rvlsoft - Fotolia
As companies do more in the cloud, there is an increasing need to reduce the reliance on only one vendor. This drives many companies to adopt a multi-cloud approach, but breaking out of the confines of a single cloud creates its own set of challenges.
Security is at or near the top of the list of challenges when enterprises seek to adopt a multi-cloud strategy. The use of multiple clouds introduces lots of complexity due to the differences in how each provider handles authentication, authorization, support, monitoring, alerting and more. For example, you can spin up a Linux-based VM on AWS, Microsoft Azure and Google Cloud Platform, but each platform varies in how those machines are initially configured, how they're accessed and which users have authorization to access them.
It can be difficult to maintain security parity in this type of distributed environment without the right tools and practices in place. Let's review some key practices to help establish multi-cloud security parity.
Security parity basics
Parity, in this context, means ensuring consistent security settings and protections for all resources in your cloud environments, including endpoints, nodes, devices and instances. For organizations with a multi-cloud model, security teams must establish equal security across all of their distributed environments.
And server management is only a piece of the puzzle -- albeit a big one. Security parity also pertains to how you access those platforms and what you can do within each one. Tools and techniques such as single sign-on and centralized monitoring can help provide some of that consistency.
Inconsistent security processes are some of the most dangerous problems that IT teams face because they can put organizations at risk of threats and data breaches. A lack of security parity has been the direct cause of high-profile cyberattacks, such as the 2017 Equifax data breach.
Applying a critical patch or updating an insecure configuration policy for only a fraction of your infrastructure is almost as ineffective as not applying it at all. While it's imperative that IT teams understand the importance of security parity, they must also grasp the related processes and technologies -- such as automation, containers, visibility and training -- to ensure that all environments are protected.
When it comes to implementing multi-cloud security, manual configuration can cause multiple issues. As a company's cloud infrastructure grows, the number of nuanced settings that need to be maintained across every device can become overwhelming. With so many tedious configuration tasks, each additional manual change increases the chance of error. To avoid the possibility of manual error, IT teams should automate the configuration processes across their environments to help achieve security parity.
There are many automated configuration management and infrastructure-as-code services available that help maintain consistent security settings across multiple cloud providers. These tools simplify the configuration process and design infrastructure in a way that it is easily reproduced. This means IT teams do not need to configure each individual component across every provider. Instead, users can define and reuse code-based configurations, treating the respective clouds in an agnostic manner, which leads to consistent security practices across configurations in an organization's environments.
IT teams can deploy containers to achieve security parity because they provide consistency and abstraction. While configuration management tools ensure that the host machines are constructed consistently, containers help reduce the attack surface by sandboxing applications and processes into tightly controlled environments.
Regardless of which provider you host your container on, the container image itself will always be the same. This abstracts the problem away from the application container and onto the container host, which reduces the number of dependencies on a given system and the overall attack surface.
Organizations must keep an eye on everything in their environments to maintain multi-cloud security. Even well-prepared organizations aren't immune to breaches. In the event of a breach, the monitoring systems in place are crucial tools to help identify and remediate the problem as quickly as possible.
Teams need to know what is going on in their infrastructure, no matter where it is hosted. Logging and analytics tools establish visibility and adapt to situations as they arise. After all, alarm systems don't keep burglars from getting in, but they sure do help a lot with getting them out.
To help centralize logs, you can use open source tools such as the ELK stack of Elasticsearch, Logstash and Kibana, or Prometheus in tandem with Grafana. There are also good commercial alternatives, including Splunk, LogRhythm and Loggly.
Tools are only as valuable as the people they are built to protect. The human element of cyber security is already a challenge in a single-cloud environment, so expanding beyond the bounds of one provider only compounds the risks. Proper security training for employees and cloud users is an important step in achieving security parity.
No matter how much automation and monitoring you have in place, every cloud provider has their own nuanced security policies. Implement trainings to ensure that the employees who will be interacting with these procedures understand the risks and limitations of each to improve your security posture.
When in doubt, iterate
Security is an ongoing process, not a checklist. While there is some importance in "getting it right," iteration can go a long way toward maintaining parity in your organization. Using an off-the-shelf commercial configuration management platform is a great place to start, but you may find that a more robust infrastructure-as-code tool gives you far more control over the configuration of your endpoints. It's OK to start small and iterate as you go.