases.
These are just a few examples of the common challenges faced by companies that rely on more than one cloud provider.
Nevertheless, the reality is that many companies are still using disparate monitoring and security tools that their single cloud provider includes or offers. This is a recipe for disaster because it does little to address most of the security gaps we have mentioned – leaving your organisation vulnerable and open to cyber-attacks and potential breaches.
The good news is that IT vendors are becoming more aware of the daunting security challenges faced by companies that are embarking on their multi-cloud journeys. IBM, for instance, introduced its Cloud Pak for Security platform which can help organisations fill their security gaps by building an integrated security ecosystem that provides better insights into threats across multi-cloud deployments.
Since it is based on open source technology and standards, the solution can be deployed and run on any environment (without the need to move your data), giving you better visibility and control across the different clouds, automate actions to security incidents as well as respond much faster to threats.
The fact is that the increased threat of cyber attack is real. Research from multiple sources indicates the number of breaches experienced in multi-cloud compared to hybrid cloud is nearly double. This is an indicator of the new and different complexities that multi-cloud brings. Therefore, you simply cannot build out your multi-cloud aspirations successfully without having integrated tools that can ensure a secure and compliant environment.