• United States



Strategies for improving your hybrid and multicloud management

May 30, 20235 mins

Nearly 73% of businesses find it challenging to adequately manage multicloud environments, but these top tips for managing multicloud and hybrid cloud security can help.

istock 1487429657
Credit: iStock/jullasart somdok

By Microsoft Security

Hybrid and multicloud adoption are par for the course for enterprise businesses, with 86% of organizations planning to increase their investment in the technology. And while cloud technology does bring inherent advantages—namely flexibility, cost-effectiveness, improved disaster recovery, increased security, better compliance, and better performance—it can also lead to increased cybersecurity risks if not managed properly.

Nearly three-quarters (73%) of businesses find it challenging to adequately manage multicloud environments. This is why a strong governance and management strategy is needed to ensure seamless data and workload movement across all cloud environments. It also contributes to more consistent security and compliance controls.

Microsoft recently partnered with BlueVoyant to host a webinar on best practices for managing multicloud and hybrid cloud security. Read on to learn more about our top tips or watch the full webinar recording for additional insight.

Cloud security challenges

When we talk about multicloud adoption, we’re referring to the use of multiple cloud providers for different workloads or applications within an organization. Hybrid cloud, on the other hand, integrates on-premises infrastructure with one or more public cloud providers.

These technologies are excellent at providing a scalable infrastructure in the face of increasing digital workloads, but they also introduce a number of novel challenges to enterprise operations.

Namely, that hybrid and multicloud environments are more complex, and therefore have the potential to compound security threats and open organizations up to additional vulnerabilities.

The complexity is also exacerbated by the associated tool proliferation. One study found that 78% of CISOs have 16 or more security tools in their cybersecurity vendor portfolio while 12% have 46 or more, leading to higher integration costs and a heavier workload burden on staff.

Within the next three years, 80% of IT organizations plan to consolidate cybersecurity vendors.

One of the most common challenges organizations face is the lack of unified management and governance strategies. This creates poor visibility across the environment and can lead to companies struggling with critical cloud misconfigurations or configuration drift, an inability to maintain consistent access controls, and poor interoperability across cloud providers. There’s also the issue of protecting workloads regardless of where they live and the overarching challenge of staffing and training cloud experts who can develop and operate secure applications in an already resource-constrained cybersecurity environment.

You also have to consider attack trends across the broader threat landscape. Cybersecurity threats are more sophisticated than ever, with bad actors joining forces to increase their damaging impact. These threat actors are also growing increasingly stealthy. They know when they’re being hunted and they are able to hide for days, weeks, or even months on end. Once threat actors do make it inside your network, their attacks are often designed to mutate and multiply, moving laterally across your system.

So, where does that leave organizations?

Recommendations for mitigating threats and managing cloud security

There are several steps that organizations can take to uplevel their cloud security posture. First and foremost, we recommend implementing strong identity management and Zero Trust frameworks. Zero Trust is the gold standard of cybersecurity, and it can play a critical role in helping to close security gaps and minimizing the risk of lateral movement across cloud platforms. We also recommend best practices like implementing a minimum viable product (MVP) for governance, segmenting your network and firewall, creating a solid incident response process, monitoring and auditing your cloud environment, and creating a cloud encryption policy.

Underpinning all of this is the recommendation to centralize your cloud security with cloud-specific security tooling. Without centralized cloud security, organizations can’t adequately track all of their risks. This can be done by using a cloud access security broker (CASB) or implementing a cloud security posture management (CSPM) strategy. There is also a third, relatively new option: cloud native application protection platforms (CNAPP).

How CNAPP can centralize your cloud security

Initially coined by Gartner, CNAPPs work by combining cloud workload protection platform (CWPP) capabilities and CSPM capabilities to scan workloads and configurations while they’re in development and protect them during runtime. This provides more unified visibility across the entire cloud environment.

When looking at CNAPP solutions, it’s important to prioritize one that can unify your DevOps security management, providing code-to-cloud contextualization, integrated workflows and pull request annotations, and infrastructure as code security. This is in addition to strengthening and managing your security posture through attack-based prioritization; security compliance management; at-scale governance and automated remediation; and integrated insights across DevOps, External Attack Surface Management (EASM), and workloads. Finally, we recommend looking for a CNAPP that can detect threats and protect your workloads with full-stack threat protection, vulnerability assessment and management, and automate with the tools of your choice—regardless of which vendor they come from.

Ultimately, managing hybrid and multicloud environments can be challenging. However, the productivity and scalability benefits offered by cloud technologies make the added effort well worth it. Organizations just need to be aware of their risks and stay on top of the latest protection methods.

For more information on the latest cyberthreat insights, visit Microsoft Security Insider.