Multi-cloud requires a new security strategy

As companies spread their wings and journey into the cloud, their workloads inevitably spread into multiple cloud services. While multi-cloud is now seen as a desirable strategy for business, this hasn’t always been the case. Early approaches to cloud adoption often involved moving workloads into a single public cloud service. Enterprises typically limited themselves in this way in order to reduce the complexity of managing their data. For companies that tried multi-cloud, their stories were often presented as ones of regret and were used to make a case for staying in a single cloud ecosystem.

Today, more and more companies are making use of multiple cloud services. While improvements to cloud management tools in recent years have made this kind of multi-cloud environment feasible, some challenges still remain. Fortunately, three tactics for embracing a multi-cloud environment can be found below.

Understand data and its movement

When it comes to cloud – particularly multi-cloud – most of the traditional models of data management and security no longer hold true. Today, data isn’t confined to a controlled environment on premises. Instead, the expectation is that employees will be able to access corporate data from anywhere, on any device, at any time. This means that organisations’ information is flowing to various cloud applications and personal devices via infrastructure that they do not own or control. As more cloud services are adopted, monitoring these data flows can become exponentially more challenging.

Businesses looking to go multi-cloud must develop a thorough understanding of their data. They must know what it is, where it goes, and who can access it. They also need to rethink the way that they protect against threats and their new malicious tactics. For example, malware embedded in a file that is uploaded to a cloud application can quickly spread to connected devices and cloud services. As such, businesses need tools that are able to detect threats when they are uploaded to applications and when they are already at rest in the cloud.

Establish comprehensive visibility and control

Gaining and maintaining cross-app visibility and control over data is a critical piece of the multi-cloud puzzle. Many cloud services come with native, or built-in, visibility and security features that may work acceptably well for their respective cloud services. However, relying upon disjointed point solutions presents a headache for businesses when they try to apply policies or make changes across their entire multi-cloud environment.

For example, consider a healthcare organisation that needs to comply with a new regulation. This might be accomplished by adding new policies for identifying sensitive data patterns – such as health records or other protected health information (PHI) – and governing who can access said data. If the organisation were to rely solely upon native security tools, its IT team would have to go into each application and manually add or edit policies one at a time. Complicating this further is the fact that different cloud services offer different levels of data protection. As some apps’ native security features are less granular than others, changes are very unlikely to be implemented on a uniform basis.

Individual cloud applications do not – and cannot – live in a vacuum in a multi-cloud world.
Instead, businesses need a single solution that provides visibility and control across all of their cloud applications.

Pair past practices with new cloud technologies

Finally, all of the best practices learned in on-premises environments should be applied to the cloud. While this may require different technologies and implementation strategies, the underlying goals will remain the same. For example, enterprises should maintain comprehensive data protection, threat protection, and identity management in order to prevent unauthorised access to data when it moves off premises.

In addition to choosing security tools that protect corporate information in the cloud, enterprises must ensure that they select those that can scale as they deploy more cloud applications and provision more cloud-based workloads. Organisations should also select solutions that are easy to deploy and can integrate with existing on-premises tools in order to provide consistent security wherever data goes.

Ultimately, leveraging a multi-cloud environment will become the standard strategy for businesses around the world. Recognising this today will help organisations to prepare for the future that is materialising before their eyes.

Copyright © 2018 IDG Communications, Inc.

The 10 most powerful cybersecurity companies