The benefits of multi-cloud for business are clear: optimized workloads, cloud service provider flexibility, cost efficiency, and no cloud provider lock-in.
“But multi-clouds also expand the threat surface and increase the number of security holes -- some of which you may not even know exists. To survive (and keep their jobs) CISOs need to rethink how they approach multi-clouds,” said Stephen Dane, managing director, Security, Asia Pacific, Japan & Asia, Cisco.
Like any new technology paradigm, multi-clouds come with their myths and misconceptions. CISOs need first to dispel them. Below are the three common ones:
- Myth 1: Multi-clouds are tomorrow’s problems. The IDC white paper, entitled Adopting Multicloud — A Fact-Based Blueprint for Reducing Enterprise Business Risks, sponsored by Cisco showed that over 90% of surveyed organizations already use services from multiple cloud vendors. With many cloud service providers making it easier for any decision maker to switch, subscribe and share data through APIs, CISOs need to address multi-cloud security quickly or risk losing control.
- Myth 2: Cloud security is enough for multi-cloud. With multiple cloud service providers, CISOs need to work with different architectures and diverse arrays of security providers to enforce policies. Gartner says 60% of large enterprises are starting to use cloud access security brokers (CASB).
- Myth 3: Multi-cloud is about IT. The Cisco 2018 Asia Pacific Security Capabilities Benchmark Study showed that 30% of organizations surveyed have already seen cyber attacks along those lines, while 50% said they expect this to be the case moving forward. CISOs need to get operational technology (OT) and IT to collaborate to create comprehensive policies that work -- especially when 41% of Asia Pacific respondents said compromising OT can impact their business.
CISOs’ next steps
For CISOs and their security teams, it requires a shift in mindset and approach. Below are five significant steps to take toward multi-cloud security:
Step 1: Redraw your perimeter
The new security perimeter needs to include remote employees, cloud applications, mobile devices, hybrid cloud environments, personal devices and vendors and contractor environments.
“The goals of the new perimeter is to provide secure access from any trusted user on any trusted device to any appropriate application on any network,” said Cisco’s Dane.
Step 2: Plan using user behavior
Forcing users to follow your security procedure will not work in multi-clouds. So instead, look into deploying solutions that protect based on user and network behavior.
For example, Duo Security's people-centric, zero trust security model, allows CISOs to easily establish per-user and per-application policies to restrict remote user access, so employees access what they need to do their job.
Cisco’s Stealthwatch Cloud models traffic and behavior to understand what normal activity looks like and uses this model to detect abnormal and malicious activity in real-time.
Step 3: Build for cloud visibility
In most cases, the security architecture is already there. It is just not multi-cloud ready, including the much-needed visibility. It might be a good time to upgrade.
For example, Cisco Next-Generation Firewalls protect both physical and virtual data center workloads. Cisco Email Service integrates with cloud-based advanced malware protection (AMP) consoles to offer CISOs a unified dashboard for all malware activity, while Cisco Umbrella protects users off the network and off the VPN -- vital for companies with armies of remote users or traveling executives.
Cisco Cloudlock, a CASB service, can discover more than 300,000 OAuth connected third-party apps while offering visibility into on-network ‘Shadow IT.'
Step 4: Get intelligent with intelligence
Orchestrating multi-cloud security can be a massive challenge for CISOs. Machine learning can help.
For example, Cisco Tetration simplifies zero-trust operations using behavior-based application insights and machine learning. It allows companies to build dynamic segmentation policy models and automate its enforcement across all cloud platforms. Meanwhile, Cisco Talos offers additional information on lessons learned, best practices and ongoing attacks occurring around the world, giving CISOs the threat intelligence they need to plan and proactively protect their companies.
Step 5: Get a SOC
Security Operations Centers (SOCs) should be in everyone security plan. Having a dedicated team that monitors and examines for threats separately from a network operations team is vital as hackers get more sophisticated. But until recently building SOCs required deep pockets.
Not anymore. Vendors and cloud platform providers now offer this as a service offering. Subscribing to one gives you immediate access to expertise, tools, and techniques that allow you to recover fast. Or, you can subscribe to a SOC as a service.
Multi-clouds require CISOs to rethink about their security approach and strategy.
While it offers numerous advantages, it also forces the company to relook at their current approach and address vulnerabilities that may have little control. New IT paradigms like the Internet of Thing (IoT) devices and malicious AI are going to make multi-cloud security vital.
More importantly, every second wasted on pondering about multi-cloud security is a second that a hacker can use to exploit your new multi-cloud loopholes.