According to recent research from IBM, 98% of companies are currently using two or more cloud environments. A multi-cloud environment is now clearly the norm at many organisations – and this trend has surely been reinforced by the pandemic. With people working remotely more often, using various clouds to run apps, retrieve documents and collaborate is more helpful than ever.
However, while having multiple clouds is the norm, it is much less common for firms to say they have a strategy for securing them. IBM found that only 41% of businesses have a coherent way of managing their different platforms – and that exposes them to some serious threats.
So, how risky is a multi-cloud environment and what can you do to secure your various private, public and hybrid clouds?
Risks of multi-cloud environments
Multi-cloud environments give businesses a huge amount of flexibility, allowing them to use the best tools for the job and putting them in a stronger bargaining position to negotiate deals with vendors. But an un-secured multi-cloud environment also comes with several significant risks:
- A larger attack surface – With more apps and services to log into, and more data travelling between locations, using a multi-cloud environment gives attackers more opportunities to breach your security. Research shows that organisations using multiple clouds are twice as likely to experience security incidents than those using a single platform.
- Misconfigurations – If you are using multiple platforms, there is also a higher chance that security settings may be misconfigured. This can lead to data leakage or provide a back door to your environment.
- Inadequate skills and Knowledge – Developing the skills and knowledge to manage one cloud-based platform requires a significant learning curve from IT teams. Add several more cloud platforms from different providers into the mix, and they can soon get overwhelmed.
- Insequre APIs – This is particularly a risk when connecting to private clouds or cloud-based apps from less established vendors. Insecure APIs could put you at real risk of leaving a back door open into your environment.
- Login Fatique – If end users must remember multiple usernames and passwords for several different cloud-based apps, security fatigue is likely to kick in. This makes it more likely people will follow risky behaviours – such as using the same password for multiple systems.
Simple steps to secure a multi-cloud environment
While a multi-cloud strategy does pose several significant risks, it is absolutely possible to manage different cloud environments securely and efficiently. Multi-cloud environments are inherently more complex to manage securely, it is still perfectly possible to protect your environment while benefiting from the flexibility and agility that multi-cloud brings.
- Take a strategic approach to security – When your end-users and even customers are using multiple cloud-based apps and services, it’s vital to take a strategic approach to security. Ideally, you would have a security strategy, planned right from the beginning of your multi-cloud journey, but even if you already have accounts with several different providers, it is possible to retrospectively take a strategic approach. Fundamentally you need a consistent plan which outlines the level of acceptable risk, defines how you will monitor security across your environments, and details a common approach to configurations. By thinking about multi-cloud security from the beginning, you minimise many of the associated risks.
- Get visibility across your multi-cloud environment – Most cloud vendors provide their own inbuilt security, but it’s hardly efficient to manage all of these environments individually. It’s therefore ideal to get a ‘single pane of glass’ view of the settings, configurations and events happening in all your environments. It is technically possible to get this visibility on your own – you’d need to call security data from each of your clouds via APIs, then draw it into a spreadsheet. That said, most companies with several cloud environments tend to invest in a multi-cloud management platform which makes this process much easier.
- Configure cloud environments consistently – As noted above, one of the major causes of data breaches in multi-cloud environments is misconfigurations. It is really helpful to use a centralised security management tool that can apply the same security settings across all your cloud-based platforms – including configurations for things like single sign-on, permissions, and data encryption.
- Reqularly monitor your clouds – Performing regular security checks across your cloud environments will help you identify any suspicious activity and remediate it soon as possible. Again, this can be done manually, but it is generally preferable to invest in an automated solution which can do this for you.
- Keep up to date – If you are using several cloud-based applications, it is vital to ensure all these environments are up to date and have the latest security patches installed. Regularly check the admin dashboard in all your cloud environments to monitor for any updates and apply them.