OPINION PIECE
Multi-cloud security doesn’t have to be complicated to be effective, it just has to be consistent As organisations in every industry shift infrastructure and services to the cloud by means of a multi-cloud strategy, their business assets, software and applications become distributed across several cloud-hosting environments.
D
By Kumar Vaibhav, Solution Architect at In2IT .
espite the many business benefits – including agility, flexibility, competitive pricing, scalability, and reliance, to list a few – there are several hurdles that must be addressed when adopting cloud across the business. It can be particularly tricky securing a plethora of clouds due to a lack of visibility across services and providers. With multiple clouds comes multiple layers of risk, such as an increased attack surface, improper user management, constantly shifting workloads, DevOps and automation, all of which can get complicated. Multiple cloud benefits However, cloud security shouldn’t be as complicated as it has become. Despite cloud having been around for more than a decade, there is still this perception that it
16
is ‘new’ technology, which makes people uncomfortable. Cloud is many things, including scalable, reliable and costeffective, but it’s no longer new. While on-premise security and own-data centres is what most organisations think they need to secure their digital assets, the reality is that this is no longer sustainable — it’s time-consuming and cost-intensive to operate and manage, particularly in comparison to the cloud. Security must meet in the middle So how does cloud security compare to on-premise security? Essentially, there isn’t that much difference. It’s easy to think that on-premise is more secure because one has direct control over all the servers, systems and data living in that data centre. However, it’s important to remember when moving to the cloud
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
that all cloud service providers, like Microsoft, Bing and Amazon all have their own security measures in place. The main concern that businesses have when it comes to moving data to the cloud is that they’re uncertain where it will live, but realistically, it’s possible to have the same controls in the cloud as with on-premise security. The two go hand-inhand and security in the cloud is a responsibility that must be shared between the cloud service provider and the customer, depending on the service they’re using. The service provider has to ensure (in line with the SLA) that customer data is safe in their cloud, while the customer has to ensure everything in their cloud, up to the point where it onramps to the service provider, is secured and that their users are properly managed.
securityfocusafrica.com
