Virtually every organization has adopted a multi-cloud strategy. According to the 2020 State of the Cloud report from Flexera, 93 percent of organizations are using multiple public and private clouds to support their applications and workloads. More than half (59 percent) of survey respondents expect their multi-cloud usage to increase due to the COVID-19 pandemic and work-from-home strategies.
Security remains a major concern, however. In fact, security is now the No. 1 cloud challenge, cited by 83 percent of survey respondents, and the only challenge to see a year-over-year increase in Flexera’s annual survey. Multi-cloud strategies and the ever-increasing number of workloads in the cloud are making security more difficult even as organizations are gaining more experience.
Despite the risks, there are sound business reasons for implementing a multi-cloud strategy. The use of multiple clouds enables organizations to select the cloud service that best meets the requirements of a particular workload, and to take advantage of each cloud’s unique capabilities to enhance their applications.
The multi-cloud model can reduce the risk of downtime through redundancy. Although service provider outages are not as common then they once were, the potential risk is greater than ever. As organizations continue to migrate more mission-critical workloads to the cloud, an outage or performance degradation can severely damage their operations. In a recent survey conducted by Propeller Insights, 97 percent of IT leaders said they are planning to use multiple clouds to maximize availability and reliability.
Organizations are also leveraging cloud services in multiple geographies to reduce latency by placing applications, services and content nearer to end-users. In addition, the multi-cloud model facilitates regulatory compliance by enabling data to be maintained in a specific geographic region.
Multi-Cloud Security Challenges
At the same time, the use of multiple clouds expands the attack surface while making it more difficult to detect and contain threats. Most organizations lack visibility across the multi-cloud environment, or a centralized interface for managing cloud security tools. Organizations need single-pane-of-glass management of security services with the ability to configure individual devices and apply patches and updates.
Coordinating threat detection and response across security these tools is a significant challenge in a multi-cloud environment. Often, security devices do not communicate with one another, and security platforms take time to collect, correlate and process event data. Organizations need security tools that integrate with the cloud, utilize threat intelligence and share data. These tools should also take a consistent approach to policy enforcement and threat mitigation.
The learning curve associated with learning multiple tools, coupled with manual administration processes, increase the risk of misconfigurations. Virtualized security tools that incorporate automation and orchestration functions can help reduce this risk.
Strategic Approach Required
While cloud providers are responsible for securing their infrastructure, customers are responsible for protecting their applications and data. Cloud providers typically offer security tools and services, but it’s up to the customer to implement and configure these tools and services correctly.
Cloud security challenges quickly multiply in a multi-cloud environment, where each cloud provider takes a different approach. Organizations that are utilizing multiple clouds — or even just planning to do so — should develop a security strategy utilizing integrated security tools that provide end-to-end visibility and automation.