FEATURE
As companies leverage a multi-cloud
strategy to improve IT operations
and provide better services to their
customers, they can’t afford to overlook
the implications for security. This is
especially true with the emergence
of a new paradigm to run multiple
disparate compute environments for
application delivery. In fact, while issues
like creeping complexity, non-existent
cross-platform visibility and multiple
vendor standards all compete for IT
focus in a multi-cloud environment,
enterprise leaders cite security as the
top challenge of all.
This trend was illustrated in a recent
global survey of IT and business
executives conducted by A10 Networks
in partnership with the Business
Performance Innovation (BPI) Network.
In the survey, respondents reported that
ensuring strong security across clouds,
networks, applications and data will
Paul Nicholson, Director of Product
Marketing, A10 Networks
be critical for realising the advantages
of multi-cloud IT. This is clearly a work
in progress; to date, only 11% believe
they have been highly successful in
seeing the full value of their multi-cloud
strategy, while a majority (51%) rate
themselves as only somewhat successful
or unsuccessful so far.
A quick web search will uncover many
cases of vulnerabilities and real-life
incidents. In one blog post by VMware,
it is noted that it’s the job of IT and
security teams, not just cloud providers,
to take care of many aspects of security.
To stop sophisticated bots, frequent
data exfiltration of personally identifiable
information (PII), application attacks
and other threats, it’s essential to
implement a security strategy across all
your clouds, private or public that is as
stringent as the one used for your onpremises
solutions, if not more so.
Only 11% believe
they have been
highly successful in
seeing the full value
of their multicloud
strategy.
Deterministic or accidental multicloud
complexity – it all needs to
be secured
It’s easy to understand why the
proliferation of multi-cloud environments
has tended to outpace the evolution
of multi-cloud security. While the
move to multi-cloud is often part of a
clearly defined and intentional strategy,
this isn’t always the case. For many
organisations, the shift happens on a
more ad hoc basis. For example, it may
happen when a company with a singlevendor
cloud strategy acquires or
merges with another organisation using
a different cloud platform. Business
units and development teams may
source their own cloud resources,
with or without IT’s blessing as shadow
IT. New requirements for specific
services, data sovereignty (such as
GDPR), or integration lead IT to add
new vendors to the environment. As
a result, most companies end up in a
more complex multi-cloud setup than
they had envisaged.
Intentional or not, the evolution to
multi-cloud environments typically
focuses on the business and IT factors
driving it. As with many technologies
in IT operations, organisations first
provision the services they need to
address various requirements and
only then turn their attention to how
www.intelligentciso.com | Issue 26
37