It turns out that when it comes to cloud, you can have too much of a good thing. Some organizations that have moved into multi-cloud environments could be facing security risks brought on by “cloud sprawl.”
Gartner has declared the traditional data centre “almost dead,” predicting that 80 percent of enterprises will have shut theirs down in favour of cloud by 2025. Organizations are quickly adopting multiple clouds to gain the flexibility to deploy workloads to different platforms according to cost and application needs, reduce downtime, and improve resilience when an outage or cyber attack occurs.
“Good sprawl is driven by business growth — definitely a positive sign,” said Stephan Auger, VP & CTO, Equipe MicroFix. “But there’s also bad cloud sprawl.” The latter kind of sprawl can come in the form of underutilized compute, unused space, and redundant services. Bad sprawl is inefficient, bringing with it unnecessarily high costs and, invariably, security vulnerabilities.
Past the perimeter
Companies have long since moved past the concept of a security perimeter. When networks were fully contained on-premises, security groups had a single point of control. In a multi-cloud world, this one chokepoint is no more. Most reports now have a strong majority of enterprises with active multi-cloud strategies.
“That old idea of the medieval fortress and moat, with the guard at the drawbridge, is now basically obsolete,” said Auger. “Even pre-COVID you had a highly mobile workforce, with many people accessing network resources from outside. The pandemic has moved team members into remote offices, which has attracted the special interest of cyber criminals.”
Multi-cloud can present a number of critical challenges in the area of security, including:
- Access issues – Identity and access management are critically important, but difficult to achieve in a multi-cloud environment where you have many users trying to access cloud resources at the same time. Breakdowns in proper access management governance can give users access to resources they’re not entitled to access.
- Hypercomplexity – According to a recent report from Netskope, the average enterprise uses almost 1,300 cloud services. The report goes on to say that 96.3 percent of these services are not “enterprise-ready,” meaning they don’t stand up when benchmarked against the 50 assessment areas of Netskope’s Cloud Confidence Index.
- Reduced visibility – It’s not easy to harmonize security across multiple cloud platforms. Each cloud provider has its own unique security features, which makes it challenging to achieve visibility across the entire cloud environment.
“Multi-cloud is a natural next step for evolving businesses,” said Auger. “But it absolutely has its drawbacks. Migrating data and workloads to multiple clouds will invariably create new threat vectors — it’s inescapable. More complexity means a higher level of risk, one that demands a comprehensive solution.”
Learn more: Exclusive Networks “Security Without Compromise”
Fortinet Dynamic Cloud Security, which allows companies to assume a consistent security posture via uniform security management across any cloud or non-cloud infrastructure, stands on three pillars:
- Native integration – It natively integrates security into the cloud platform, defining security policies for cloud services, and leveraging cloud services for security and ultimately enabling the automation of security services
- Broad protection – The industry’s broadest set of cloud security products enables organizations to use the same security in the cloud as on premises
- Management and automation – By managing security across multiple clouds through a single pane of glass, and automating the security lifecycle management, organizations can better leverage existing skill-sets and more confidently deploy applications anywhere.
Learn more: Fortinet Dynamic Cloud Security