Is it time to repatriate to the data center?: Perhaps. Some organizations, such as Zoom, have moved workloads to on-premises because it provides more predictable performance for real-time needs of their apps. John Qian, who once worked there and now is the CISO for security vendor Aviatrix, tells CSO that Zoom uses all three of the major PaaS providers for elastic demands that they can spin up quickly. “You have to take the best features of both cloud and on-premises. For example, the data center makes sense if you can buy enough GPU bandwidth to build your own AI cluster.” Qian says Aviatrix uses just two PaaS providers at present.Others have found that the bigger their storage needs have become, for AI LLMs for example, , the more cost effective and predictable on-prem storage can be, particularly if you are shipping huge data blocks from one PaaS to another.Plato has a good rule of thumb: “Don’t put it in the cloud if you don’t need to.”
One solution: containers: One trend many sources could agree on is the movement of workloads to using more containers. Qian said that “containers can make the transition across clouds and from cloud to on-premises easier because of its abstraction layer, but this can also mean developers have to understand the cross-container security implications too.” Still, it is easier to shift workloads from virtual machine (VM) instances to containers, according to Plato. “It can be easier to secure a cluster of containers than a bunch of VMs.” Cser tells CSO that “containers make cloud movement more fungible because they are essentially clouds running on top of clouds.”
Centralize cloud security policies: The ideal is to have a centralized, common and consistent set of security policies across all clouds. Then you can implement automated ways to deploy (such as with Terraform or some other IaC that can integrate with your IDEs). Another set of tools that can help are Cloud Native Application Protection Platforms (CNAPP). The advantage of CNAPP tools is that they have many integrated sub-tools which make it easy to bring uniform policies across a complex environment. But, if you already have a lot of non-CNAPP automation, it might not be the best path. “You can build a very robust and secure infrastructure with these tools,” says Plato.”As an example, say you create a new application that requires you to make changes across your entire multicloud environment,” says Cobb. “Without automation and something like CNAPP, that can quickly become untenable in terms of budget, expertise, and time.”
Understand the security problems you are trying to solve: One typical situation is when the devsecops team gets ahead of the CISO technically. P “When that happens, the CISO doesn’t know what security problems the teams are trying to solve, and if what is being recommended is really going to solve them,” says Plato. That leads towards mandates on particular tooling, he finds, “rather than making sure particular security requirements are met by specific tools. You want to avoid tool sprawl with security data spilling out all over the place.”Developers can get ahead of themselves too, and don’t necessarily understand how everything is secured across all possible clouds. Manraj says that the different PaaS players are diverging more than ever with different CPU, serverless and application support that have their own cloud-specific features. “This makes crafting the same security policy rule across all of the providers in some uniform fashion harder.”
Final recommendations: There are some other ways to improve multicloud security. “Spend some time ensuring that the workloads are as close to their actual infrastructure needs, such as storage, as possible. That also cuts down on costs and data entry and egress fees,” says Manraj.Several sources suggested that enterprises manage their entire application stack inside their data centers. “Start by building your own in-house private cloud facility,” John Cronin, a retired enterprise IT architect, tells CSO. “Be 100% in control of all the software technology you will be using, database, storage, applications, and APIs. Then use outside cloud providers to provide additional processing capacity, redundancy and resiliency.””You shouldn’t buy a security tool until you have a clear set of priorities and a solid risk analysis in hand,” Plato says. “You must understand the threats you face before you start applying tools to them. Consider the native PaaS security tools that each provider has and start with what each can do. These typically cost less than third-party products.”
Understand the security problems you are trying to solve: One typical situation is when the devsecops team gets ahead of the CISO technically. P “When that happens, the CISO doesn’t know what security problems the teams are trying to solve, and if what is being recommended is really going to solve them,” says Plato. That leads towards mandates on particular tooling, he finds, “rather than making sure particular security requirements are met by specific tools. You want to avoid tool sprawl with security data spilling out all over the place.”Developers can get ahead of themselves too, and don’t necessarily understand how everything is secured across all possible clouds. Manraj says that the different PaaS players are diverging more than ever with different CPU, serverless and application support that have their own cloud-specific features. “This makes crafting the same security policy rule across all of the providers in some uniform fashion harder.”
Final recommendations: There are some other ways to improve multicloud security. “Spend some time ensuring that the workloads are as close to their actual infrastructure needs, such as storage, as possible. That also cuts down on costs and data entry and egress fees,” says Manraj.Several sources suggested that enterprises manage their entire application stack inside their data centers. “Start by building your own in-house private cloud facility,” John Cronin, a retired enterprise IT architect, tells CSO. “Be 100% in control of all the software technology you will be using, database, storage, applications, and APIs. Then use outside cloud providers to provide additional processing capacity, redundancy and resiliency.””You shouldn’t buy a security tool until you have a clear set of priorities and a solid risk analysis in hand,” Plato says. “You must understand the threats you face before you start applying tools to them. Consider the native PaaS security tools that each provider has and start with what each can do. These typically cost less than third-party products.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4010489/how-to-make-your-multicloud-security-more-effective.html
