The multi-cloud trend
A multi-cloud infrastructure is any type of IT infrastructure that mixes a public or private cloud with at least one other type of environment. Hybrid clouds, which combine public or private cloud infrastructures with an on-premises environment, are one example of a multi-cloud infrastructure. Companies that choose to use more than one public cloud (such as AWS and Azure) at once are also relying on a multi-cloud infrastructure.
Multi-cloud infrastructures have become very common in recent years. In fact, as of 2019, 84 percent of enterprises had adopted a multi-cloud strategy, according to RightScale.
Multi-cloud infrastructure advantages
There are several reasons for the trend toward multi-cloud infrastructure. One is cost: By adopting multiple clouds, companies have greater flexibility to pick and choose which vendor’s services they use to fill different needs at the most efficient price.
Another advantage is reliability and redundancy. If you host workloads or data in multiple clouds concurrently (or in an on-premises environment and in a cloud at the same time), your resources will remain available, even if one of those clouds fails.
Finally, multi-cloud infrastructures help to keep workloads more secure in certain respects. If you spread workloads across multiple clouds, you are better positioned to keep your workloads running in the event that one of the clouds is struck by a DDoS attack or another type of breach designed to disrupt your workload.
Multi-cloud security challenges
Although multi-cloud infrastructures provide some security advantages, they complicate security requirements in other ways, including:
- Access control: In a multi-cloud infrastructure, you typically have to use multiple access-control systems. This increases the challenge of ensuring that access control policies are properly configured on each of your environments. Sharing resources between clouds in a secure way can also be particularly difficult, given that most cloud vendors’ access-control systems are not designed to work easily with those that run on other infrastructure.
- Versioning differences: When you host the same workload in multiple clouds at the same time, you face the possibility of version conflicts between different clouds. For example, you might run one version of Kubernetes in one cloud and a different version in another cloud. From a security perspective, this can be challenging because security features that are available in one version of your tool may not work (or work in the same way) with another version.
- Monitoring and visibility: The native monitoring and management tools that most cloud vendors offer do not let you monitor other types of environments. As a result, these tools do not provide you with a single pane of glass for monitoring your entire multi-cloud environment.
- Larger attack surface: The more clouds you use at once, the greater the number of potential security vulnerabilities you expose yourself to. This means that a multi-cloud infrastructure requires you to stay on top of known security vulnerabilities for each of your environments, and to have a plan in place for addressing them quickly.
Multi-cloud security best practices
Organizations can mitigate the security risks of a multi-cloud infrastructure by adhering to the following best practices:
- Integrated security policies: Instead of tailoring security configurations to each cloud, companies should adopt a set of security policies that they want to enforce on all of their clouds. This approach mitigates the risk of incompatibilities and security oversights.
- Automated policy enforcement: Once you have established integrated security policies, you should automatically determine whether the configurations in place on each of your clouds meets those requirements. Not only will automated policy checks save time, but they will also help prevent mistaken interpretations that could result in security gaps.
- Centralized monitoring: Although vendor-specific monitoring tools may be helpful for troubleshooting certain types of issues, companies should also have a centralized security monitoring system in place that allows them to collect and analyze security-relevant data from all of their clouds.
- Automated vulnerability scanning: When you have a large and diverse multi-cloud infrastructure, automated vulnerability scanning is essential for quickly identifying vulnerabilities when they appear within any part or layer of your infrastructure.