With the right plan, managing a multi-cloud security architecture is easier than many believe. That said, there are certain challenges the security integration plan must overcome.
The first challenge is to establish a consistent cross-cloud security policy that covers not just the initial deployment, but the ongoing upkeep of security policies bolstered by available security tools and services.
When working in a multi-cloud environment, it may be possible to centrally manage security tools -- and the policies created within the tools -- across all public and private clouds your business occupies. However, there is no guarantee the tools will be optimal or even usable in third-party cloud infrastructures. Therefore, it's important to choose tools and policies that meet your internal security standards, as well as offer the flexibility to function consistently in each cloud infrastructure.
Centralized visibility and monitoring of multi-cloud architectures are another challenge. Depending on the public and private clouds your business relies on, each will offer varying levels of visibility granularity. In addition, many legacy tools may not provide the necessary level of monitoring to which you're accustomed. This lack of visibility can create gaps where threats can slip by installed security tools.
Along those same lines, understand that multi-cloud architectures add significant complexity -- both from a network and security perspective. Security policy and tool misconfigurations or misreadings can occur. Modern platforms such as multi-cloud management or network overlays can help reduce the chance of human error when creating and pushing security policies across multiple cloud infrastructures, but these tools add their own complexity, leading to additional security mistakes. The best advice is to properly calculate the risk involved when considering which cloud providers you plan to work with -- as well as the capabilities of in-house staff expected to manage the cross-cloud security architecture.
Maintain security visibility in a multi-cloud environment
Maintaining visibility across a multi-cloud environment is a critical part of a secure infrastructure architecture. Ideally, visibility should extend to the network level. Several tools -- all of which can be centrally managed -- are available to provide multi-cloud visibility. For years, much of that visibility was provided by security incident and event management (SIEM) tools. However, SIEM tools rely heavily on log data, which yields varying levels of granularity depending on the cloud service provider. As a result, visibility through the use of a SIEM tool may not be as beneficial as some might think.
Instead, an emerging field in IT security -- known as network detection and response (NDR) -- may be far better suited to provide the necessary level of visibility across hybrid and multi-cloud networks. NDR monitors traffic by pulling network telemetry data from various locations throughout a corporate network, including private and public clouds. Data is obtained from sources that include NetFlow, deep packet inspection and other streaming network telemetry. The data is then sent to an analysis tool, where the data is decoded and stitched together to understand exactly what devices are on the network and who they are talking to. Once complete, traffic baselines are formed, and traffic is analyzed from a security perspective to identify traffic pattern anomalies, suboptimal performance indicators, and matches against known and unknown threats.
Looking strictly from a multi-cloud visibility perspective, an NDR platform can be deployed in IaaS clouds to automate the creation of a network visibility map that identifies all network components and servers/devices attached. Additionally, the tool shows what interactions the servers/devices have with others. This is precisely the level of detail that security administrators are looking for, with the added advantage of using a single platform to monitor all on-premises and public cloud resources in a centralized platform.
How should organizations approach multi-cloud security?
The overall goal of multi-cloud security is a set of uniform security tools, processes and procedures that can be centrally managed. If you've ever worked for an organization that acquires other businesses, you already have a solid foundation on how to approach multi-cloud security. For example, in an acquisition scenario, the newly acquired business will have its own -- and likely different -- network, server and application infrastructure with which you must shape to meet the parent company's level of data security. Thus, the first step is to be sure you fully understand the new infrastructure architecture you're working with. The result of this investigation will show just how far apart the new infrastructure is compared to what you've currently got in place. This is exactly the same approach taken when reviewing a new public cloud architecture.
The next step is to review your in-house security tools, processes and management procedures to see which of these will easily fit into the new infrastructure and which will have to be modified or abandoned in favor of something that works across all infrastructures in the multi-cloud environment. This can get tricky -- but it's still possible if you're willing and able to make the necessary changes to enable cross-cloud security consistency. This may mean you have to get rid of tools and processes your IT security team loves in favor of what works with all environments.
For businesses that have large-scale multi-cloud ambitions, a manual approach to multi-cloud security homogeneity may not be the most effective use of time and resources. In these situations, tools such as multi-cloud management or network overlay platforms might be a far better fit. These two multi-cloud management technologies help administrators use the security tools and processes they desire, regardless of the underlying infrastructure. While this can significantly streamline the cross-cloud security strategy, note that it comes at the expense of added management and overlay costs and complexity. But, for organizations that plan to operate across three or more private and/or public clouds, the extra cost and complexity may be justified from a long-term perspective.