Simplifying security amid the magnitude of the multi-cloud environment

Multi-cloud environments are not just a reality, but a business necessity in today’s digital world. According to the Flexera 2022 State of the Cloud Report, 89% of organizations surveyed had already embraced a multi-cloud strategy by 2021, out of which 80% were looking at a hybrid cloud model.

With this growth in multi-cloud adoption only expected to continue, let’s explore the factors behind this trend and how we can prepare for it.

Deconstructing multi-cloud

By definition, a multi-cloud environment is a combination of at least two of these deployment models: private, public, or community cloud platforms. Organizations normally define their cloud strategy based on their needs and degree of sensitivity and non-sensitivity of their applications and data — they will have to make the right judgment on which cloud deployment models amongst the mentioned above will better suit their business needs.

Why organizations choose multi-cloud

Organizations are becoming acutely aware of the distinct needs and sensitivities of their different teams and functions, and the information they host on the cloud. This is prompting businesses to use more than one cloud platform. According to Flexera, organizations use an average of 2.6 public clouds and 2.7 private clouds.

Clearly, the shift to multi-cloud is becoming a key pillar of any digital strategy, so let’s explore some of the many benefits that multi-cloud has to offer:

1. Reduced total cost of ownership:

Since your organization only pays for what it uses from the cloud service provider (CSP) on a subscription basis, multi-cloud is a cost-effective solution.

2. Faster scalability:

During peak times, the capacity of resources needed can be provided easily by the CSP.

3. No vendor lock-in:

Open standards and interoperability between clouds allows your organization to focus on its core business as the external IT providers run and provide the IT needs.

But what would innovation be without challenges? This environment, like most new advancements, brings its share of complexities.

Embracing challenges in the multi-cloud universe

One of the key challenges faced by organizations adopting a multi-cloud environment is the shared responsibility conundrum — or who is responsible for what — between the cloud service provider and the cloud customer. Ensuring that this model is understood by the customer is of paramount importance for the adoption of a multi-cloud environment and will avoid any misunderstanding when in operation mode.

In the architecture depicted in figure 1, we can see that the security of the cloud is the responsibility of the cloud provider, whereas security in the cloud is the responsibility of the customer. Depending on the types of cloud service models — IaaS, PaaS, or SaaS — customers may have to introduce another level of protection for their applications and systems. They may also need to find different ways to protect each of their diverse cloud environments, as this is not uniform across CSPs. It is this very diversity that causes its complexity.

Building cloud maturity

Another leading challenge is a lack of cloud maturity. When adopting a multi-cloud environment, organizations should have a well-defined strategy with buy-in from all stakeholders like the CEO, CISO, CIO, CFO, CMO and key employees. Identifying individual team and departmental needs in an organization is the first step, followed by aligning this strategy with the organization’s security strategy.

However, leaders should note that assessing cloud risks comprehensively is not as easy as it sounds. Adopting multi-cloud environments is not well understood, primarily because of the lack of cloud maturity among most organizations as they move from on premises/legacy environments to the cloud. They may also lack the in-house skills and expertise to shift to a multi-cloud environment, further complicated by multiple cloud vendors with their own operating models, costs associated with first-time migration, and compliance with data protection, security and regulations.

In order to overcome these complexities, your organization needs to be guided by an established technology partner with the technical know-how and expertise to fulfill your needs.

Building bridges in the clouds

There are a few important ways you can prevent security beaches and misconfigurations in a multi-cloud environment. They are:


Cloud security risk assessment

Before migrating to the cloud, you need to conduct a cloud security risk assessment to help you choose the right cloud provider to meet your business needs. This assessment will also pinpoint the right additional security controls that can be adopted to strengthen your environments, even if you have been using the cloud to continuously improve your security posture.

One of the leading security controls and best practices that can prevent misconfigurations and security breaches is the adoption of a cloud security architecture. Besides enabling your organization to have a secure, well-designed and configured cloud platform, a cloud security architecture also allows it to utilize its tools and best practices. Another key benefit is that it is a bottom-up approach for building secure cloud platforms where the shared responsibility is well defined by both parties— the cloud provider and the customer.


IAM solutions

Synchronizing cloud security policies across your multi-cloud environment starts with a good identity and access management (IAM) solution. One example of IAM’s efficiency can be demonstrated when an employee leaves the organization or moves to another department within the organization. Instead of a cumbersome process to revoke employee rights and accesses, it can be seamlessly revoked across the multi-cloud environment, ensuring efficiency and security.


Cloud native security

Cloud service providers include native security controls with the service subscription, which can be activated by the customer in a security by design by default approach. They are provided by AWS, Azure and GCP, but are not immune to all cloud attacks — and misconfigurations can always happen. They should be complemented with other solutions to ensure full data protection.


Cloud access security broker (CASB)

When moving to the cloud, your organization may lack complete visibility of its data. Employees need to share data with multiple people, which could lead to accidental disclosure of data. CASB could be a solution to this challenge; It provides control and visibility to detect and block unusual behavior, monitor cloud application usage and gain visibility into the devices and cloud apps being used in your organization.


Secure Access Service Edge (SASE)

SASE is another cloud-based service that is delivered in combination with security and network functions for supporting multi-cloud environments. Regardless of where users are located, SASE is an extension of the security and networking capabilities needed in today’s hybrid organizations. You can leverage what the cloud offers best by securing and managing all your endpoints with the same networking and security policies to provide better visibility.

Simplifying security controls

You have now added the right prevention and protection measures to secure your multiple cloud platforms. Next comes one of the most important points: maintaining and improving your security posture. This is key to continuously monitoring your cloud practices, ensuring that there are no gaps in your policy enforcement, and helping keep pace with evolving cyberthreats. You need to remain compliant with both your internal policies and external data protection regulations.

According to Gartner on its report: Gartner top security and risk 2022 vendors consolidation is beneficial in reducing complexities and the convergence of extended detection and response (XDR), security service edge (SSE) and cloud native application protection platforms (CNAPP) are accelerating the benefits of converged solutions and predicts by 2024 that organizations will adopt cloud-delivered secure web gateway (SWG), cloud access security broker (CASB), zero trust network access (ZTNA) and branch office firewall as a service (FWaaS) capabilities from the same vendor.

The key to the multi-cloud: Know where to invest

Now that you have a huge panel of security solutions in your toolkit, are you sure you are making the best use of them? Having too many security solutions can be as bad as having too few; it can quickly become overwhelming.

As cyber threats evolve in sophistication and platforms multiply, security solutions follow a similar pace. You will need to look for solutions that can be used to consolidate your security functionalities to avoid tool sprawl and its drawbacks. You might even have to go back to the drawing board and rethink your security paradigm.

When it comes to multi-cloud security, stay tuned to emerging trends that will support you on this journey. Know your business options, take carefully informed decisions and invest in the most relevant technologies for a secure, future-fit, hybrid, multi-cloud environment for your business.

Share this article

About the author

Boubacar Camara

Global Cybersecurity Business Development Manager

Boubacar Camara has been with Atos since 2015 and brings over 14 years of experiences in IT & Security. Previously, Boubacar was Chief Security Officer for Atos MEA & Turkey, leading strategic response to cybersecurity in the areas of governance, risk , compliance ,incident & event management, crisis management, business continuity & vulnerability management, ISO 27001 standard ,audit and data protection. Member of Atos Cloud Security Expert Community, Boubacar is a graduate of City University of London and University of Greenwich, he holds also an executive certificate in cybersecurity: Managing Risk in the Information Age from Harvard University.

Follow or contact Boubacar