How to address the multi-cloud security conundrum

By Angelo Joseph, Head of Customer Engineering, Google Cloud ANZ

Credit: ID 115195118 © Valerii Brozhinskii |

Enterprises need to move faster than ever to stay competitive and get ahead. Time to market for products and services has shortened dramatically from years to days. In a bid to get ahead, today’s enterprises are increasingly turning to multiple, not one, cloud provider to handle aspects of their networking and app development needs. 

The introduction of hybrid and multi-cloud platforms such as Anthos provide flexibility and choice. Enterprises can manage workloads running on third-party clouds, giving them the freedom to deploy, run and manage applications on the environment of their choice, without requiring administrators and developers to learn different environments and APIs. For example, a bank can choose to shift a workload to the cloud provider, move it back to their on-premise system, or another provider altogether should they change their mind, all while having the same consistent set of security controls in place.

There is plenty to gain from moving to a multi-cloud environment or a hybrid cloud system but it also brings it own unique set of security challenges. In a multi-cloud architecture, security becomes increasingly complex.

Cloud control

One of the biggest sources of risk during the transition from a private cloud to a hybrid or multi-cloud deployment comes from not having a well-structured approach to the adoption of this new platform. As an enterprise starts adopting the cloud, it runs into issues moving new workloads to the cloud while also standardising and incorporating security controls.

Deployments involving multiple clouds can end up with completely different management interfaces and tools for each cloud and on-premises, which can lead to inconsistent policy enforcement. To mitigate this risk, the deployment to each cloud must be secured based on a common set of security principles. Though actual controls may vary, it is better to rely on a platform that can drive consistency of those controls. Broad access across two cloud environments - private and public - in a hybrid cloud system is risky, since both are at risk if one is breached. Services between the two should be restricted, and only trusted personnel should be able to call those services. 

Slow and steady

A common barrier to cloud adoption is the fear of technology and vendor lock-in.  This can be addressed in part by the adoption of open source frameworks. For example, Kubernetes is an open source system which can be downloaded and used on-premise in addition to several cloud providers, thereby providing portable workloads. It also has the added benefits of being adopted as the de facto standard for cloud computing containers allowing less friction across implementation options.

To address additional security risks which may emerge during the transition process, enterprises can incrementally adopt cloud. Enterprises can use a platform like Anthos to adopt cloud-native technologies like GKE ( Managed Kubernetes ) or Cloud Run on-premises. This will let them modernise applications in a controlled environment with a well-understood security posture. They can then incrementally move workloads to public cloud platforms as they get comfortable with the controls on that platform. Anthos also enables enterprises to retain the workload deployment model and associated security policies even as they migrate to a new underlying infrastructure, whether this is GKE On-Prem or in a cloud environment. Increasingly, more enterprises are also looking to service mesh solutions such as Istio to provide security and policy enforcement across API calls.

Enterprises also have the option of using API gateway solutions such as Apigee to provide better agility in their IT environment as they pursue application modernisation to drive towards more cloud-native architecture patterns.

As more enterprises turn to hybrid and multi-cloud platforms to serve their digital needs, security becomes paramount. They must ensure they have adequately instrumented the architecture. After all, a well-implemented multi-cloud deployment with a comprehensive shared responsibility matrix from the business across on-prem and cloud providers can be more resilient, scalable and secure than investing in a single cloud.

Tags APIGoogle Cloudmulti-Cloud

Show Comments