• United States



Multi-cloud security the next billion-dollar frontier

Mar 06, 20196 mins
Cloud ComputingCloud Security

Constant change is the new normal. Success in today’s multi-cloud world requires greater adaptability and dynamic methods to protect digital identities and preserve trust.

cloud security ts
Credit: Thinkstock

One thing is certain. Capitalism ensures that change is the new constant.  

In the early 1990s, internet pioneers Prodigy Communications and America Online connected users and changed how we communicate with each other. In 1995, Windows 95 was launched by Microsoft which helped personal computing go mainstream. An activity that previously took days could now be done in seconds.

Since then, the Internet accelerated the rate of change to usher in what is commonly known as the Secondary Information Age which we live in today. According to global internet usage statistics, more than half of the world’s population have Internet access as of June 2018. The disruptive impact of the Internet rippled across every aspect of society from entertainment, retail, travel and hospitality to healthcare, education and politics.

Not only has this trend accelerated the transformation of the world we now live in, it has a marked increase on how much time users spend online each day from minutes to hours. It has resulted in the number of identifiers and accounts that each user has. In a study conducted by Dashlane in 2015, the average user had at least 90 online accounts, and that number doubles every five years. Perhaps not surprisingly, the accelerated rate of change has also bought about a dramatic increase in cybercrime.  In Shape Security’s 2017 credential spill report, it was reported that as much as 90% of login traffic on many websites can be attributed to criminal activity.

The heterogenous enterprise

Beginning in the early 2000s when Active Directory (AD) was first introduced with Windows 2000 Server, mid to large sized enterprises have enjoyed the convenience and standardized approach for authenticating users with “network credentials” from AD. Multi-national organizations could also realize the benefits of a standardized approach to network-based authentication. Nearing the 20th anniversary of AD, it remains a robust and reliable platform for businesses to manage the identities of its users and securely authenticate them to enterprise applications.

In a recent interview with entrepreneur and former CEO of Centrify Tom Kemp, he reflected on his company’s formation in 2004 and explained how a theme of investors during that time: “Active Directory was going to become a major platform and there could be companies and technologies built around AD.” Another theme of that time, Tom adds, “was the rise of open source such as Red Hat with Linux.”

As predicted by Kemp, and a host of other entrepreneurs and investors, the rise in popularity of the Linux operating system gave birth to the modern enterprise. Being open-source, Linux provided a low-cost alternative to Windows Server that often benefitted by receiving more frequent core updates and security patches to fix vulnerabilities.

While free is not always free, by the late 2000s Linux earned a reputation for being a more reliable and secure operating system than Windows Server. Large software firms such as IBM, Oracle and Novell developed their own versions of the Linux operating system which fueled the phenomenon we now observe as heterogenous computing environments.

AD evolved into a major platform with hundreds of tools developed to ease the administrative and support burden. However, the larger business opportunity would lie in having one centralized identity management solution that connected and synchronized policies, identities, and credentials for the heterogenous enterprise.

The multi-cloud gold rush

In 1999, Salesforce became an example of what computing and software would become without the need for business owners to purchase hardware or multi-year software licenses. Organizations would begin moving their customer databases to the cloud and begin taking advantage of new platforms designed for collaboration, marketing automation and customer service – billed on a subscription basis – making it simpler and cost effective to consume on an as-needed basis.

Witnessing this success, new cloud solutions started popping up everywhere offering buildings blocks of modern enterprise IT, from infrastructure and compute as-a-service to storage, identity services — think Okta, Ping Identity and Microsoft’s own Azure Active Directory and productivity apps such Office 365 delivered via the cloud. Start-ups wouldn’t even think of building their own datacenters now, as basic IT services can be provisioned with the speed and economics far outpacing the IT organization’s ability to keep up.

Fighting their own inertia, organizations continue taking advantage of cloud computing, finding that their IT infrastructure is better managed (and often more secure) than on-premise equivalents. The economics of the cloud, from subscription-based metered billing to cloud-scale networking (that is the ability to scale in real time and optimize for the highest possible performance) help organizations to bring products to market faster, offer new delivery models for their services, driving net new revenue and protecting margins.

Through 2021, Gartner reports that cloud revenues are set to reach $300B with infrastructure being the fastest growth segment and the number of cloud service providers expanding by 3X. That is good news from a macro economic and growth perspective, but it will create a new set of risks that organizations must be mindful of and proactive about addressing.  

The ability to scale safely, reducing business risk through continuous compliance and preserving privacy, remain elusive yet necessary objectives for any digital transformation and cloud migration effort.

Toward a better cloud governance model

In “Managing IAM in uncertain times,” I wrote that “While there are merits in each of these frameworks, the devil is in the details. Tactics and execution are more important than ever.” Fixing what’s broke with authentication and improving identity & access management is surely going to be a hot topic at the RSA Conference this year. Business and security leaders must not lose sight of the fact that the operational and governance aspects need ongoing investment and support from the executive leadership team.

In a multi-cloud world, expert managed security service providers (MSSP) offer the tooling, expertise and operational maturity to support large and multi-national businesses. An MSSP can help achieve and maintain regulatory compliance and improved security posture with instrumentation that enables visibility, control, integration, incident response, and various tiers of support that most IT teams are unable to deliver.   

While enterprises may never completely abandon their in-house IT departments, having an overarching top-down strategy for real-time governance that encompasses both on-premise and multi-cloud assets is a critical component of any business strategy.


Steve is obsessed with helping transform business by building trust, reducing operational risk and improving user experiences with modern identity & access management. Founder & President of Forte Advisory, he has been a member of the IAM community for 18+ years with a focus on program management, enterprise architecture, and operational excellence for the world’s largest companies in telecommunications, financial services, high tech and Big 4 consulting.

Steve was formerly CEO of VeriClouds and a Director of Cybersecurity & Privacy at PwC. Prior to PwC, he was the head of IAM at VMware (one of the four largest enterprise software companies) where he designed and managed customer and partner facing systems. Prior to joining VMware, Steve was a consultant at Oracle where he led deployments for strategic accounts in the manufacturing and high tech sectors.

As an advisory board member, Steve has helped founders with the development of strategic relationships, business development, market and capital strategy, product design channel and sales strategies. Startups he has helped include Seattle based VeriClouds, and Palerra, the leading cloud access security broker and pioneer of the API-based CASB solution. (Palerra was acquired by Oracle in October, 2016.)

Steve is available for strategic consulting and private workshops at his clients offices throughout the US and Canada. You can reach Steve by clicking the envelope icon above.

The opinions expressed in this blog are those of Steve Tout and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.