In a Multi-Cloud World, It’s Time to Rethink Who Has Access to What
By: Ali Gomulu
The biggest challenge in today’s multi-cloud world is not storing data or supporting applications but securing that data all along the “digital supply chain.”
Given the economics of the cloud, and the sense it makes to use different kinds of clouds for different applications, arguments to leverage cloud today are rock solid.
With weak security governance in place, however, are the risks greater than the rewards?
It was not many years ago that we were focusing on differentiating between the public and private clouds. Once the technology became more widely understood, businesses began to realize that a combination of the two would prove to be the most beneficial: the public cloud for its extensive and almost infinite ability to scale and grow, with a mix of private cloud to store critical or otherwise sensitive data. This became known as the hybrid cloud.
We are now also beginning to see enterprises becoming more selective over which cloud provider to choose, as selecting multiple vendors for different business operations allows for each area of the business to work independently of each other. With the growth of DevOps and the overall expansion of digital services and applications in nearly every vertical industry, multi-cloud makes sense but can be daunting to the CISOs responsible for protecting the infrastructure and data of enterprises, governments, and other organizations.
Adding to this is complexity associated with tougher privacy regulations spreading across the globe. The security of the data and compliance with regulations has been driven to the forefront of every IT and OT leaders’ minds, and those important issues which must be tackled while planning to go to a multi-cloud paradigm.
General multi-cloud assumptions are made based off what we already understand about public and private cloud architecture including:
- Security – Data is at the heart of IT in any business and security must be thought of high in the list of priorities and not as an afterthought. This is particularly true when workloads are distributed amongst employees and business partners.
- Reliability – Stability is very important, and any downtime could cause major disruptions. We have gotten to the stage where network reliability is just as important as electricity or running water.
- Ubiquity – An omnipresence is required; all applications and services need to be available everywhere. Limiting these to a location means that the full potential of the cloud could go unserved within the business. This is heightened by our dependency on mobile applications.
- Fungibility – Resources must be interchangeable, meaning that in order to drive ubiquity efficiently, workloads cannot be tied down to any one resource in a way that restricts availability.
How can all this variety be managed efficiently and with visibility into infrastructure and applications, and control from edge-to-edge? There is no way other than with advanced software, which takes advantage of algorithms and artificial intelligence (AI) to automate the process, and with recording and storage mechanisms which support quality audits, even those which may come as a surprise, in between regularly scheduled audits.
Legacy approaches to managing privileged access no longer scale to meet the changing needs driven by multi-cloud advantages – and are further exacerbated by more and more edge devices, whether servers, gateways, mobile phones, sensors, cameras and more.
This next-generation multi-cloud environment deserves next-generation, software-defined, hyper-intelligent solutions which unlock the value of the cloud, and the edge, by ensuring security through comprehensive, modern approaches and support the highest quality governance across even the largest enterprises.
Does your organization really know who has access to what, and under what circumstances? It’s possible with ironsphere, and we’d enjoy demonstrating how.
Two-factor authentication has been around for decades – requiring an additional step between entering a username and password, for example, then entering a one-time security code sent to a mobile device – to access applications, systems and data.
Corporate information security governance is a foundation upon which organizations can build an increasingly significant part of their overall risk management platform. The foundation of a successful security governance program begins with strong upper-level management support, including the CEO, Chairman and Board Members.
Data Privacy Day is held on the 28th of January every year, and is designed to raise awareness among businesses, governments, and other organizations on not only the right to privacy, but the responsibility associated with protecting the data of customers, citizens and consumers.