As your cloud operations expand to encompass multiple private and public clouds, security challenges can increase exponentially. When the Flexera 2020 State of the Cloud survey asked about top cloud challenges, security ranked number one (chosen by 83% of responders). Compliance also ranked high (76%).
This strategy explores why the challenges around security and compliance are growing, and it suggests an approach for simplifying security management for hybrid cloud.
As with infrastructure management in general, the default for hybrid cloud security is a siloed approach that increases complexity and risk.
Each cloud has its own security model and tools. To ensure security, you therefore need people on your team skilled in the security tools for each cloud. This gets complicated quickly:
With different tools in each cloud, there’s no standard approach to security monitoring or remediation.
With no global view of security across your hybrid cloud environment, applying the same security policies everywhere is a manual process.
Changing security policies globally becomes complicated and error-prone.
The lines between security and compliance can sometimes seem blurry, so it’s useful to think of security as internally driven, based on your organization’s own assessment of its digital protection needs. Compliance, on the other hand, is usually driven externally by government regulations or contractual obligations.
No matter what industry you are in, it’s likely that your business is subject to regulatory compliance. For example, all companies that operate in Europe have to comply with the European GDPR regulations, which took effect in 2018.
If you’re in a highly regulated industry such as finance or healthcare, compliance is probably something you factor into all IT decisions. You may need to ensure compliance with well-known regulations such as HIPAA in healthcare or PCI-DSS and GLBA in financial services.
Proving that your business complies with applicable regulations has become a complicated task and requires significant attention. And it becomes more challenging with every new cloud environment you support.
As your hybrid cloud environment becomes more complex and security needs more stringent, continued reliance on manual security configuration only adds to the risks. As already noted, one of the biggest causes of data breaches is human error.
Every vendor and cloud has unique security controls—with no established guidelines for secure integration among them. This makes it difficult or impossible to apply security policy in a consistent way everywhere and contributes to configuration errors.
A final consideration where security and compliance are concerned is that threats continue to mount. With a large percentage of employees now working from home—and accessing resources across your hybrid cloud—the number of possible attack vectors has increased dramatically. How do you protect at-home systems from phishing attacks or ensure endpoint security, version control, or anti-malware protections? Research firm Cybersecurity Ventures estimates that the global costs of ransomware alone will reach $20 billion by 2021.
And yet according to the CyberArk 2020 Remote Work survey, “40% of organizations have not increased their security protocols despite the significant change in the way employees connect to corporate systems and the addition of new productivity applications.”
Security silos are just as bad for hybrid cloud operations as management silos are—and potentially even riskier for your company. Your goal should be to find solutions that abstract the differences between various cloud security models to provide global visibility of your company’s security posture, as shown in Figure 4-1.
The capabilities of multicloud security management tools vary widely, and each has its own strengths and limitations, so it’s important to understand your requirements before picking a solution.
When choosing security and/or compliance tools, it’s important to assess your environment and think about what your goals and priorities are. Your goals may include some or all of the following:
Some of the solutions available for multicloud security and compliance overlap with those described earlier for multicloud infrastructure management. Although it may make sense in terms of your team’s learning curve and the total cost to choose a single tool that satisfies multiple needs, be careful not to sacrifice key capabilities in the process:
With new malware attacks and data breaches occurring with ever greater frequency, security and compliance remain among the top hybrid cloud concerns. However, only about one-third of enterprises have adopted hybrid or multicloud security management tools. Deploying one (or more) of the available security tools is the best way to gain a global view of security and compliance and improve your company’s overall security posture.
A variety of solutions are available for hybrid and multicloud security management.
Multicloud vendor platforms, as described in Strategy 1 provide the same security model everywhere.
Evaluate your organization’s requirements and skills to ensure that you choose a solution that is appropriate for your needs.
Advanced capabilities such as automated compliance audits and automated or one-click remediation can enhance security and compliance.
Extensibility to accommodate unique organizational requirements may be important for growing hybrid and multicloud deployments.
18.223.124.244