Last updated at Mon, 28 Oct 2019 16:49:31 GMT
The SaaS model revolutionized the software industry and is now the norm, with companies using more cloud-based applications than ever before. Following the shift to SaaS has been another wave of cloud innovation, bringing the benefits of the cloud to infrastructure.
The IaaS model is now going mainstream. In 2018, 42% of organizations adopted IaaS, with Amazon Web Services (AWS) and Microsoft Azure leading the way. However, many of these companies are not relying on a single vendor and are instead spread out over multiple clouds, with a variety of vendors and services.
While the usage of multi-cloud was initially driven by reliability concerns, organizations have realized that a multi-cloud strategy has other advantages. Vendor lock-in is a risk, so breaking free from reliance on a single vendor has become a strong motivator. And every provider has its own selling points, offering features that can’t be found elsewhere for the same price. Additionally, due to industry regulations and compliance mandates, some organizations need a cloud located in a particular area.
But multi-cloud architecture comes with unique security challenges, so securing multi-cloud environments is a concern for organizations using them. In this post, we’ll cover the unique challenges with securing cloud environments, and some best practices specifically focused on securing multi-cloud infrastructure.
Challenges of protecting and securing multi-cloud environments
Security for multi-cloud architecture is, by definition, more complex than security for a single cloud. And complexity varies by industry, too—organizations need to comply with regulations and meet requirements such as HIPAA and PCI, which will need to be done differently in multi-cloud environments. You’ll need to consider the following:
- Data security: There’s the data itself, potentially spread across multiple providers.
- Access security: Then there’s the people accessing the data. This is where many companies fail when it comes to security. Employees who shouldn’t have permission to access certain data do, or user accounts aren’t robustly protected, leaving them vulnerable to hackers.
- Consistent security when scaling: As you utilize more resources and scale up components, you need to make sure your security is sufficient.
- Security plan as cloud footprint evolves: Beyond scaling the resources you’re already using, you’ll likely bring on additional services from new vendors. You need a plan in place to ensure security is fully addressed as each new service is deployed.
Essentials for securing multi-cloud environments
Multi-cloud infrastructure has additional security considerations, not simply a greater quantity of them. If you’re using multi-cloud, you need to be sure you have the following in place:
Policies, threat identification, and tracking
Multiple clouds come with multiple exposure points. Traditionally, IT teams used segmentation to prevent attacks from spreading. But that strategy is of limited use in a multi-cloud environment. Policies become more important, since they’re a primary catalyst for ensuring security procedures are followed for every cloud and every application. But policies can only take you so far. You need to be able to quickly identify potential threats, analyze their significance, and assign priority to know what you need to address, and when. You also need to know from where these threats originated so you can address vulnerabilities.
In enterprise organizations, it’s easy for IT to lose track of what’s being used by each department. Policies can help with this problem, but you need to ensure you have visibility into your entire cloud footprint, including networks, platforms, and applications. Beyond this, you need to be able to track threats between cloud environments, as a threat to one resource can affect others.
Due to the speed of modern security threats, you don’t want to waste time looking at siloed threat signals from multiple clouds, trying to compare them to better understand an in-progress attack. You need to be able to look at an aggregated view of threat data, quickly identify potential causes, and move swiftly to address them.
Tools to use for multi-cloud security
As multi-cloud strategies have become more prevalent, so have security tools designed for them. Some of these tools come built-in, while others can be added on, and they each serve their own purposes. Here’s an overview of the types of tools available to you:
Service provider tools
Many IaaS providers offer security and access control tools, but these vary widely by provider, and some tools work better in certain situations than others. Find out what your vendor offers and create a list of gaps you’ll need to fill.
Application and API security tools
According to the 2018 Verizon Data Breach Investigations Report, most security breaches happen via hackers gaining access to web applications. Application security tools address this issue. API security tools work alongside these tools, since application security tools alone don’t protect the connection points between applications.
SIEM security software
SIEM software is particularly helpful to companies using multi-cloud. SIEM software collects event and log data, analyzes it, and sorts it into categories of potential threats. Activity that signals a threat triggers a priority-level-specific alert so the problem can be addressed with the urgency needed.
Some SIEM software, such as Rapid7’s InsightIDR, combines SIEM, User Behavior Analytics (UBA), and Endpoint Detection and Response (EDR) functionality. These tools additionally monitor user behavior and trigger alerts when an individual’s usage becomes abnormal, simultaneously monitoring endpoint and network events.
Confidently move forward with multi-cloud
While multi-cloud environments present unique challenges in implementing security solutions, the same principles apply to multi-cloud security as to single-cloud or even on-premises. To secure your multi-cloud environment, you’ll need to map out your current footprint, identify vulnerabilities, create policies and procedures that will address a growing footprint, see what existing tools you can take advantage of, and research the tools you need to fill in the gaps.