Multi-cloud faces greater security risks, what choices should we make?

Multi-cloud is a good thing. Let’s take a look at how to ensure that you don’t give up security because of multi-cloud’s increased flexibility.

Multi-cloud deployments are very popular right now, and for good reason. They provide businesses with maximum flexibility, allowing you to mix and match cloud services to meet your exact needs. As a result, they can improve business agility and cost-effectiveness of operations.

But the trade-offs are also obvious. Using multi-cloud means even more complexity because there are more moving cloud parts. Additionally, you're mixing cloud services with existing, legacy on-premises systems, not to mention systems outside the enterprise, such as cloud exchanges.

While complexity brings many challenges, such as management and governance, the greatest risks it poses involve security. IT organizations have traditionally dealt with security issues at the application and system levels, so enterprises are managing hundreds of security systems that are localized for a single system and purpose. This approach worked for simple things, but now they're complex and we're finding that traditional approaches don't scale.

Therefore, the risk of breaches increases with the complexity of cloud-driven and traditional cloud computing.

So, what are enterprises to do? It’s really a question of backup, consider common security needs, and find common security solutions that can be implemented across systems and applications, both cloud and non-cloud. Doing so often means using technologies like identity and access management (IAM), which move security to a higher level of abstraction that applies to the entire system.

The trick is to treat hundreds of systems (cloud and non-cloud) as a single system with common patterns and components (such as storage, compute, database and network). This is the only way you should think about security: holistic, strategic security; not siled and tactical security.

While it’s easier said than done, I urge businesses that are moving to complex architectures to deal with this issue now rather than trying to retrofit security solutions after a breach disrupts the business.