During the second quarter of 2020 — for the first time in history — customers worldwide spent more on public cloud systems than on investments in non-cloud IT systems. With more cloud spending than ever before, the battle for market share among the leading public cloud providers (PCPs) heated up. The same tactics major providers rely on to encourage cloud customer loyalty tend to amplify the cloud security challenges these customers face.
Furthermore, many customers want to avoid locking in to a single vendor. This way, they can maximize the well-known perks of moving computing out of their private data centers in the first place. It comes as no surprise that only a small fraction of today’s cloud environments are built within a single public cloud provider’s domain. Instead, 93% are multicloud landscapes, and most rely on hybrid strategies that mix public and private cloud elements as well as on-premise components.
This means today’s defense teams are tasked with creating new tactics for tomorrow’s hybrid and multicloud world.
Cloud security challenges can come with both multi-vendor and hybrid cloud strategies. Cloud deployments make IT vastly more complex even as they reduce the demands of physical management. This is taxing for security teams, who frequently struggle to maintain insight in multicloud landscapes. The drive to avoid vendor lock-in can result in an avalanche of readings from various providers’ platforms and software-as-a-service (SaaS) apps. These can be stored in disparate, poorly-integrated data silos, which makes it very difficult to create efficient and effective monitoring and incident response workflows.
Other cloud security challenges come from the way more complex data leads to lack of control. When enterprises use architecture and service delivery models from multiple cloud providers, it becomes more difficult to exercise the granular control needed to ensure data protection standards are met across the board.
The rapid pace of change that has become par for the course on a public cloud only adds to the problem. PCPs constantly shift their offerings, often in an effort to make it harder for customers to move workloads to competing providers’ platforms. Because of this, staying up-to-date on potential problems becomes harder and harder.
No cloud landscape can ever be truly secure if the team tasked with watching for threats, detecting strange events and risks and coordinating workflows can’t keep up. What might seem to be cost-saving measures might not be if they make working so confusing that it leads to errors or mistaken exposure of cloud resources.
Guard against misconfiguration, which is still at fault in most cloud data breaches.
More than one-fifth of data breaches reported in 2019 resulted from misconfigurations, and in all cases, they came from human error.
“Just don’t make mistakes” is easier said than done, however.
The majority of teams involved didn’t realize they were responsible for fixing the specific problem that was to blame. In other cases, they lacked the tools to audit the configuration.
It’s essential to invest in support and training for IT operations personnel, as well as to ensure that defense teams have adequate knowledge of the cloud. Using cloud-native tools that monitor for common misconfigurations, including storage bucket risks, can also be helpful.
Leverage encryption for cloud data at rest by default.
While encryption doesn’t protect against breaches per se, it does provide another layer of assurance that data won’t be compromised in case of breaches. This is simply an extra safeguard, but it has a key role to play in multi-vendor cloud defense. Automated tools can aid in giving granular insight into whether or not encryption is turned on for every cloud storage bucket.
Maintain identity and access management (IAM) solutions carefully to address some of the most common cloud security challenges.
Credential compromise is a significant threat in cloud-based and hybrid environments. These types of attacks are known for being difficult to detect quickly. Local-hosted IAM solutions tend not to work well across hybrid and multicloud landscapes. IAM solutions that are purpose-built for hybrid landscapes, such as those using lightweight directory access protocol (LDAP), show promise. So do hardware token-based services, such as Google’s Titan Security Key or the YubiKey.
Effective monitoring is essential for facing hybrid and cloud security challenges.
Security operations processes and workflows need to evolve at the same time as the cloud. Supporting workers while they tackle cloud security challenges and helping them level up their skills is critical.
Adopting automated solutions to help analysts collect and monitor the growing volumes of log data created by cloud platforms without becoming overwhelmed by false positives will be key. SOAR platforms, moreso those based on open-source technologies and standards, can work across multiple vendors’ tools and cloud providers’ platforms. They simplify incident triage and response. Artificial intelligence and machine learning-assisted tools can also help with filtering data to reduce alert volumes.
Think carefully about trade-offs when designing your multi-vendor cloud plan.
There are pros and cons to everything, including multicloud. The primary benefits to selecting services and platforms from an array of PCPs include potential cost savings and the chance for development teams to select the platforms best suited to optimize application performance.
On the other hand, this means you could create a workflow in which there are major skills gaps. These are most likely to appear when it’s time to move data between platforms or manage security across the entire ecosystem.
So how do you choose which approach is right for acing your cloud security challenges? Consider one that puts emphasis on frameworks and standards. Then, select services on the basis of whether or not they’ll fit into this ecosystem. This might increase the upfront cost of services, but will likely pay for itself in terms of reduced admin overhead later.
With a hybrid and multi-vendor cloud security strategy that’s both extensive and unified, you can have the best of both worlds — a secure cloud environment that is practical to build, administer and maintain.