A growing number of organisations are adopting a multi-cloud architecture for their IT infrastructure.
It’s a strategy that has been evolving for some time. Until the mid-2000s, most organisations housed their IT resources internally in dedicated data centres. Then, with the advent of large cloud providers such as Amazon’s AWS, Microsoft’s Azure, and Google Cloud, a portion of resources was shifted into the cloud.
Now, frameworks are evolving once again. Rather than relying on a single cloud service provider, increasing numbers of organisations use multiple platforms. They may have some applications running on Amazon and others on Azure. Some databases may be migrated to Google Cloud, while others are entrusted to a smaller hosting provider.
The benefits of adopting such a hybrid infrastructure are significant. If one cloud provider suffers an outage, workloads can be quickly shifted to another, thus avoiding unnecessary downtime.
Hybrid organisations can also take greater advantage of the intense competition in the cloud space. For example, the shift can quickly be made if it becomes cheaper to run an application on one cloud platform rather than another.
The security implications of multi-cloud
While adopting a multi-cloud IT strategy can deliver significant benefits for organisations, it also provides new opportunities for cybercriminals. The architecture opens up several new potential points of penetration that can be used to gain unauthorised access to resources.
This access can occur in a range of ways. A developer might leave a port open by mistake, allowing unauthorised access. The development server being used may be connected to multiple other systems and cloud resources, allowing the cybercriminal who has gained access to move between them readily.
Unfortunately, many organisations are under the misapprehension that cloud security is the responsibility of the platform provider. Many often think that the organisation they host their applications with will take care of everything.
This is not the case as cloud providers only provide security to the platform layer. Anything above that is the responsibility of the using organisation.
For this reason, having clear visibility of network traffic is critical. If you wait for an attack to happen and then take remediation steps, it can be far too late to avoid disruption and loss. Therefore, security reaction times need to be short so responses can be made at the earliest possible time.
The focus of security needs to be on prevention. To achieve this in a multi-cloud environment, there is a need for multiple layers of protection as the overall infrastructure has become much more complex than it was in the past.
Achieving effective security
While it might sound complex and difficult to achieve effective security in this situation, it doesn’t have to be that way.
Increasingly, organisations are using rapidly evolving artificial intelligence (AI and machine learning (ML) tools to help them overcome the challenge of achieving effective security. The tools can augment the efforts of human security teams and enable them to better cope with the new environment.
The tools are particularly beneficial because they can automate sifting through the vast amounts of data that complex, multi-cloud infrastructures generate. In addition, they can be configured to issue alerts to security teams then if certain events occur.
This could be an application being accessed from an unusual location or via an unknown device. It could also be the transfer of data files from one server to an external party that has never previously been connected to the network. Human operators could easily overlook such events but can be quickly captured by AI and ML tools.
By achieving adequate visibility through AI and ML, organisations will be much better placed to take advantage of a multi-cloud strategy. The expected business benefits can be achieved without sacrificing effective security.