The Challenge of Securing Multi-Cloud Environments
When I talk to companies interested in moving some of their IT infrastructure and operations to a cloud service provider, it’s clear this shift has become a fundamental business requirement to keep up with the competition.
One reason to use cloud service providers is so companies can stop budgeting for the resources necessary to manage these fundamental operations and instead focus on the core competencies of their business.
While this is valid, many organizations underestimate the expertise required to integrate this new model into their everyday workflow, not to mention the host of challenges that come with operating in a multi-cloud world — including how to secure this diverse combined environment.
Security continues to be a shared responsibility between the customer and their service provider. As we’ve previously written, security “of the cloud” (for which the provider generally has ownership) and security “in the cloud” (for which an organization generally has ownership) have different needs and are addressed in different manners.
Expanding into multiple infrastructures complicates the job of properly architecting the security posture — even the shared requirements may require different tools or implementations.
To add further complexity to the task, the threat landscape has evolved. Traditional perimeter-protection and signature-based security tools are simply no longer sufficient to combat the advanced attacks now threatening all environments. While these technologies are still valuable in blocking non-targeted attacks, their reactive nature contributes to the 205 days analyst firm IDC has found that the average breach takes to be detected.
Proactive monitoring, advanced behavioral analytics and expert security personnel are now table stakes to properly detect and respond to this new threat landscape. As my team likes to communicate to our customers, the only defense against smart attackers is smart analysts.
Whether those skills and expertise come from within an organization via well-built security teams or via partnerships with those whose sole function is to provide these services, understanding this need is finally permeating the organization from the IT administrator up to the board.
Traditionally, security has been viewed as an obstacle to operations and workflows (an absolutely valid concern in many cases), but those days need to be behind us. The goal is to provide a secure multi-cloud environment that enables organizations to meet their business objectives. Efficiently and effectively securing all operational environments, no matter where the infrastructure is located, is pivotal to successfully meeting the demands of the current landscape.
Partners such as Rackspace can provide “security of the cloud” with Fanatical Support across many cloud service providers, including AWS and Microsoft Azure, as well as “security in the cloud” with Rackspace Managed Security and deep technology partnerships.