Security in a Multicloud Environment
Vigilance and Responsibility Required for Multicloud Secure Application Delivery
As companies leverage a multicloud strategy to improve IT operations and provide better services to their customers, they can’t afford to overlook the implications for security. This is especially true with the emergence of a new paradigm to run multiple disparate compute environments for application delivery. In fact, while issues like creeping complexity, non-existent cross-platform visibility, and multiple vendor standards all compete for IT focus in a multicloud environment, enterprise leaders cite security as the top challenge of all.
This trend was illustrated in a recent global survey of IT and business executives conducted by A10 Networks in partnership with the Business Performance Innovation (BPI) Network. In the survey, respondents reported that ensuring strong security across clouds, networks, applications and data will be critical for realizing the advantages of multicloud IT. This is clearly a work in progress; to date, only 11 percent believe they have been highly successful in seeing the full value of their multicloud strategy, while a majority (51 percent) rate themselves as only somewhat successful or unsuccessful so far.
A quick web search will uncover many cases of vulnerabilities and real-life incidents. In one blog post by VMware, it is noted that it’s the job of IT and security teams, not just cloud providers, to take care of many aspects of security. To stop sophisticated bots, frequent data exfiltration of personally identifiable information (PII), application attacks, and other threats, it’s essential to implement a security strategy across private cloud or public cloud that is as stringent as the one used for your on-premises solutions, if not more so.
Deterministic or Accidental Multicloud Complexity – It All Needs to be Secured
It’s easy to understand why the proliferation of multicloud environments has tended to outpace the evolution of multicloud security. While the move to multicloud is often part of a clearly defined and intentional strategy, this isn’t always the case. For many organizations, the shift happens on a more ad hoc basis. For example, it may happen when a company with a single-vendor cloud strategy acquires or merges with another organization using a different cloud platform. Business units and development teams may source their own cloud resources, with or without IT’s blessing as shadow IT. New requirements for specific services, data sovereignty (such as GDPR), or integration lead IT to add new vendors to the environment. As a result, most companies end up in a more complex multicloud setup than they had envisaged.
Intentional or not, the evolution to multicloud environments typically focuses on the business and IT factors driving it. As with many technologies in IT operations, organizations first provision the services they need to address various requirements, and only then turn their attention to how best to control, govern, and manage the resulting environment. This often proves more difficult than anticipated, as shown in the results of the survey. Nearly two-thirds of respondents (63 percent) said that ensuring security across all clouds, networks, applications and data was the top challenge of multicloud IT, which is good news, as it is top-of-mind, even if the solutions are not ubiquitous today. Management skills and expertise (37 percent) and centralized visibility and management (33 percent) were also cited—both key concerns for effective multicloud security.
Essential Security Capabilities and Practices
As IT, security teams, and business leaders have worked to close the security gap in their multicloud environment, a clear sense of the most relevant technologies to leverage is needed. In the BPI report a majority named centralized visibility and analytics into security and performance (56 percent), automated tools to speed response times and reduce costs (54 percent), and centralized management from a single point of control (50 percent) as the top capabilities for improving multicloud security, reliability, and performance. With the volume of digital business data and transactions constantly rising, 38 percent of respondents also pointed to the need for more scalable, higher-performing security solutions. This will only be exacerbated over time, especially with the rise of IoT and the emerging 5G connectivity.
Looking at the most important considerations in protecting the security and reliability of multicloud environments, 62 percent of survey respondents agreed on the importance of centralized authentication or pre-authentication to help maintain effective control over the users, admins, and systems allowed to access various resources across multiple clouds. One respondent, Raja Mohan, senior strategic architect for cloud and platform services at Franklin Templeton, explained the reasoning behind this emphasis: “How do we deliver highly secure applications in a way in which it doesn’t matter where they reside? How do we provide seamless, secure services? That’s the goal.”
An answer to this question is seen in the high ranking of centralized security policies as a critical practice for multi-cloud IT (46 percent). Among defensive technologies, many respondents called out specific high-value defenses such as robust web application firewalls (WAFs) (40 percent) and DDoS protection (33 percent).
IT Operations Need to Partner with the Security Teams for Cross-Cloud Security
Organizations have been doing their best with the security tools available to them, but they’re far from satisfied with the results. “At this juncture, we’re taking advantage of security solutions from our public cloud providers augmented with our existing toolset, but we are continuing to evolve in that space,” said Mohan.
Indeed, IT organizations are continually reassessing their solutions and vendors and identifying areas where change is needed. Only nine percent of survey respondent are extremely satisfied with their current security solutions for multicloud environments—while 38 percent see a need for significant improvements. Only 18 percent believe they do not need to re-evaluate their suppliers. Figures like these are a wake-up call for everyone in the multicloud security space.
This evidence shows the need to adopt a Polynimbus secure application services approach to give the power back to IT and security teams so they can provide a secure and consistent secure application services environment across their clouds. Powered by application delivery controller (ADC) solutions, Polynimbus mindsets and practices will be the most effective way to ensure that multicloud compliance, security policies, functionality, and expectations are met, while easing the burden of over worked and stressed IT and security teams. Ultimately, this approach will make vigilance easier to enact and responsibility easier to fulfill.
Additional Resources
Learn more about A10’s multicloud secure application delivery solutions: