By Jonathan Nguyen-Duy, Vice President, Global Field CISO at Fortinet
Organizations need to implement an integrated platform approach to address the various issues that highly distributed cloud environments may introduce.
As more and more enterprises embrace multi-cloud, they need solutions that can connect and secure these complex environments. According to the Flexera 2020 State of the Cloud Report, 93% of enterprise customers reported that they are or were in the process of adopting multi-cloud strategies. However, a majority still plan to use legacy data centers. Indeed, 87% percent of the same respondents also indicated pursuit of a hybrid cloud strategy. With the need to support numerous applications located across multiple data centers, hybrid clouds, and multi-clouds, as well as an ever increasingly sophisticated threat landscape, IT teams face greater complexity and more risks than ever before. Add in expanding compliance requirements, and one can readily see why so many organizations are struggling with cloud security.
In many instances, multi-cloud deployments fall short when it comes to providing visibility across and between solutions as a result of disjointed management tools from multiple vendors. The availability of so many tools creates even more problems. This lack of cross-platform visibility creates gaps in visibility and control that can lead to numerous security issues, exposing an organization to even more risks.
Implementing consistent policy enforcement, unified orchestration and response is nearly impossible without an integrated platform that spans multiple computing environments. This is especially true as a single transaction may be routed over many networks and draw upon multiple cloud resources. This need to implement separate policies and configurations for each security instance leads to a greater likelihood for mistakes and misconfigurations — and securing distributed cloud environments is already complex enough. This is why organizations need to implement an integrated platform approach to address the various issues that highly distributed environments may introduce.
Multi-Cloud Deployments Can Bring Multi-Problems
According to the 2020 Cloud Security Report, the highest ranking threat for 2021 was misconfiguration, with 68% of companies citing this as their biggest concern. The lack of visibility and communication between various point solutions invariably leads to greater exposure to risk.
As it now stands, organizations with public cloud ecosystems participate in the shared responsibility model. The challenge is that each cloud environment has its own standards, requirements, and protocols. Security teams attempting to secure a multi-cloud environment need to not adopt these requirements when securing each cloud instance, but the solutions that they deploy must be flexible enough to support security functionality in a shared model, both within a specific cloud environment and between clouds.
The shared security model consists of two key components: security of the cloud, and security in the cloud. While organizations rely on cloud providers to protect the security “of” the cloud — the storage, network, and compute layers, they own the security “in” the cloud — that includes everything that is built, deployed, or stored in the public cloud. While this model can help relieve some of an organization’s operational burdens because the public cloud provider operates, controls, and manages the components from the host operating system and virtualization layer down to the physical security of the facilities where the service operates, it can also create a false sense of security, causing them to overlook the multiple layers of their environment that need consistent protection. What’s left is a scattered, patchwork approach to cloud security that isn’t sustainable or scalable, and it needs to evolve. Remember that shared responsibility does not mean shared accountability. IT teams will always own their organizations’ risk management responsibility and are ultimately accountable — not the vendor or the cloud service provider. Therein lies the challenge of delivering increasingly better outcomes and experiences, while managing risk across the RACI matrix that is today’s cloud shared responsibility model. This is why cross-platform visibility and control is so vital to managing multi-cloud solutions.
In addition, lean IT teams also struggle with the time and resources needed to secure each element and endpoint in these complex environments, especially with the ongoing cloud and security skills gap. In a recent Gartner survey of infrastructure and operations (I&O) leaders, 58% of respondents identified “insufficient skills and resources” as their biggest challenge when it comes to meeting cloud adoption and optimization goals.Organizations are looking for more automated and integrated solutions to ease cost and operations burdens.
Cloud Security – A Unified Platform Approach to Cover All Bases
Protecting all cloud resources spanning multiple networks, platforms, and service providers is a challenge for even the largest security teams. Adaptive cloud security platforms now make this possible by protecting workloads and applications both in on-premises data centers, as well as in any cloud environment — with built-in multilayer security for all cloud-based applications. This platform approach provides organizations with a consolidated view of their security posture, leveraging a single console for policy management regardless of which cloud infrastructure they have — across private, public, and hybrid cloud environments.
Organizations should look for a cloud security platform that is organically built from the ground up around a common operating system and management framework designed to enable seamless interoperability, full visibility, and seamless communications, as well as granular control across the entire infrastructure. An integrated, unified cybersecurity platform approach with a rich ecosystem built-in to protect the extended digital attack surface provides:
- Automation, so anomalous and malicious behaviors can be detected and prevented early in the attack cycle.
- Consolidated visibility and management, so all the various security solutions deployed across the network can see one another and work together as a single system to detect and respond to threats in a coordinated, timely fashion.
- Broad integration and easy implementation, so it works seamlessly with all cloud platforms as well as third-party solutions for easy setup and management control.
Cloud Security to Bring it All Together
The majority of the security solutions today are simply not fast enough, smart enough, broad enough, or responsive enough to predictively and proactively detect or mitigate attacks. This is especially true in multi-vendor cloud environments with disparate security tools that can’t collect and share information with the accuracy or speed needed to protect all network edges. This lack of integration and automation makes it very hard for organizations to securely leverage cloud computing for the agility, innovation, accelerated time to market, and other advantages that drove their cloud journey. A unified platform approach to cloud security solves these issues with broad, integrated and automated visibility, and control through single-pane management.
