3 critical multi-cloud security strategy requirements
By Lior Cohen
Few organizations approach cloud infrastructure expansion strategically. Instead, cloud adoption and expansion tend to be ad hoc in nature. As organizations become increasingly reliant on cloud-based services and infrastructures, and as their cloud footprints expand, they often end up with a heterogeneous set of technologies with isolated security controls deployed in each of their cloud environments.
Of course, the ability to react quickly is one of the strengths of the cloud. Business and market requirements can change overnight, and the flexibility of the cloud allows organizations to respond quickly. Today, more than 90% of enterprises have embraced a multi-cloud strategy, according to a Flexera report. These companies are expanding their infrastructures across multiple public cloud providers and are leveraging various SaaS applications.
However, enterprises are less able to manage and secure critical resources and data as they move across a multi-cloud environment. Such fragmented visibility, and the resulting lack of centralized control, introduces security gaps that can be exploited, allows sophisticated threats to infiltrate the infrastructure undetected, and prevents a unified response once an attack is underway.
What’s needed is a way to increase visibility into all traffic patterns and effectively apply consistent controls across a multi-cloud ecosystem to reduce cybersecurity risks. And this needs to be done across multiple cloud environments, each with its own particular functions and processes. Here are three key requirements for networking and security that enterprises need to consider before deploying applications across a multi-cloud architecture.
1. A common networking and security policy
One of the key challenges for multi-cloud deployments is that public cloud providers all have different proprietary architectures built on frameworks, application programming interfaces (APIs), and tool sets specific to their environment. An effective multi-cloud solution must provide a common networking and security framework that can seamlessly span the clouds. And it needs to do this while still leveraging the native features and functions of each cloud.
That requires abstracting cloud-native functionality with APIs; centralizing management, configuration, and policy orchestration; and then dynamically managing cross-cloud connections using automation.
2. Application-aware networking to ensure better user experience
One important challenge with current technologies that attempt to connect multiple clouds into a unified network is that their underlying transport system lacks awareness of different types of applications. It is essential for the network to be application-aware if it wants to maximize the use of available resources, manage and monitor network conditions and capacity, control non-critical traffic, and deliver consistent performance for critical applications to maintain a quality end-user experience. A programmable and application-aware overlay network is ideally suited to these tasks.
3. Network and security architecture integration for effectiveness and efficiency
Multi-cloud deployments won’t reach their full performance potential if networking and security functions are separated. While network devices are concerned with performance and the transportation of packets, security provides higher-order analysis to ensure that applications, content, and workflows are secure. When networking and security tools cannot communicate as a single, unified system, gaps in coverage can be introduced that can make the environment vulnerable to attacks. This becomes even more challenging when there are point products from different vendors. When one cloud environment employs technologies that cannot communicate with tools deployed elsewhere, all pretense of visibility and control is lost. Central oversight, coordinated enforcement, and integrated communications between networking and security layers are essential—especially when using solutions from multiple vendors. This requires selecting solutions that are designed to work together, that can be deployed natively in multiple cloud environments, and that use APIs and common standards to communicate seamlessly with third-party solutions.
This approach will close gaps and significantly reduce the potential for attacks because it can support intelligent deep packet inspection, intelligently segment network traffic flowing between applications and workloads, and establish and enforce common configurations and policies across the multi-cloud environment. A solid security approach also allows it to leverage cloud-native constructs (such as security groups), as well as to ensure that advanced security—such as firewalls, intrusion prevention systems (IPS), and end-to-end high-performance encryption and inspection—can protect network traffic and data in even the most dynamic environments.
In addition to the three fundamental principles outlined above, there are other critical considerations when trying to establish and manage an integrated and federated multi-cloud strategy.
The first is to understand that there are fundamental differences in architecture between on-premises, hybrid cloud, and multi-cloud deployment models. Cloud infrastructures are largely API-driven, and they are designed for horizontal scaling (or scale-out) and rapid change. To take advantage of the power and flexibility of these environments, security needs to be deeply integrated with the underlying cloud platforms. This introduces two challenges. The first is that few security tools can be deployed as a cloud-native solution in every public cloud environment. And second, once a security tool is integrated into a cloud platform, it cannot easily share critical information with security solutions deployed in other cloud environments. Addressing these challenges requires selecting tools designed for a multi-cloud environment. These tools should be able to communicate seamlessly and effectively with one another to maintain proper visibility, without compromising on integration to ensure deep, granular control. What’s more, to establish and maintain a unified security framework or fabric, they need to do this with security deployed in other environments.
Finally, enterprises adopting a multi-cloud approach can benefit from a software-defined wide-area overlay networking (SD-WAN) solution that is purpose-built for multi-cloud deployments. Such SD-WAN solutions provide a programmable, consistent, and cost-effective framework for communicating between cloud environments, as well as between the cloud and other environments, such as physical data centers and branch offices. A secure SD-WAN solution also provides a full stack of integrated security to ensure that all traffic is fully protected as it moves between cloud environments and across the distributed network.
Own your multi-cloud protection
Multi-cloud environments are here to stay. What needs to change is how organizations choose to implement them. Without proper solutions and strategies in place, a multi-cloud environment can introduce risks that many organizations are unprepared for. But by following some basic guiding principles, beginning with integrating security and networking, multi-cloud networks can provide the powerful foundation that organizations require without putting their business, or the data of their customers, at risk.