Want to take your IT team's value to the next level? Commit to strengthening your relationships with these stakeholders.
Multi-cloud security: 7 issues to watch
Using multiple cloud providers is not riskier than using one: Each arrangement has its pros and cons. Prioritize these security areas in the multi-cloud environment
Storage is always tricky, and that complexity is not reduced in a multi-cloud deployment. In some ways, security is likely to be the least of your worries as design a system which allows for storage across multiple clouds, but it must feature as a requirement. This is an area where maintaining compatibility will be complex, and where key management for encrypted secrets is at least as important as the storage solution itself.
To be clear: This is absolutely not an area for which you should try to design your own system which is “just good enough”, or where you should leave security till later “because it’s hard”. Ensure that you design your storage with security in mind from the beginning.
6. Control plane
You will most likely have spent a lot of time considering how communications between your applications are secured, and hopefully the move to multi-cloud will lead you to ensure that communications between different components in the same application are secured. But there’s another important issue to consider: The control plane.
This refers to any communication which controls your applications or how they are run: for instance, you may be using OpenShift to control your containers and VMs. All communications with scheduling, monitoring, or routing applications like this should, of course, be encrypted. Equally, all cloud service providers should provide encrypted access to all of their tools, but what about the administration, logging and audit functionality of your applications? These are equally as important, and any weaknesses here are prime attack vectors for malicious actors.
[ Read also: OpenShift and Kubernetes: What's the difference? ]
7. Confidential computing
Historically, we have focussed on the security of data at rest (in storage) and in transit (on the network), but there is a third state for data: in use, when it is actually being processed. Some types of data are sensitive, and you should think carefully about where you are happy for them to be processed: There are times when you don’t want them to leave your own network, and even when you want to place extra controls on them there.
Certainly, having sensitive data moving around between multiple clouds is something that you want to control - and often prohibit. There is also a growing realization within the industry that we need to make use of new technologies that protect data while it is in use, and The Linux Foundation has created a community to investigate and build solutions in this area called The Confidential Computing Consortium. For now, the technology is very new, but it’s an area that’s definitely worth keeping an eye on. For more detail see our related article: Application security: 4 things to know about how the Confidential Computing Consortium helps
Make multi-cloud security part of strategy
None of the issues we’ve looked at above are unique to multi-cloud: They are relevant to on-premises and more simple hybrid cloud deployments as well. But the move to multi-cloud requires careful consideration of the complexities that can present themselves. Keeping security “top of mind” as you plan, architect and design your move to multi-cloud must be a key part of your strategy.
[ Learn the do’s and don’ts of cloud migration: Get the free eBook, Hybrid Cloud for Dummies. ]