{"id":14316,"date":"2025-06-26T07:16:15","date_gmt":"2025-06-26T07:16:15","guid":{"rendered":"https:\/\/newestek.com\/?p=14316"},"modified":"2025-06-26T07:16:15","modified_gmt":"2025-06-26T07:16:15","slug":"how-to-make-your-multicloud-security-more-effective","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14316","title":{"rendered":"How to make your multicloud security more effective"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

The days of debating whether cloud or on-premises is the best location for your servers are thankfully far behind us. But lately, more enterprises are shifting their workloads as they realize that security and simplicity matter.<\/p>\n

This movement isn\u2019t uniform because of the richness and complexity of multicloud computing in the modern era. Some enterprises are consolidating all their workloads from multiple PaaS providers into a single provider, typically AWS or Azure. But others are slimming down their cloud footprints into fewer providers. Having multiple cloud providers has been tolerated in the past but has proven difficult to support technically, as we wrote about earlier this month<\/a>. \u201cThere is some movement to consolidate different cloud providers,\u201d Forrester analyst Andras Cser tells CSO. \u201cBut this is more of an effort to reduce technical debt and to reduce vendor lock-in.\u201d<\/p>\n

Some of these consolidations are just circumstantial \u2014 such as trying to trim back the result of corporate acquisitions or bring uniformity to having to run disparate development teams \u2014 and are not borne out of having any great architectural plan. Some enterprises are repatriating workloads back to on-premises or are moving from public to hybrid or private clouds. We\u2019ll get into the reasons for that in a moment.<\/p>\n

Let\u2019s look at the challenges and complexities of multicloud security by identifying the gaps and highlighting the gotchas. We\u2019ll look at ways to be more purposeful about cloud security and focus on containing and managing tool sprawl with recommended courses of action that you can take.<\/p>\n

Containing costs<\/h2>\n

Certainly, one of the biggest challenges has to do with the higher operational cost of maintaining separate cloud development teams. As each cloud has its own tools and specific implementation details cutting across different services, protocols and systems that require careful study and skilled engineers to maintain.<\/p>\n

\u201cEngineers don\u2019t have the knowledge to maintain multiple clouds, they tend to focus on one or two clouds at most and deploy as much security automation as possible to manage them. Let\u2019s do one cloud and do it well. Efficiency can only be gained by being less agnostic and being more focused. You can\u2019t replicate all workloads everywhere,\u201d Ashley Manraj, CTO of Pvotal, tells CSO.<\/p>\n

The multicloud approach has lost its luster, according to Andrew Plato, who founded security consultancy Zenaciti among other tech startups. \u201cAnd there are high costs and lots of difficulty in switching workloads from Amazon to Azure, as an example.\u201d He hasn\u2019t seen any wholesale move by enterprises to repatriate their cloud servers back into their data centers. Instead, \u201centerprises are backing away from deploying multiple public clouds.\u201d<\/p>\n

So, while cutting costs is a big motivation, figuring out these costs is still a very hard problem. The tools to predict cloud costs haven\u2019t gotten noticeably better in the past decade. Everyone\u2019s cloud cost figures vary from month to month, just by their very nature with all the usage charging and changes to the providers\u2019 pricing models too. As previously noted<\/a> \u201ctrying to parse your monthly bill requires the skills of a CPA, a software engineer, a commodities trader and a sharp eye for the details.\u201d<\/p>\n

There is also what Steve Cobb, CISO at SecurityScorecard, calls \u201ccloud sticker shock\u201d that happens when you get your first monthly bill after turning on a new cloud app. \u201cYou don\u2019t necessarily know what your traffic patterns will be until you build the app. They are hard to predict before you go into production with the actual data, and the shock is greater of course as you move a lot of data across cloud regions or have built in failover across providers.\u201d<\/p>\n

Is it time to repatriate to the data center?<\/h2>\n

Perhaps. Some organizations, such as Zoom, have moved workloads to on-premises because it provides more predictable performance for real-time needs of their apps. John Qian, who once worked there and now is the CISO for security vendor Aviatrix, tells CSO that Zoom uses all three of the major PaaS providers for elastic demands that they can spin up quickly. \u201cYou have to take the best features of both cloud and on-premises. For example, the data center makes sense if you can buy enough GPU bandwidth to build your own AI cluster.\u201d Qian says Aviatrix uses just two PaaS providers at present.<\/p>\n

