Over the last few years, customers have been moving to cloud platforms and today they are also moving to multiple cloud platforms. With the big players like AWS, Azure, and Google, enterprises are at ease with putting workloads in public and private clouds instead of using a single vendor.
However, workloads that are placed in multi-cloud platforms open doors to security challenges and complications.
Security challenges in multi-cloud environments
Migration to the cloud has always been motivated by the need for greater cost-efficiency, resiliency, and easier scalability. Multiple clouds offer the additional advantage of resiliency across service providers and avoidance of vendor lock-in.
As IT departments forge ahead with multi-cloud adoption, there are several security concerns that need to be considered.
Burgeoning attack surface
As workloads are distributed across multiple cloud environments, it also becomes more important to know what data is sent there, as the whole attack surface expands. From a security point of view, enterprises need to take this into consideration.
Additionally, with distributed workloads, threats are more readily propagated to places outside the organisation’s control.
To contain these threats, organisations need full visibility to be able to identify from which platform the threats originate, as applications could be sharing data and lead attacks into your private network.
While segmenting is a typical best practice for containing threats, users and applications across on-premises, IaaS, and SaaS environments also need to be segmented, which is an even greater challenge.
Another challenge associated with having a cloud provider is accountability. When something goes wrong and your network is compromised, the Chief Information Security Officer (CISO) remains accountable for applications and workloads protected by disparate cloud security implementations.
In many cases the cloud provider will promise to protect the infrastructure and the applications if they are hosting it, but when it comes to your data, you’re relying on third parties.
According to Doros Hadjizenonos ,Fortinet Regional Sales Director for Southern Africa, organisations need to take control of their security.
Furthermore, because CISOs must be accountable for the entire portfolio of corporate applications and data assets, they must be able to assess the security of the portfolio in its entirety.
Although they may have visibility into each cloud through cloud-specific portals, they cannot see threats across all the clouds – which typically do not communicate with one another – nor can they immediately assess the impact of threats in one cloud on their entire organisation.
With multiple point solutions not communicating or assessing threat intelligence, manageability becomes a bit more difficult, adding multiple management infrastructure and skills that need to be maintained.
Secure the entire network with a fabric approach
Meeting the challenges of a multi-cloud environment requires a more holistic approach that puts control back into the hands of the corporate security team.
According to Hadjizenonos, it requires a comprehensive suite of threat prevention, detection, and mitigation tools that integrates with all the major cloud services and can be managed within the enterprise from a single pane of glass.
Fortinet’s integrated and adaptive solution supports many of the big cloud providers – both on the private and public side – and offers end-to-end visibility and coordinated threat response, helping organisations make the most of their multi-cloud environments.
The Fortinet Security Fabric allows all components to share intelligence with each other, and then feed it all into a single point of management, so you can easily make decisions on how to act when something does go wrong from a security point of view.
Rather than following the hub-and-spoke structure of the multi-cloud network, the Fortinet Security Fabric creates a meshed security network in which all the security functions can communicate amongst themselves and with a central management console.
Security staff can manage and prioritise patching, quickly identify and stop intrusions no matter where they happen, and mitigate their impact on the rest of the network. It also enables comprehensive incident analysis to help CISOs make informed decisions and provides a clear picture of their entire organisation’s security posture.
For more information, visit the Fortinet Website.
Doros Hadjizenonos Fortinet Regional Sales Director for Southern Africa
This article was published in partnership with Fortinet.