Multi-cloud risk factors
Organisations relying on different cloud services need top-notch security measures. By Lior Cohen
Cloud adoption is increasing at a rapid pace as organisations look for new ways to process, store and distribute information. Decentralised cloud adoption means different departments can source new computing resources or adopt new applications without burdening the IT department with requests. The use of various cloud providers in one organisation is not uncommon.
Such flexibility also comes with risk, however. Highly distributed resources can be difficult to manage, and the risk of Shadow IT — online resources that store corporate data, but that IT is unaware of — can actually violate data privacy laws.
In addition, individual cloud infrastructures and one-off applications expand an organisation’s attack surface. When an organisation uses multiple applications, the potential for a serious breach is stronger than if a single application was deployed across the entire network.
To bridge the gap of inconsistent cloud platforms, a three-pillar approach can be used:
1. A unified set of security capabilities that can be applied consistently across all cloud platforms, resulting in a single, holistic security framework.
2. Native integration of each security solution into each cloud platform for maximum flexibility and the assurance of consistent behaviour across each environment.
3. A single layer of consistent management and automation that spans the distributed network, ensuring that policy can be orchestrated across the entire decentralised and heterogeneous cloud environment.
INCONSISTENT PLATFORMS
The constantly evolving threat landscape has resulted in the need for purpose-built tools to address a full range of risks across all network environments, including the cloud. In order to utilise these environments as effectively as possible, IT teams must be confident there is the same level of security across all cloud platforms, otherwise the entire environment is exposed to the weakest link in the system.
Achieving this level of effective cloud security, however, requires organisations to first establish and achieve a standard of visibility and control that enables operational efficiency while streamlining management.
Here are seven common cloud security strategies to illustrate how organisations overcome these challenges:
Inside-out IaaS security: The benefit of Infrastructure-as-a-Service is that a full suite of resources, including hardware, network devices and connectivity tools, can all be accessed and managed from the cloud. While the components are provided and maintained by cloud service providers, it’s up to organisations to protect their own cloud assets.
Many customers overcome this challenge with a consistent security policy that applies to IaaS deployments from the inside-out — managed at the workload, network and the API (application program interface) levels.
Cloud services hub: A lack of centralised security management can limit ability to respond comprehensively to a security breach when an organisation uses multiple cloud services. By utilising a shared services hub, however, IT teams can tap the benefits of the cloud, such as elasticity, availability and scalability, while enabling consistent security across all platforms.
Remote access VPN: Many organisations want to enable access to information from anywhere in the world as securely as possible. Unfortunately, traditional remote access virtual private networks are not always able to meet these demands. But solutions can be pre-configured with templates designed to enable secure remote access in the cloud. This includes things like dynamically adjusting the level of encryption based on context — location of the end-user or IoT device, the data being accessed, and so on.
Hybrid cloud: Using public clouds enables new ways of developing and delivering IT solutions across an organisation. But poor network visibility and complex security management are common complaints.
Securing hybrid cloud environments requires organisations to deploy consistent security policies across all infrastructures to ensure data is protected as it is transferred to and from the cloud, or as it is processed and stored in either environment.
Advanced application protection: Introducing new applications to the cloud not only presents additional security risks, but also forces organisations to continually ensure they are meeting compliance requirements. Using previously tested security applications and applying them to the cloud enables organisations to make this move with confidence.
Security management from the cloud: Organisations that employ legacy management tools will inevitably experience incompatibilities, especially when looking to deploy and manage them from the cloud. Using the global availability of global cloud providers to deploy security management across multiple cloud regions will ensure scalability and improve operational efficiency, ultimately reducing cost and risk.
Public cloud usage monitoring and control: Misconfiguration continues to be a major cause of disruptions and unexpected costs for users of public cloud services. Overcoming this challenge calls for complete visibility over configuration changes — especially across multiple public cloud infrastructures — through a unified platform that simplifies compliance violation reporting.
Cloud adoption is continuing to rise in popularity because of the benefits it provides in terms of elasticity, scalability and availability. Despite these benefits, organisations must be aware of the risks that can arise as a result of deploying disparate cloud environments.
By understanding the challenges associated with the cloud, organisations can properly manage and make the most out of these infrastructures.
‘‘ Introducing new applications to the cloud not only presents additional security risks, but also forces organisations to continually ensure they are meeting compliance requirements.