Others have found that the bigger their storage needs have become \u2014 \u00a0for AI LLMs for example \u2014, the more cost effective and predictable on-prem storage can be, particularly if you are shipping huge data blocks from one PaaS to another.<\/p>\n

Plato has a good rule of thumb: \u201cDon\u2019t put it in the cloud if you don\u2019t need to.\u201d<\/p>\n

One solution: containers<\/h2>\n

One trend many sources could agree on is the movement of workloads to using more containers. Qian said that \u201ccontainers can make the transition across clouds and from cloud to on-premises easier because of its abstraction layer, but this can also mean developers have to understand the cross-container security implications too.\u201d Still, it is easier to shift workloads from virtual machine (VM) instances to containers, according to Plato. \u201cIt can be easier to secure a cluster of containers than a bunch of VMs.\u201d Cser tells CSO that \u201ccontainers make cloud movement more fungible because they are essentially clouds running on top of clouds.\u201d<\/p>\n

Centralize cloud security policies<\/h2>\n

The ideal is to have a centralized, common and consistent set of security policies across all clouds. Then you can implement automated ways to deploy (such as with Terraform or some other IaC that can integrate with your IDEs). Another set of tools that can help are Cloud Native Application Protection Platforms<\/a> (CNAPP). The advantage of CNAPP tools is that they have many integrated sub-tools which make it easy to bring uniform policies across a complex environment. But, if you already have a lot of non-CNAPP automation, it might not be the best path. \u201cYou can build a very robust and secure infrastructure with these tools,\u201d says Plato.<\/p>\n

\u201cAs an example, say you create a new application that requires you to make changes across your entire multicloud environment,\u201d says Cobb. \u201cWithout automation and something like CNAPP, that can quickly become untenable in terms of budget, expertise, and time.\u201d<\/p>\n

Understand the security problems you are trying to solve<\/h2>\n

One typical situation is when the devsecops team gets ahead of the CISO technically. P \u201cWhen that happens, the CISO doesn\u2019t know what security problems the teams are trying to solve, and if what is being recommended is really going to solve them,\u201d says Plato. That leads towards mandates on particular tooling, he finds, \u201crather than making sure particular security requirements are met by specific tools. You want to avoid tool sprawl with security data spilling out all over the place.\u201d<\/p>\n

Developers can get ahead of themselves too, and don\u2019t necessarily understand how everything is secured across all possible clouds. Manraj says that the different PaaS players are diverging more than ever with different CPU, serverless and application support that have their own cloud-specific features. \u201cThis makes crafting the same security policy rule across all of the providers in some uniform fashion harder.\u201d<\/p>\n

Final recommendations<\/h2>\n

There are some other ways to improve multicloud security. \u201cSpend some time ensuring that the workloads are as close to their actual infrastructure needs, such as storage, as possible. That also cuts down on costs and data entry and egress fees,\u201d says Manraj.<\/p>\n

Several sources suggested that enterprises manage their entire application stack inside their data centers. \u201cStart by building your own in-house private cloud facility,\u201d John Cronin, a retired enterprise IT architect, tells CSO. \u201cBe 100% in control of all the software technology you will be using \u2014 database, storage, applications, and APIs. Then use outside cloud providers to provide additional processing capacity, redundancy and resiliency.\u201d<\/p>\n

\u201cYou shouldn\u2019t buy a security tool until you have a clear set of priorities and a solid risk analysis in hand,\u201d Plato says. \u201cYou must understand the threats you face before you start applying tools to them. Consider the native PaaS security tools that each provider has and start with what each can do. These typically cost less than third-party products.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

The days of debating whether cloud or on-premises is the best location for your servers are thankfully far behind us. But lately, more enterprises are shifting their workloads as they realize that security and simplicity matter. This movement isn\u2019t uniform because of the richness and complexity of multicloud computing in the modern era. Some enterprises are consolidating all their workloads from multiple PaaS providers into… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14316","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14316","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14316"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14316\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14316"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14316"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14316"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}