Even before the COVID-19 pandemic, many organizations were operating in a multi-cloud environment. In fact, 80% of the 150 federal IT decision makers surveyed by MeriTalk in 2019 indicated that their agencies have used multiple cloud platforms. In the post-COVID-19 era, as organizations adapt to a more dispersed workforce and adjust their business models, this reliance on multiple cloud platforms will increasingly become a norm.
In addition to the pandemic, the main drivers of multi-cloud adoption include mergers and acquisitions, and differences in costs and capabilities between providers, which may require a more diverse approach. However, like most technological advancements, the migration to a multi-cloud environment brings greater flexibility and scalability, and may also bring new and often unforeseen risks. Without mature corporate governance, maintaining multiple cloud providers may cause confusion.
ISACA (I am a director of the board of directors) recently released a white paper on the security impact of cloud environments that provides background on why the multi-cloud security landscape is becoming more prevalent and what organizations need to do to adapt to the environment. The white paper states that “implementation can be driven by different teams: a business team may hire a cloud provider that is different from the strategically selected cloud provider for use by the wider organization.” When IT is aware of usage, it may There are multiple business processes depending on its movement.
Developing a multi-cloud strategy is a security priority
Proper multi-cloud governance has many advantages, including cost advantages, lower initial investment in the OPEX vs CAPEX model, and better integration with existing security processes.
The key is to develop a reasonable multi-cloud security strategy, starting from the discovery phase, including discovering a list of cloud providers currently in use and their deployment methods. As the ISACA paper pointed out: “To develop a multi-cloud strategy, companies must not only simply recognize that multi-cloud is happening, but also very important. On the contrary, companies must adjust their tools, processes, monitoring functions, operational thinking, and Many other elements of the security plan to consider multiple providers at play. Compliance requirements and risk tolerance must also be considered. The enterprise must have a solid business case to promote the use of multi-cloud-the risk impact can be identified (regardless of the risk Increase or decrease).”
The strategy should also try to ensure that the IT department understands the situation and stays in touch with the organization’s cloud usage, and that there is an ongoing mechanism to monitor cloud relationships. This includes the ability to push any required changes into these relationships in accordance with regulatory changes, the organization’s internal business environment, and other factors that require flexibility.
For companies that choose to pursue a multi-cloud environment, the success of this approach will depend on whether an overall strategy is formulated and executed to ensure that it adds value while mitigating related security vulnerabilities. To do this, the organization needs to have a clear understanding of its current state, and then it should integrate all other cloud usage with the basic elements of its overall corporate security and vendor management plan. As long as the cloud service is intentionally deployed and protected, a multi-cloud environment can play an important role in enhancing the ability of enterprises to optimize technology.