How to build a secure multi-cloud environment

How many cloud platforms is your organisation using today? Research from IBM shows that 98% of companies are currently using two or more cloud environments.

A multi-cloud environment is now the norm at almost all organisations – and this trend has surely been given a boost by the Covid-19 pandemic. With people working remotely the use of decentralised computing saw unprecedented growth; data from Synergy Research Group showed that spend on cloud services across providers such as Microsoft Azure, AWS and Google Cloud Platform jumped 37% in Q1 2020.

Liquid Technology are forecasting a public cloud growth rate of 17-20% over the coming years which will drive everything from banks looking to accelerate the rollout of new applications to startups disrupting entire industries with innovative, cloud-powered models. Cloud services are transforming Nairobi’s productive capacity and emerging as one of the most essential pillars of digital transformation for the city and beyond.

A multi-cloud strategy offers several benefits to enterprises, among them:

Benefits of a multi cloud strategy?

• Avoiding vendor lock-in: Allows your organization to have the flexibly and  freedom to use multiple technological and service offerings from different cloud providers.
• Cost savings: Multi-cloud offers the flexibility to choose services from various cloud providers. The ability to select the cloud provider offering the best price for the specific functionalities your business needs can lead to major cost savings.
• Decreased risk of downtime: While most cloud providers maintain a 99% or higher availability SLA, there is still a chance of downtime. Having multiple cloud providers further increases your services availability and reduces probability of the cloud providers going offline at the same time.
• Meeting compliance regulations: As your company’s cloud footprint grows and business lines expand geographically, compliance regulations may require you to store your data on specific locations. Having multiple cloud providers will allow you to choose the best location for your data assets.

Despite these benefits and while having multiple clouds is the new norm, it is however much less common for organizations to say they have a strategy for securing them. The same study by IBM found that only 41% of businesses have a coherent way of managing their different platforms – and that exposes them to some serious threats.

So, how risky is a multi-cloud environment and what can you do to secure your various private, public and hybrid clouds?

What are the risks of multi cloud environments?

Multi-cloud environments give businesses a huge amount of flexibility, allowing them to use the best tools for the job and putting them in a stronger bargaining position to negotiate deals with vendors. But an un-secured multi-cloud environment also comes with several significant risks:

• A larger attack surface

With more apps and services to log into, and more data travelling between locations, using a multi-cloud environment gives attackers more opportunities to breach your security. Research shows that organisations using multiple clouds are twice as likely to experience security incidents than those using a single platform.

• Misconfigurations

If you are using multiple platforms, there is also a higher chance that security settings may be misconfigured. This can lead to data leakage or provide a back door to your environment.

• Inadequate skills and knowledge

Developing the skills and knowledge to manage one cloud-based platform requires a significant learning curve from IT teams. Add several more cloud platforms from different providers into the mix, and they can soon get overwhelmed.

• Insecure APIs

This is particularly a risk when connecting to private clouds or cloud-based apps from less established vendors. Insecure APIs could put you at real risk of leaving a back door open into your environment.

• Login fatigue

If end users must remember multiple usernames and passwords for several different cloud based apps, security fatigue is likely to kick in. This makes it more likely people will follow risky behaviours – such as using the same password for multiple systems.

5 steps to secure a multi cloud environment

Although multi cloud environments are inherently more complex to manage securely, it is still perfectly possible to protect your environment while benefiting from the flexibility and agility that multi cloud brings. The following actions can help you to secure your multi cloud environment:

1. Take a strategic approach to security

When your end users and even customers are using multiple cloud-based apps and services, it’s vital to take a strategic approach to security. Ideally you would have a security strategy planned right from the beginning of your multi cloud journey, but even if you already have accounts with several different providers, it is possible to retrospectively take a strategic approach.

Fundamentally you need a consistent plan which outlines the level of acceptable risk, defines how you will monitor security across your environments, and details a common approach to configurations. By thinking about multi cloud security from the beginning, you minimise many of the associated risks.

• Get visibility across your multi cloud environment

Most cloud vendors provide their own inbuilt security, but it’s hardly efficient to manage all of these environments individually. It’s therefore ideal to get a ‘single pane of glass’ view of the settings, configurations and events happening in all your environments.

It is technically possible to get this visibility on your own – you’d need to call security data from each of your clouds via APIs, then draw it into a spreadsheet. That said, most companies with several cloud environments tend to invest in a multi cloud management platform which makes this process much easier.

• Configure cloud environments consistently

As noted above, one of the major causes of data breaches in multi cloud environments is misconfigurations. It is really helpful to use a centralised security management tool which can apply the same security settings across all your cloud-based platforms – including configurations for things like single sign-on, permissions and data encryption.

• Regularly monitor your clouds

Performing regular security checks across your cloud environments will help you identify any suspicious activity and remediate it soon as possible. Again, this can be done manually, but it is generally preferable to invest in an automated solution which can do this for you.

• Continuously optimise your cloud infrastructure

If you are using several cloud providers, it is vital to ensure all these environments are optimised to minimise unnecessary infrastructure. Leveraging multi-cloud tools as well as vendor and partner support to keep on top of your cloud platform will mean you don’t have to waste effort and investment on managing and protecting infrastructure that isn’t adding value to your business.

Be confident with multi cloud

While a multi-cloud strategy does pose several significant risks, it is possible to manage different cloud environments securely and efficiently. So where do you begin?

Join our next T-EB Talk on 24th March 2022 from 4-7 pm at the Social House as we explore “multi-cloud strategies” and what this means for DevOps, Cost Management, Security and Compliance. Whether your business has invested in public or private clouds,  hybrid on-prem and cloud, or multiple public clouds; a strategic multi-cloud approach brings unique opportunities for growth and resilience to your business.  

Our panel of speakers and invited guests will explain how to plan and implement a winning multi-cloud strategy. We will also share the stage with more exciting client success stories. Finally, new to 2022, we will be unveiling a Cloud offer available ONLY to T-EB attendees.

RSVP TODAY TO CONFIRM YOUR PLACE