11. October 2021

How to address the security challenge in a multi-cloud business environment

Multi-cloud

Multi-Cloud // The covid pandemic has shown that enterprises need to move faster than ever to stay competitive and get ahead. Time to market has shortened dramatically from years to days. In a bid to get ahead, today’s enterprises are increasingly turning to multiple, not one, cloud provider to handle aspects of their networking and app development needs.

The introduction of hybrid and multi-cloud platforms such as Anthos provide flexibility and choice. Enterprises can manage workloads running on third-party clouds, giving them the freedom to deploy, run and manage applications in the environment of their choice, without requiring administrators and developers to learn different environments and APIs. For example, a bank can choose to shift a workload to the cloud provider, to move it back to their on-premise system, or another provider altogether should they change their mind, all while having the same consistent set of security controls in place.

There is plenty to gain from moving to a multi-cloud environment or a hybrid cloud system but it also brings its own unique set of security challenges. In a multi-cloud architecture, security becomes increasingly complex.

Cloud control
One of the biggest sources of risk during the transition from a private cloud to a hybrid or multi-cloud deployment comes from not having a well-structured approach to the adoption of this new platform. As an enterprise starts adopting the cloud, it runs into issues moving new workloads to the cloud while also standardising and incorporating security controls.
Deployments involving multiple clouds can end up with completely different management interfaces and tools for each cloud and on-premises, which CSO Cloud Security can lead to inconsistent policy enforcement. To mitigate this risk the deployment to each cloud must be secured based on a common set of security principles. Though actual controls may vary, it is better to rely on a platform that can drive consistency of those controls. Broad access across two cloud environments – private and public – in a hybrid cloud system is risky, since both are at risk if one is breached. Services between the two should be restricted, and only trusted personnel should be able to call those services.

Slow and steady
A common barrier to cloud adoption is the fear of technology and vendor lock-in. This can be addressed in part by the adoption of open source frameworks. For example, Kubernetes is an open source system which can be downloaded and used on-premise in addition to several cloud providers, thereby providing portable workloads. It also has the added benefits of being adopted as the de facto standard for cloud computing containers allowing less friction across implementation options.
To address additional security risks which may emerge during the transition process, enterprises can incrementally adopt cloud. Enterprises can use a platform like Anthos to adopt cloud-native technologies like GKE (Managed Kubernetes) or Cloud Run on-premises. This will let them modernise applications in a controlled environment with a well-understood security posture. They can then incrementally move workloads to public cloud platforms as they get comfortable with the controls on that platform. Anthos also enables enterprises to retain the workload deployment model and associated security policies even as they migrate to a new underlying infrastructure, whether this is GKE On-Prem or in a cloud environment. Increasingly, more enterprises are also looking to service mesh solutions such as Istio to provide security and policy enforcement across API calls.

Enterprises also have the option of using API gateway solutions such as Apigee to provide better agility in their IT environment as they pursue application modernisation to drive towards more cloud-native architecture patterns.

As also more enterprises in the Alpine region turn to hybrid and multi-cloud platforms to serve their digital needs, security becomes paramount. They must ensure they have adequately instrumented the architecture. After all, a well-implemented multi-cloud deployment with a comprehensive shared responsibility matrix from the business across on-prem and cloud providers can be more resilient, scalable and secure than investing in a single cloud.


Christian Martin
Christian Martin

Christian Martin joined Google Cloud in November 2020 as the new Country Director of the Alps Region. Based at Google Switzerland in Zurich, he leads the Google Cloud Teams in both Switzerland and Austria to further drive the growth of Google Clouds’ business in the Alpine region.