How to overcome the challenges of multi-cloud deployment

By Saviynt’s Paul Mezzera, VP of Strategy.

  • 2 years ago Posted in

The modern workplace is empowered by cloud technology, with organisations often running their operations across multiple cloud networks. According to a recent Gartner report, more than 75% of organisations currently use multiple public cloud services. Whether it’s automating HR systems ov implementing tools that keep employees connected in a hybrid environment, cloud-based software makes running a business easier and more efficient. Multi-cloud strategies also help enterprises to optimise performance, avoid vendor lock-in, and create robust failover systems.

Yet as multi-cloud strategies become the norm, new identity and security challenges have emerged. To begin with, multi-cloud environments have an increased attack surface and consequently boost the risk of cyberattacks. According to 451 Research and Thales, cloud data breaches are on the rise as the increase in cloud adoption and more complex cloud environments make it harder to manage security.

Dangers often arise when companies lack a clear identity and security strategy. Without a centralised view, monitoring access and activity across each cloud environment can become extremely complicated. Managing disparate cloud environments tends to fall under the remit of IT security teams, but being able to consistently enforce security controls across multi-cloud environments is a daunting task that can often be tedious, costly and difficult to implement. Risky behaviours and other risk signals can easily slip through the cracks if these environments are misconfigured, opening the door for a whole host of damaging security events, from data breaches to third-party cyber-attacks. 

So how can IT security teams and security leaders make sense of these complex, multi-cloud environments, and ensure they’re keeping important information in and risks out? It starts with identity.

Increasing access visibility

One of the major challenges of multi-cloud environments is having visibility into and control over who has access to what, especially when standing privilege comes into play. Otherwise known as ‘broad user access privilege’ – in which users have access to resources all the time, whether they need to or not. Standing privilege combined with excessive permissions can cause major security gaps as mapping them on a granular level in the cloud is particularly difficult. For example, if a bad actor gets a hold of credentials from an over privileged user, then they too will have unfettered access to the entire organisation, including mission-critical information.

By prioritising their security initiatives on identity access and management (IAM), organisations can eliminate these risks and gain a clear picture of who’s accessing which resource, no matter the cloud environment. By implementing an identity strategy that focuses on privileged access management, with the likes of Zero Trust and just-in-time (JIT) access as core principles, organisations can take control over which resources identities can access, and limit how long they have access for, no matter which cloud they’re in. This doesn’t have to be a complicated process – with solutions that employ analytics and machine learning, can automate the evaluating approval of access requests.

In addition, by centralising multi-cloud access in this way, rather than managing each cloud in its own environment, organisations can ensure identity and access controls are comprehensive and coherent across the company as a whole – reducing risks even further and simplifying workflows in the process.

Understanding cloud identities

Multi-cloud environments are extremely complex, with each cloud bringing its own nuanced identity model. From unique roles and policies to their overall security models, ‘identity’ will look different to each cloud. This makes it difficult to see holistically across multiple cloud environments.

Understanding each cloud identity model at a granular level and being able to detect whether given privileges are excessive or following principles of least privilege is critical.

Enterprises should begin by understanding the identities, personas, and workloads that interact with each cloud — and apply individual security management nuances to those identities. In this way, organisations can modernise their security processes and ensure that every identity interacting within each cloud is legitimate. 

Multi-cloud governance

Identity governance covers all facets of an organisation’s identity security processes and policies, from employee permissions to access to contingency plans. But applying governance policies to multiple, separate clouds within one organisation can become overly complex and difficult to navigate manually.

By centralising governance across the entire cloud environment and implementing a clear set of rules and policies that users must follow, organisations can keep track of every identity within an organisation and ensure they’re following the correct processes no matter what cloud they need to use. 

But cloud governance is not a single step - it is a journey. To successfully implement a multi-cloud governance strategy, organisations need to be continuously reviewing their tools, solutions and policies to strengthen their defences against increasingly innovative approaches from cybercriminals and in order to mitigate the fallout from any successful attacks.

The future of multi-cloud

As more and more organisations adopt multi-cloud environments, managing access for these complex networks should be the prime focus for security leaders. Indeed, the security and identity industry should anticipate an increased shift in policies and multi-cloud management practices, as well as an increase in innovative ways to bring the different silos of multi-cloud management together. 

And as uncontrollable external factors continue to dictate the rate of development within cybersecurity, there has never been a better time for enterprises to push for multi-cloud enablement and strive for a single-pane-of-glass view into the identities and access of their disparate cloud environments.

By Dave Errington, Cloud Specialist, CSI Ltd.
By Rupert Colbourne, Chief Technology Officer, Orbus Software.
By Jake Madders, Co-founder and Director of Hyve Managed Hosting.
By David Gammie, CTO, iomart.
By Brian Sibley, Solutions Architect, Espria.
By Lori MacVittie, F5 Distinguished Engineer.