Who Owns Security in Multi-Cloud Operations?
The best-kept secret is the one that is never shared. In today’s technology environment, that is even more true. Where organizations used to build and maintain their own technology stacks, now they are often interacting with multiple cloud providers or even combining the cloud with on-premises systems for a distributed environment. According to a recent survey, 98% of organizations are using at least two cloud infrastructure providers and nearly a third are using four or more. Many IT leaders choose these distributed IT environments to help improve operational efficiency, while others find themselves in a multi-cloud environment nearly overnight through mergers or acquisitions.
In a multi-cloud or distributed environment, data may be created by the organization, stored in one cloud and processed by applications in another. And that’s not even accounting for additional systems required for availability or to adhere to local privacy laws. According to the above survey, 41% of respondents cited data sovereignty—ensuring compliance with the laws of the country or region where the data was collected—as a leading driver of multi-cloud strategies.
Data Security and Privacy
In short, data is passing through more and more digital hands in the normal course of business, and at the same time, people are increasingly concerned about data security and privacy. The more people, organizations and systems that get involved, the more tempting it is for each of them to defer the responsibility for securing that data, resulting ultimately in no one taking responsibility. That needs to change.
But the cybersecurity teams that do step up to this responsibility will continue to face other challenges, such as a massive skills shortage. (ISC)2 reported a 26.2% increase in the gap between the number of skilled cybersecurity workers available compared to the number of workers necessary to secure assets effectively. Therefore, monitoring and securing cloud environments needs to be as simple as possible. In other words, IT teams need a single-pane-of-glass approach to security where all the information they require about suspicious activity, vulnerabilities and other security events is available from one dashboard.
Build Services With Multi-Cloud Security in Mind
As multi-cloud environments grow and change rapidly, maintaining the right visibility and making sure there are no blind spots can turn into a full-time job by itself. Configuring this view with external add-ons can take valuable time and resources away from the main objective of addressing security events as they happen. Instead, cloud infrastructure providers need to build their services with multi-cloud security in mind from the beginning, enabling customers to monitor what is happening throughout their distributed system.
Furthermore, cloud infrastructure providers need to acknowledge that they are not alone in their customers’ IT environments. They need to be open to the idea of working with other software and services that are important to their customers’ IT strategies so that everything connects seamlessly while maintaining the right level of access for users and applications. For example, an application may use functionality from one cloud provider while accessing data stored on another provider. Ensuring that exchange can happen seamlessly (by giving the user or application enough permission while not creating additional security gaps with extraneous permissions) is an important balancing act. Cloud providers that don’t collaborate could create security, access and visibility gaps as data transfers from one platform to another, resulting in increased risk for their end customers. Building strong relationships, integrations, and standards across the industry can help improve everyone’s security posture.
Working Together
Cloud service providers can come together in working groups to share information about current threats and build open solutions that make managing security in multi-cloud environments easier for the whole industry. ONUG is one such organization that has brought together some of the largest enterprise cloud providers and users to create solutions like the cloud security notification framework that makes it easier to see, report and respond to threats in the cloud.
Also, by working together on integrations between their platforms, cloud providers can give customers more options to operate their cloud-based infrastructure in a way that is best for them without compromising security. For example, an organization may find it easier to store and manage data in one cloud while running applications in a different one. Tight collaboration between cloud providers is an important part of making that deployment successful by transferring data with fast and private connections that allow security teams full visibility throughout the entire process.
There is an opportunity for cloud providers to do more and take the initiative to help make the world’s data more secure through integration and collaboration. Making security an integral part of the cloud is an important part of making multi-cloud deployments effective. Organizations put their trust in the cloud, and cloud service providers need to continue to collectively raise the security bar.
