Cloud adoption has surged in the past few years, driven by the post-pandemic shift to remote and hybrid work and the need to service customers digitally. Hybrid and multi-cloud environments can strengthen organisations’ ability to be more resilient, agile and scalable and the trend will only gain momentum. The global hybrid cloud market is forecast to expand to $145 billion by 2026 while, in Europe, Forrester’s State of Cloud in Europe 2022 report showed that almost 90% of companies are utilising multiple cloud platforms as they seek to modernise and innovate.
But this also ushers in new security considerations, with more points of vulnerability for cyber-attacks and breaches. Many are concerned, not just at organisational but also national levels. The UK government, for instance, last year called for evidence on how to increase the safeguarding of the country’s data infrastructure from cyber threats in the long term. When it comes to a multi-cloud environment, what are some of the best practices to ensure security?
Understanding the new threat landscape
We are very likely to see an increase in cybersecurity incidents in the coming years, with ransomware, supply chain and IoT attacks growing both in frequency and sophistication. Although cloud is considered to be inherently more secure than on-premise environments, the increasing use of cloud apps without appropriate risk management considerations could lead to a new attack surface for organisations.
Additionally, insider threat is emerging as one of the biggest risks, due to the proliferation of remote and hybrid working. According to Gartner, one of the top 2022 cybersecurity trends was attack surface expansion, as around 60% of knowledge workers are working remotely. Attackers now find it easier to target remote workers as they are outside the usual security perimeters of the organisation and, once compromised, these remote workers act as a conduit for attackers to infiltrate the enterprise.
The speed of change for technology has accelerated significantly in the last decade and, in parallel, companies are racing to adopt new tech to deliver better services and more value to customers. However, a skills shortage for core areas including security could lead to poor security hygiene, security misconfigurations, intentional and accidental insider threats and more. Also, conventional threats, including attacks like social engineering, phishing, DDOS, brute-force etc, will continue to adapt to the new attack surface.
As the attack surface of organisations has expanded, security monitoring now involves dealing with very high volumes of security telemetry that comes at high speed, with diversity and scale never seen before. At the same time, the threat landscape is also evolving and advancing rapidly by adopting new techniques for attacks. Adversarial use of artificial intelligence (AI) and machine learning (ML), cloud and automation, along with increasing involvement of organised groups like APTs and nation state actors, makes the threat landscape more complex.
Best practice & strategies for organisations
Multi-cloud and hybrid cloud are the future for every connected organisation, and there are several effective measures that leaders can implement for optimised security. First, it is imperative to incorporate security as a crucial design consideration rather than an afterthought or ‘bolt on’, and to take a top down approach to multi-cloud / hybrid environment security. Organisations must look at their risk management functions, and the methods to upgrade them to accommodate new risks and threats from a multi-cloud perspective. This will help them adopt optimal risk management initiatives in an informed manner.
Further, as enterprises adopt cloud and then multi-cloud, it is easy to end up having redundant and disparate security tech debt. This would multiply the skill shortage challenge and reduce efficiency of the security operations. It could also lead to security blind spots, and make detection and responses to threats extremely complex and expensive. Careful planning for security tooling that suits multi-cloud and/or hybrid environments will be a vital success factor.
Adopting ZeroTrust as a security strategy would enable employees to work seamlessly in a hybrid model, while managing the risk to organisational applications and data optimally. ZeroTrust not only reduces the probability of a security incident, it also helps reduce its impact during such occurrences and helps with faster detection and a more effective response to it. Finally, while traditional network security parameters will still play an important role, identity has now become the first line of security defence or the new cyber defence perimeter. Modern identity security solutions dynamically control access based on context and associated risk.
The role of AI and ML technologies
Advancing AI and ML technologies can lend themselves well to securing the cloud environment, allowing leaders to harness the value of DevOps, automation and real-time analytics to identify and resolve threats fast. With the volume, speed and variety of security telemetry and rapid evolution and advancement of security threats, it is humanly impossible to monitor, detect and respond to threats using traditional methodologies. As traditional ways of defending against cyber threats are now inadequate, AI and ML have become a common denominator for cyber defence, extending from endpoint protection solutions to applications on the other end. The use cases are manifold, and include: protecting end user machines and cloud workloads through AI/ML based detection; network level engines that monitor and defend against threats; identity solutions that monitor identity-based intelligence to facilitate risk based access decisions; security monitoring solutions that go beyond the traditional rule engines to apply behavioural analytics to predict and detect threats; and risk management engines that help organisations better manage their security GRC programmes and maintain optimum compliance.
Overall, security should be viewed from a business-centric perspective, and not just as an IT service. Taking a business-aligned, data-centric and compliance-driven approach to security is important to
ensure the end user and customer experience is not compromised. With such an approach, security becomes a business enabler and accelerator, rather than an impediment.