Valtix recently released research that multicloud will be a strategic priority in 2022, according to the vast majority of more than 200 IT leaders in the United States who participated in the study. Security is top of mind, with only 54% saying they are highly confident they have the tools or skills to pull off multicloud security, and 51% saying they have resisted moving to multiple clouds because of the added security complexities.
If you’ve been reading this blog, you know that I have long identified complexity as the No. 1 inhibitor of multicloud success, with operational and security limitations as the cause of excess complexity. This is largely because of a lack of holistic planning and migration, and development projects running without any notion of cross-cloud services, such as security, operations, and governance.
There are a few realities to deal with here. First, you’re likely already using multicloud, no matter if you know it or not. Scan the enterprise network if you don’t believe me. You’ll find AWS, Microsoft, and Google, with about three dozen or so SaaS providers as well. Second, if your reaction to dealing with the added complexity of multicloud is not to have one, you’ll find that innovation in the company suffers, considering that those who are building solutions will not be able to leverage best-of-breed technology from multiple cloud providers.
This being the case, you’ll have to make multicloud work. So, what do you do? Here’s some advice from somebody who has already solved this issue a time or two.
Provide some common security services that can be extended and customized. The worst thing you can do is to declare that you’re leveraging a single, static security layer that fits some but not all application requirements. Instead, pick a security manager that’s able to deal with many patterns of security, including encryption in flight and at rest, multifactor authentication, single sign-on, and, most important, identity and access management. The idea is to provide common security services that can be leveraged in different ways for different purposes—in other words, customizable.
Incentivize the migration and development teams to use common services, with a guarantee of results. Solutions builders within the enterprises need access to core security skills as well as common security services. The idea is not to enforce compliance but to work directly with those who are building and migrating applications to single or multiple clouds. People often push back on enterprise security (and multicloud security, specifically) because there is really nothing in it for them. Providing free skills and technology will change their minds and get them under a common security framework, thus reducing complexity.
Of course, there are other tricks specific to your organization and industry. Compliance, for instance, needs to be considered for each vertical, and governmental agencies have their own special issues to consider.
Multicloud security is clearly a solvable problem. Although it’s not going to be easy, I’m not sure we have other choices that will not do harm to the business.