Multicloud environments change rapidly. Organizations need a security framework that is purpose-built for the cloud and that aligns with their digital transformation strategy.
Enterprise cloud adoption continues to increase rapidly. According to Gartner, expenditures toward enterprise IT cloud-based offerings is rising at almost triple the rate of spending on traditional, non-cloud solutions. The firm predicts that more than $1.3 trillion in IT spending will move to the cloud by 2022. As organizations increasingly make their digital transformation to the cloud, they are not only adopting cloud applications, they are moving important parts of their IT infrastructure, such as databases, to the cloud for an infrastructure-as-a-service model. But with this rapid shift to the cloud come new security challenges, especially when an organization has a multicloud environment.
Research shows that on average, companies use a mix of four or more public and private clouds. Many security professionals think they can simply take their traditional cybersecurity fundamentals, such as patching and scanning, and apply them to their multicloud environment to make their organization secure. While those fundamentals remain essential, they don’t address the reason that so many organizations today are struggling to secure their multicloud environments. The reason securing a multicloud environment is so difficult is because you have essentially handed off your operating environment to a third-party — Amazon Web Services, Azure, Google Cloud Platform, or another. As a security professional, you no longer have control over the infrastructure; you only have control at the application level or just above the operating system level.
It’s a true paradigm shift. Whereas in the past, security professionals had full control over their servers and data and were able to apply and enforce all their security best practices and principles, now they are at the mercy of the cloud provider. No longer owning the infrastructure or the platform, security professionals are discovering that they may not be able to use the same security tools they would have used in the past. It introduces the question, “What controls can I use in the cloud and at what level?”
Compounding the challenge, each cloud provider is now releasing its own, native security tools. While these native-built security tools may make it easier to secure that particular cloud environment, they can’t be used with the other clouds the organization relies upon. With each cloud provider releasing new tool sets at a rapid pace — often daily — enterprise security teams are racing to keep up. In addition, many security vendors have their own private cloud that runs across public cloud hybrids. Enterprise security teams are challenged with trying to interconnect all these clouds at a business level, as well as at the cloud ecosystem level in order to gain visibility and manage risk across all of them. The multicloud environment is a multiplier of complexity, and as a security professional, you’re held responsible for securing all of it.
Solving the Multicloud Security Puzzle
The first step in securing your multicloud environment is understanding that you have a problem. Many organizations have moved to the cloud so quickly that they’re just beginning to realize they haven’t built the necessary security programs and tools needed to scan and monitor across all their cloud environments. Next, make sure you know where your assets reside in the cloud and put protection around them, using a native approach. The native security tools offered by cloud providers have their advantages, but they don’t work across clouds. In a multicloud environment, you need the ability to bring all your different security tools under a single pane of glass for visibility, monitoring, and centralized control. Using security orchestration, automation, and response (SOAR) technologies, advanced analytics and machine learning, enterprise security teams can gain a single view of the threats, vulnerabilities, and perceived risks across their organization’s entire environment and create a central point for tracking security events and responding to alerts. [Editor’s note: Trustwave is one of a number of vendors that offer such services.]
It’s important to realize that as you bring all these tools together under a single pane of glass, you want to do it without having to send all your data to yet another cloud service. As much as possible, leave your data closest to where it’s being generated. Look for SOAR solutions that are designed to pull just the alert or a summarization of the data. Then, based on insights gained from analysis, pull only the data necessary to make a decision or increase the fidelity of the alert. There are some excellent cloud-native security incident and event management (SIEM) tools, but you want to make sure the data you have feeding into them is configured correctly.
Of course, security fundamentals also remain essential in a multicloud environment. Many organizations today aren’t performing basic security hygiene for their databases, which is alarming. Scan the cloud, and consistently scan and monitor your databases from both an event and log perspective to see if you have open, inherent risks.
Finally, perhaps the most important aspect of securing a multicloud environment is to make sure your security leaders are included in the decision-making process early whenever a business unit is considering adopting a new, cloud-based service or application. Too often, the security team is looped into the process too late, which causes a lot of inefficiencies and rework when an incorrect configuration or security lapse early on in the deployment process cascades to cause security vulnerabilities elsewhere. – Read more