Ensuring security across a multi-cloud environment

1 November 2019 IT infrastructure

While the public cloud solves many traditional IT resourcing challenges, it does introduce new challenges. The rapid growth of cloud usage has resulted in a fractured distribution of data, with workloads spread across disparate instances and, for some organisations, platforms. As a result, keeping track of the data, workloads, and architecture changes in those environments to keep everything secure is often a logistical nightmare.

While public cloud providers are responsible for the security of the cloud (the physical data centres, and the separation of customer environments and data), once businesses put data and workloads in the public cloud they become personally responsible for securing them.

“The secret to effective public cloud security is improving your overall security posture. You need to ensure your architecture is secure and configured correctly, and that you have visibility into both your architecture and who is accessing it. In addition, irrespective of where your infrastructure and data is held, you need to demonstrate compliance with relevant regulations, including CIS, HIPPA, GDPR, and PCI or you will risk regulatory non-compliance,” says Andre Kannemeyer, CTO at Duxbury Networking.

The challenge in the cloud is that environments change constantly. Kannemeyer points out that whereas compliance checks every week or month may have worked for on-premise networks, they are not adequate for the public cloud. The need for continuous compliance analysis can be a huge resource drain for teams that are managing cloud environments manually or with native tools. In addition, once a compliance issue is identified, the fractured nature of security, development, operations and compliance teams within most organisations means it is often challenging to address the situation in a timely manner.

“There are many elements to public cloud security and it can be difficult to know where to start. If you’re using the public cloud – or thinking about migrating – we recommend seven steps to help maximise your security,” he says.

Step 1: Learn your responsibilities

Security is handled a little differently in the cloud. Public cloud providers such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform run a shared responsibility model – meaning they ensure the security of the cloud, while you are responsible for anything you place there.

Step 2: Plan for multi-cloud

Multi-cloud is no longer a nice-to-have strategy. Rather, it has become a must-have strategy. There are many reasons why you may want to use multiple clouds, such as availability, improved agility, or functionality. When planning your security strategy, start with the assumption that you will run multi-cloud – if not now, at some point in the future. In this way you can future-proof your approach.

Step 3: See everything

If you cannot see it, you cannot secure it. That is why one of the biggest requirements to getting your security posture right is getting accurate visibility of all your cloud-based infrastructure, configuration settings, API calls and user access.

Step 4: Integrate compliance into daily processes

The dynamic nature of the public cloud means that continuous monitoring is the only way to ensure compliance with many regulations. The best way to achieve this is to integrate compliance into daily activities, with real-time snapshots of your network topology and real-time alerts to any changes.

Cyber criminals increasingly take advantage of automation in their attacks. Stay ahead of the hackers by automating your defences, including remediation of vulnerabilities and anomaly reporting.

Step 6: Secure all your environments

You need a solution that can secure all your environments (production, development, and QA) both reactively and proactively.

Step 7: Apply your on-premise security learnings

On-premise security is the result of decades of experience and research. Use firewalls and server protection to secure your cloud assets against infection and data loss, and keep your endpoint and email security up to date on your devices to prevent unauthorised access to cloud accounts.

Combine the power of AI and automation

“Moving from traditional to cloud-based workloads offers huge opportunities for organisations of all sizes. Yet securing the public cloud is imperative if you are to protect your infrastructure and organisation from cyberattacks,” says Kannemeyer.

Sophos Cloud Optix agentless, SaaS-based service combines deep security expertise with the power of artificial intelligence. It delivers cloud security monitoring, analytics, and compliance automation with one simple-to-use interface in a process-efficient way.

It allows automatic discovery of an organisation’s assets across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform environments, giving companies the power to respond to and remediate security risks in minutes.

As workloads move to the cloud, Cloud Optix reduces the cost and complexity of governance, risk, and compliance. Out-of-the-box templates, custom policies, and collaboration tools help businesses to continuously monitor compliance with custom or out-of-the box templates for standards such as CIS, GDPR, SOC2, HIPAA, ISO 27001, and PCI DSS.

Cloud Optix continuously monitors and learns about one’s cloud asset inventory, configurations, and network traffic. AI-powered smart alerts reduce response times and help remediate security risks faster with automated alert ranking combined with contextual information.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Converged infrastructure: Beyond the hype
IT infrastructure Products
Technical teams no longer have to sit and try to work through a magnum opus of manuals for every layer of computing, networking, and storage, largely thanks to the growing popularity and increasing success of converged infrastructure.

Blurring the lines between data management and cybersecurity
Cyber Security IT infrastructure
In the past, data management and cybersecurity would fall under separate domains, but with more organisations making the shift to the cloud, data management and data protection have merged, essentially blurring the lines between the two.

Top skills young people need to get ahead in the tech industry in 2023
IT infrastructure
The rise of remote working, e-commerce, artificial intelligence and cloud computing means that software developers are, and will continue to be, at the coalface of the fourth industrial revolution.

Storage trends for 2023
IT infrastructure
As a leader in the enterprise storage market, Infinidat sees five storage trends unfolding in 2023. Looking ahead, 2023 is shaping up to be an exciting year in the storage market.

Remote cloud management support for access points
TRENDnet IT infrastructure Products
TRENDnet Hive is an advanced network cloud management solution, designed to save users time and cost by simplifying and centralizing the management and monitoring of a network(s) and networked devices.

How to avoid a wipeout
Arcserve Southern Africa IT infrastructure Security Services & Risk Management
Wiper malware aims to delete your data permanently and cause as much destruction as possible. Byron Horn-Botha, Business Unit Head at Arcserve Southern Africa offers readers three steps to protect the organisation from these malicious applications.

Hardening physical security against cyberattacks
Genetec Editor's Choice Cyber Security IT infrastructure
As the world becomes increasingly interconnected through the move to cloud computing and Internet of Things (IoT) devices, cybercrime has risen steadily, along with tools to combat it. Geopolitical tensions have the potential to rapidly unleash devastating cyberattacks worldwide.

Fast, reliable and secure cloud services
Technews Publishing Editor's Choice Cyber Security IT infrastructure
Security and speed are critical components of today’s cloud-based services infrastructure. Cloudflare offers a range of services supporting these goals beyond what most people think it does.

Software is South Africa’s most promising business opportunity
Integrated Solutions IT infrastructure
When we talk about software as a business opportunity, we are not just talking about software or IT as a standalone product; deploying computer and network-related solutions to augment traditional processes represents an evolutionary shift in how the world works.

Choosing the right battery backup solution
IT infrastructure
Rectron’s, Matthew Hall, says that when it comes to backup power solutions, there are a number of rechargeable batteries available. The difference lies in their capacity, life span, charging time and price.