Multicloud security is a growing concern in the Asia Pacific region as businesses are increasing their spending on public cloud services. IDC forecasts that the region’s public cloud services market will increase by 26.4 percent from 2022 to 2026 while Gartner estimates at least 75 per cent of organisations worldwide use multiple public cloud services.
Multicloud environments present more vulnerabilities for cybercriminals to take advantage of and business leaders in the region are taking notice. Our survey shows that IT leaders globally consider cybersecurity as one of their C-suite’s top business concerns, ranking higher than price inflation and supply chain issues.
But additional investments in cybersecurity are insufficient unless enterprises take into account the significant differences between traditional and multicloud environments. Understanding the distinctions between the two is the key to securing the latter.
For example, cloud operations are managed primarily by APIs, often serverless, and managed directly via code by DevOps or site reliability engineers (SREs). Thus, understanding the behaviour of their organisations’ cloud environment requires IT teams to monitor changes and scan code in an automated manner.
Still, multicloud security does not need to be complex. Here are four steps organisations can take to simplify the protection of data, applications and other virtualised assets spread across a multicloud environment:
1. Take advantage of cloud-native security tools: cloud providers have purpose-built security tools for analysing security configurations, monitoring misconfigurations and compliance, workload protection, and event identification. Some even have integrated SIEM technologies, extending the capacity to maintain and correlate logs from cloud and data centres. These tools can be the foundation for understanding the security of your cloud infrastructure.
2. Utilise automation: Automation is crucial for good cloud security hygiene. Secure virtual machines by building security configurations and applying them through scripting mechanisms. On the other hand, building virtual machines into base images is an alternative to those who opt not to use scripting mechanisms. Automated scanning tools can also be used to identify vulnerabilities in configurations and component libraries. These tools can also be built into DevOps CI/CD pipelines to scan for code vulnerabilities and insecure third-party software components. Complement these measures by designing automation to respond to events from cloud-native security tools.
Automation is also an important tool for identifying and responding to potential issues. If someone or something attempts to log into an immutable server, it is a security event that automation can help respond to. IT teams can also use cloud-native scaling and resiliency by automatically snap-shooting suspicious workloads within a container, server, or application for later analysis while taking them offline immediately. This ability to respond immediately means a potential threat no longer has a window of time to harm while IT investigates.
3. Make identity the new security perimeter: While virtual networking allows micro-segmentation and the limiting of network traffic, the cloud’s dynamic nature means that identity is now a critical access enforcement mechanism and perimeter. This entails deploying strong authentication for administrators, developers, and anyone else accessing accounts. It also means utilising certificates, SAML, and appropriate API authentication mechanisms to secure applications and infrastructure.
4. Use third-party tools to augment the security infrastructure: While some providers manage security across multiple clouds, there are instances where layering a third-party tool to standardise security management across multiple providers offers additional protection. For example, a cloud security management technology enables users to apply policy and monitor compliance across multiple cloud providers from a single point. Edge security can also be standardised by utilising DDoS protection and bot management within a single provider as application workloads are placed across multiple clouds.
As threat actors seek to exploit the growing number of vulnerabilities in multicloud environments, businesses must evolve their security operations to address a growing execution and operations management gap. This entails breaking free of traditional reactive approaches to threats. A multicloud security strategy that provides an agile, proactive, and end-to-end framework for effective threat detection and incident response against increasingly sophisticated attacks is the answer.
By Sandeep Bhargava, Global Head of Solutions and Services, Rackspace Technology
