Multi-cloud security challenges and best practices
Where multi-cloud goes, security complexity follows. From configuration to visibility, organizations must be aware of these main challenges and how to overcome them.
Multi-cloud environments are rapidly becoming a common deployment model for many organizations. From a security standpoint, however, they introduce added complexity.
A main source of this complexity is the expansion of both the threat surface and of the skills and knowledge needed to handle the various tools, services, software objects and security policies of each cloud service provider (CSP). Due to this, organizations contend with the following main multi-cloud security challenges:
- Configuration management.
- Logging and monitoring.
- Incident response and detection.
- Compliance and regulatory requirements.
Let's dig deeper into each challenge and then look at the best practices to help solve them.
Multi-cloud security challenges
Alongside existing challenges for cloud security, an organization's security team needs to consider the following multi-cloud security challenges.
1. Configuration management
Configuration management is one of the most common issues organizations face and given the velocity of changes and updates in cloud environments, it's one that recurs.
The range and complexity of the services and objects available in a single-cloud environment can lead to misconfiguration. That range and complexity only compounds with each additional cloud in multi-cloud deployments.
Common configuration issues -- such as using outdated server and container components and images, accidentally exposing storage nodes to the internet, or improperly implementing and aligning identity and access management policies -- can result in security vulnerabilities and possible exposure in the cloud.
2. Consistent visibility across all cloud environments
Logging and monitoring are relatively straightforward in leading IaaS and PaaS clouds, but many organizations struggle with the volume of cloud-related events generated. This becomes even more difficult when multiple clouds are involved.
Many organizations also often don't understand how to coordinate and contextualize playbooks for monitoring and alerting across different service environments, which leads to further complexity.
3. Incident detection and response
Incident detection and response are often a struggle for organizations with multi-cloud deployments. They require preparation of forensic and response tools and services ahead of time in each cloud, as well as specific workflows and playbooks that cover all cloud environments. Workflows and playbooks can become more complicated if hybrid cloud architectures are in use. Further, incident responders often lack the appropriate skills to respond to incidents in each specific cloud environment.
4. Compliance and regulatory requirements
Meeting compliance and regulatory requirements across a diverse set of cloud environments can be difficult, depending on an organization's industry. Most larger cloud providers have SOC, ISO and other compliance-specific reports available to attest to the state of controls and processes on their side of the shared responsibility model. Customer controls status and reporting, however, still need to be collected and aggregated.
Multi-cloud security best practices
The following industry best practices and security tools and processes can help organizations meet multi-cloud security challenges head-on:
- Adopt cloud security posture management. A cloud security posture management (CSPM) platform might be overkill for a single cloud deployment, but it's almost a necessity to monitor and report on configuration and vulnerability statuses across multiple clouds. CSPM platforms also help with compliance and regulatory reporting in many cases.
- Deploy cloud-native SIEM. Exporting and streaming cloud logs and other event data into SIEM systems is already possible, but security teams can increase their visibility -- and thus detection and response capabilities -- by using the built-in and flexible monitoring, alerting and detection playbooks in cloud-native SIEM platforms.
- Implement cloud-native guardrails. Many leading CSPs offer security services and tools that help with visibility, reporting, and threat detection and response. Google Cloud Security Command Center, Microsoft Azure Security Center and Amazon GuardDuty are native tools that can provide additional security monitoring and controls.
- Use tools that work across multiple cloud providers. Many endpoint detection and response, extended detection and response, and cloud-native application protection platforms provide security telemetry and threat hunting across both IaaS and PaaS deployments. These tools have come a long way in recent years; using one that works in a multi-cloud environment can help reduce operational overhead.
Dave Shackleford is founder and principal consultant with Voodoo Security; SANS analyst, instructor and course author; and GIAC technical director.
