The Challenges of Securing Hybrid and Multi-Cloud Environments

Francis O’Haire

Group Technology Director

A proven thought leader with vast experience in both the technical and commercial aspects of this fast-changing industry. Francis is a true technologist with a unique understanding of the needs of the channel and their end users.

Perhaps the biggest challenge of all faced by businesses is how to secure these hybrid and multi-cloud environments against potential threats.

Whichever statistics you decide are flavour of the day, there is no doubt that Public Cloud usage is accelerating. The current projections show growth of anywhere between $260 and $330 billion for 2020, underlining double digit per cent growth over last year. This even surpasses the growth predictions released by Gartner last year. The enterprise faces multiple challenges in the face of such rampant growth giving rise to a number of potential headaches when managing a hybrid or multi-cloud environment. There is certainly a shortage of knowledgeable cloud workers available, leaving many businesses lacking when it comes to in-house cloud expertise. The lack of workforce equipped with the expertise required only adds to the complexity of deploying a successful cloud strategy.

However, perhaps the biggest challenge of all faced by businesses is how to secure these hybrid and multi-cloud environments against potential threats. Indeed, many will argue that security IS the chief challenge associated with cloud computing in a climate of rising threats and where regulation is becoming increasingly punitive. As cloud environments continue to develop, the only way to grow your business in the long term is to have the right security strategy around your cloud environment in place.

The Perimeter No Longer Exists

Cloud networks are very vulnerable. The advent of mass digital transformation has made the traditional perimeter-based network defence a thing of the past. In this brave new world, employees expect to be able to collaborate and access resources from just about anywhere and at any time, using all sorts of devices and without any negative impact on their productivity. The security perimeter no longer solely encompasses the on-premises network - it now extends to a myriad of cloud applications used for business-critical workloads. 

For example, when your employees are accessing corporate resources while traveling, or unmanaged devices your customers are using to collaborate and interact with. There’s also the growing movement of employees working remotely to consider also. Today’s businesses operate under an umbrella of services and endpoints managed by public cloud providers, employee-owned devices and web-enabled smart devices - the traditional perimeter-based security model can no longer deliver in this environment.

Shared Responsibility Model

Cloud platform providers are only responsible for the security of their own platform. Customers are therefore responsible for securing their own apps and data in the cloud. A potentially worrying scenario when you consider that one estimate by Gartner suggests that through 2022, at least 95per cent of cloud security failures will be the customer’s fault. 

The dynamics of this shared responsibility model are also impacted by the introduction of any new type of cloud computing - a big headache for operations and security teams coming to terms with new roles and responsibilities in an ever-changing landscape. For example, the introduction of serverless computing has meant that the shared responsibility model that worked for traditional workloads has blurred the boundaries, leaving those in IT security to find different approaches to secure these new workloads.

Don’t Rely on the Provider

Cloud providers do provide security solutions, but they are limited and proprietary to that platform. They don’t integrate with existing on-premise security technologies and policies or even the security tools from other cloud platforms. Unfortunately, many organisations that rely on cloud services assume that there’s no need to protect the data and apps that live there. 

Businesses should NOT rely upon their cloud provider to secure their data, nor should they rely upon them to provide adequate disaster recovery (DR) plans - there is a lot of data that suggests that organisations are failing in both securing access to their cloud data and failing to plan for DR. If you rely upon your cloud provider to protect your data, then you could be in for a very nasty surprise. Your business is still very much at risk from downtime due to a failure, error, outage or security attack.

Traditional Security is not Designed for Cloud

In the 2019 Cloud Security Report by Cyber security Insiders, sixty-six per cent of respondents said that traditional security solutions either didn’t work at all in cloud environments or they had only limited functionality.

As the ‘traditional’ environment, which sees both employees and solutions based on-premise, changes irrevocably, and we see both critical applications and data moving to the cloud, then old-fashioned perimeter security just doesn’t cut it anymore. Dynamic, scalable and distributed multi-cloud environments require new policies and an overall rethink before users lose all sense of trust – and security becomes a major issue.

Loss of Visibility and Control

When data moves beyond the perimeter. Historically, the firewall facilitated secure connectivity between different networks. It was deployed to create a trust perimeter between networks and became the logical security control point to protect a business's network, data, users, and devices. So, for example, network traffic from remote workers was funnelled through this single control point, allowing for consistent control and an established trust boundary.

The hybrid and multi-cloud environment introduce far more interconnected networks - a single perimeter or control point no longer exists. There is an ever-increasing loss of visibility and control, a lack of understanding regarding where users and data go. Under such conditions, it’s hard to know what’s communicating with what, or if a breach has occurred. Unfortunately, businesses will find this out when its too late to react sufficiently and mitigate the threat.

The Silver Lining

It is certainly true that security remains a fundamental obstacle to wide-spread enterprise cloud adoption globally. As the threat landscape becomes more complex every day, it is crucial that you adapt with an ever-evolving security strategy as your business prepares for or reinforces its migration to the cloud. 

Whilst traditional security methods fail to gel with the dynamic nature of the cloud, the industry has responded to provide more advanced threat protection and security solutions that can prevent cloud networks, data and applications from being attacked by the latest generation of cyber threats. Look for a comprehensive solution that is able to integrate with the widest variety of cloud platforms and cloud-based applications.