According to a 2018 report from Virtustream and Forrester Consulting, 86 percent of more than 700 large companies revealed that they have a multi-cloud strategy in place.
“Multi-cloud” means using more than a single public cloud. Not to be confused with a hybrid cloud, a multi-cloud is the pairing of a private cloud and a public cloud (or multiple pairings).
For IT teams, this can present security concerns. Multiple clouds mean multiple attack surfaces. Expanding digital real estate means the potential for further cyber risks.
In traditional security networks, IT uses segmentation for containing threats. In a multiple cloud environment, segmenting threats is multiplied by the need to consistently segment applications, workflow, and data as they move across private and public cloud environments, according to a recent blog by Fortinet. As data moves across clouds, the ability to apply segments is limited.
Visibility is another concern. That’s because while IT teams have the visibility into each cloud network through cloud-specific tools, they may not be able to detect or correlate threats across multiple clouds. Also, they cannot immediately assess the impact of a threat from one cloud to another.
Securing current complex and changing infrastructures requires a framework that allows all functions to communicate, collaborate, and coordinate between themselves. The framework supports the automation of every security operation, offering end-to-end visibility.
Here are Fortinet’s three important elements when planning a multi-cloud security strategy:
1. Security functionality and enforcement need to operate the same regardless of the environments in which they have been deployed. Security products should apply consistent enforcement and controls across clouds, and with the same features and functions used to protect the traditional network.
2. These products should be managed through a single pane of glass. They should offer the ability to automate operations across the entire security infrastructure through a single, central set of routines. This includes security policies, segment critical systems, workloads, and applications based on risk profiles. Also, tracking policies to support complex, multi-cloud workflows and applications and use them to investigate security events.
3. Any suite of threat detection, prevention, and mitigation tools need to seamlessly share security control information and together to address threats regardless of where they occur. This requires that they work together locally, and across all of the major public cloud infrastructures. Such cross-functional integration is essential if organizations expect to improve risk mitigation across multiple clouds.
Cloud computing has changed the archetype for IT professionals. Networks where protection is focused on preventing threats at the firewall door are not enough any longer. Cloud security must encompass the requirements of each cloud computing infrastructure, whether public, private, or hybrid, and weave them into a single, integrated security framework.