As clouds multiply for users, so will the challenges of cloud security

Multi-cloud usage is looming on the horizon for many organizations, says one security expert, which means users need to prepare for multiple cloud security challenges.

Jeff Rowe | Apr 02, 2018 12:00 am

Cloud providers have come a long way, in recent years, when it comes to protecting data and IT systems in the cloud, but most experts agree that users need to recognize their continuing responsibilities as the make ever greater use of the cloud.  And those responsibilities will have a logical way of multiplying as users begin to tap into multiple clouds simultaneously for their organizations.

In a recent commentary, Tom Nolle, president of CIMI Corporation, a strategic consulting firm specializing in telecommunications and data communications, observed, “With the wrong approach to security, things will only get worse over time because application commitments to the cloud will grow, as will the number of public cloud providers in use.”

As he sees things, multi-cloud security technologies must address four kinds of security.

  • “They have to provide access security for the applications and components hosted in any public cloud, no matter which cloud is used and no matter how many applications are moved or spread among public cloud providers.
  • Security tools need to provide information security for company data hosted in or connected with each multi-cloud provider.
  • They must maintain both types of security during redeployment of components when a failure occurs or when components are scaling under load.
  • Security technologies need to accommodate new service providers or features as they are added.”

Moreover,  Nolle continues, a multi-cloud user has three classes of tools available to address security issues in cloud computing, including “public cloud security services and features, which vary by provider; network security and access and forwarding control features; and application security tools built into, or added onto, the applications themselves.”

And most importantly, cloud customers should expect to use all of these in an effective multi-cloud security plan.

In his view, to overcome the evolving range of security issues in cloud computing, users should look closely at tools from service providers. “The major public cloud providers have entire sets of web services designed for security and access control, including tools for identity management and security auditing. These tools work best when the public cloud is used as a front end to traditional applications, which means in conjunction with remote and mobile worker features of each cloud provider.”

There is, he says, “only one best approach to application deployment and security, and that is to make all hosting resources look and behave the same. Any variations in how you operationalize your deployment and maintenance of applications will complicate the security procedures you adopt.”

In the end, he says, the steps necessary to make multi-cloud security work are as well-known as the problems, but as the number of providers an organization use expands, the need to apply them, and the means of applying them, will continue to change.