How to make a multi-cloud strategy safe for your business


Enterprise approaches to cloud computing have evolved significantly in recent years. The initial shift toward public cloud gave rise to myriad benefits for organizations globally, enabling them to modernize IT infrastructure and deliver improved operational efficiency.

Public cloud still remains a key focus for organizations globally, with research from IDC predicting that spending on public cloud services will reach $805 billion in 2024. However, despite the continued popularity of public cloud, enterprises have begun exploring – and shifting to – alternative approaches.

Hybrid cloud, for example, has been thrust into the spotlight with the emergence of generative AI, enabling businesses to innovate in the cloud while retaining critical workloads on-prem.

Running parallel to this evolution is the expansion of multi-cloud strategies at enterprises worldwide, whereby an organization utilizes multiple cloud services from different vendors.

Multi-cloud is by no means a new industry focus. In 2020, Gartner identified this approach as a key upcoming trend, noting that the shift to remote operations — and the associated cloud migration flurry that came with it — would eventually precipitate a widespread transition toward multi-cloud at organizations globally.

A key factor in this shift, Gartner noted, was that enterprises were aiming to reduce dependency on a single vendor. Multi-cloud offers marked benefits for adopters, enabling them to improve flexibility, potentially unlock cost savings, and bolster resilience and business continuity by combining different cloud services.

Simply put, enterprises aren’t so keen on placing all their eggs in one basket, and recent research shows this trend continues to gather pace. Analysis from OVHCloud in February 2024 showed that 62% of UK organizations, for example, currently employ a multi-cloud strategy.

Similarly, a further 18% of respondents revealed they were in the process of transitioning to a multi-cloud environment.

On a global scale, the switch to multi-cloud also continues. The SANS 2023 Multicloud Survey showed that 86% of organizations had adopted a multi-cloud approach.

While multi-cloud has its benefits, it’s not a one-size-fits-all solution and is wholly dependent on the unique needs of the individual enterprise.

Research from Pluralsight specifically highlighted multi-cloud adoption as a key hurdle for enterprises in its 2023 State of Cloud report. In particular, the study noted that many enterprises are still “stuck in the tactical mode” of approaching cloud solutions, and are quick to hastily shift to a multi-cloud strategy.

Many also lack the relevant skills to efficiently switch to a multi-cloud approach. In doing this, some enterprises fall foul of adding new layers of complexity within their IT infrastructure – creating disparate workloads and, therefore, added risks.

“Adding another platform to the mix without the right talent, processes, and cloud infrastructure only makes driving that value even harder,” the study noted.

“But that’s not to say multi-cloud is a bad idea for all organizations. There are several strategic reasons an organization may choose multi-cloud, such as to leverage best-of-breed services, enable flexibility, or optimize costs.”

Multi-cloud comes with unique security considerations

Multi-cloud comes hand-in-hand with some unique security considerations, with research from Microsoft noting that adopters are forced to contend with security management and identity issues in addition to regulatory compliance considerations.

Lewis Duke, SecOps and Threat Intelligence Lead at Trend Micro™, told ITPro that the distributed nature of resources across multiple cloud providers has the potential to create a “more complex attack surface.”

He added: “To maintain an appropriate security posture, organizations need to manage diverse controls, ensure consistent data protection, and address potential vulnerabilities arising from inter-cloud connectivity.”

Duke’s comments regarding complexity were echoed by Microsoft’s 2024 State of Multicloud Security Report, which found attack surfaces expand for those pursuing a multi-cloud strategy. Researchers found that the average multi-cloud estate has 351 exploitable attack paths that lead to critical business assets.

Similarly, the firm’s analysis uncovered more than 6.3 million exposed critical assets among all organizations last year.

“As multi-cloud environments grow in scale, so too does the data they house and produce,” the report noted. “With more exposed data, comes more risk.”

“Organizations face 59 data security incidents each year on average, and 74% of organizations experienced at least one data security incident in which business data was exposed.”

The potential security risks of multi-cloud have prompted a reaction from cyber agencies globally, with the NSA releasing advice for organizations adopting this approach in recent months.

In April 2024, the security agency warned that multi-cloud environments can impact broader operational alignment and can have a detrimental effect on cyber readiness.

“Multi-cloud environments may also lead to operational silos, where single teams or individuals maintain just one environment, causing configuration discrepancies between environments that may lead to exploitable security gaps,” it said.

Similar research from Cado Security found that this complexity and lack of alignment is largely due to the sheer sprawl of tools and solutions used across multiple environments. The study noted that 82% of organizations use multiple platforms and tools to perform investigations in the cloud, while 45% reported a lack of integration across these environments.

So how are organizations adapting their security capabilities to accommodate multi-cloud? At present, there are a number of approaches.

The increased adoption of multi-cloud has prompted the rapid development of tools designed specifically to accommodate this strategy, according to Duke.

“There are various strategies to address multi-cloud security challenges,” he said. “These include implementing robust identity and access management, leveraging cloud-native security tools, and establishing centralized security operations centers (SOCs).

Notably, Duke said that firms adopting a “risk-based approach, combined with regular security assessments” is critical for effective threat mitigation.

A sharpened focus on cloud security posture management (CSPM) platforms has emerged thanks to multi-cloud adoption. These enable organizations to monitor, identify, and report on potential configuration errors in the cloud, thereby improving broader security posture across multiple environments.

Best practice advice from Microsoft on multi-cloud security recommends building on CSPM and investing in a cloud native application protection platform (CNAPP).

CNAPPs are centralized, unified platforms that enable enterprises to simplify the development and maintenance of cloud-native applications. A 2023 survey from the Cloud Security Alliance (CSA) described CNAPP adoption rates as “impressive”, noting that 75% of respondents were already using CNAPPs or were planning to do so.

These adoption rates were directly attributed to the increased enterprise focus on multi-cloud, according to CSA.

“This trend can largely be credited to the rise of multi-cloud strategies, which traditional security solutions struggle to accommodate,” the report noted.

Similarly, zero trust practices have also been thrust into the spotlight due to the need for multi-cloud adopters to improve visibility and identity verification across multiple IT environments.

Industry tools aimed at bolstering multi-cloud security capabilities are now commonplace. Trend Micro’s specialist cybersecurity software platform, Trend Vision One™, for example, is among the leading solutions for enterprises.

Trend Vision One™ – Cloud Security is an enterprise cybersecurity platform that enables users to combine risk management, extended detection and response (XDR) protection, and zero trust practices to secure email, endpoints, network, cloud, data, identity, AI, and response capabilities.

Launched in June 2023, this platform is designed specifically to help secure both hybrid and multi-cloud security capabilities, offering comprehensive cloud-native application protection. The launch builds on Trend Micro’s longstanding position as an innovative and industry leading cybersecurity vendor.

The platform uses machine learning analytics and AI to defend against the growing array of threats currently faced by enterprises, such as ransomware or DDoS attacks, with threat intelligence underpinned by the company’s globally distributed research teams and the Trend Micro™ Zero Day Initiative™.

Trend Cloud Security is available through the AWS Marketplace, complete with built-in automation and integration within workloads and IT environments hosted via the cloud provider.


Source link
Exit mobile version