Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
    • By Category
      • AI/AI Index
      • Cloud/Cloud Wars
      • Cybersecurity
      • Data
    • By Interest
      • Leadership
      • Generative AI
      • Partners Ecosystem
      • Process Mining
      • Sustainability
    • By Industry
      • Financial Services
      • Healthcare
      • Manufacturing
      • Retail
    • By Type
      • Guidebooks
      • Summits
      • Roundtables
      • Video Moments
    • By Vendors
      • All Vendors
      • AI/Hyperautomation
      • Cloud
      • Cybersecurity
      • Data
  • Courses
    • Cloud Wars Top 10
    • Selling AI, Cloud, Data & Cybersecurity
    • The Demise of Traditional Go-To-Market Strategies
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
Twitter Instagram
  • Courses
  • Summit NA
  • Dynamics Communities
Twitter LinkedIn
Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
        • By Category
          • AI/AI Index
          • Cloud/Cloud Wars
          • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
          • Data
        • By Interest
          • Leadership
          • Generative AI
          • Partners Ecosystem
          • Process Mining
          • Sustainability
        • By Industry
          • Financial Services
          • Healthcare
          • Manufacturing
          • Retail
        • By Type
          • Guidebooks
          • Summits
          • Roundtables
          • Video Moments
        • By Vendors
          • All Vendors
          • AI/Hyperautomation
          • Cloud
          • Cybersecurity
          • Data
  • Courses
    • Cloud Wars Top 10
    • Selling AI, Cloud, Data & Cybersecurity
    • The Demise of Traditional Go-To-Market Strategies
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
    • Login / Register
Acceleration Economy
    • Login / Register
Home » How to Build and Manage Multi-Cloud Security in a Global Business
Cybersecurity as a Business Enabler

How to Build and Manage Multi-Cloud Security in a Global Business

Bill DoerrfeldBy Bill DoerrfeldMarch 3, 20235 Mins Read
Facebook Twitter LinkedIn Email
multi-cloud multi-geographies
Share
Facebook Twitter LinkedIn Email
Acceleration Economy Cybersecurity

These days, most large organizations have adopted a multi-cloud hybrid state to host their computing workloads and store data. Utilizing multiple cloud service providers (CSPs) can increase fault tolerance, bring performance optimizations, and empower development teams to choose “best of breed” architectures. For all these reasons and more, 90% of organizations report that multi-cloud is helping them realize their business goals.

Simultaneously, cloud-based services must often span multiple geographies, each with its own complexities around how enterprises must store data to meet privacy regulations. Doing so requires a zero-trust approach for internal assets, even for team members requesting access.

In a nutshell, navigating this new world of multiple clouds and geographies poses challenges to modern cybersecurity. Below, we’ll outline some of these risks and consider methods to protect multi-cloud, multi-geographic environments.

Which companies are the most important vendors in cybersecurity? Click here to see the Acceleration Economy Top 10 Cybersecurity Shortlist, as selected by our expert team of practitioner analysts.

Identifying Risk

In the last decade or so, many organizations shifted from physical server rooms to cloud computing. But what started with adopting a single CSP eventually led to using multiple clouds, whether from AWS, Azure, Google Cloud, Oracle, IBM Cloud or others. According to the 2022 Global Hybrid Cloud Trends Report, 82% of organizations have already adopted a hybrid cloud. In addition to CSPs, organizations have also come to rely on various web-based APIs to avoid reinventing the wheel for common functions.

The multi-cloud trend has a few important implications for cybersecurity. For one, multi-cloud complexity increases your total attack surface area. There are more secrets to be exposed and more environments that could be misconfigured. Further, in multi-cloud, you no longer can have one source of truth for security policies and must navigate inconsistencies regarding how each cloud handles identity and access management. Other cloud-native threats include insecure defaults, leaky endpoints, and software supply chain disruption. 

See the Cybersecurity Top 10 shortlist

Simultaneously, organizations must manage compliance amid many complex geo-specific data privacy standards. U.S. corporations doing international business must comply with the EU’s General Data Protection Regulation (GDPR), as well as follow the intricacies of emerging state-specific policies within California (CCPA), Virginia (VCDPA), Colorado (CPA), Utah (UCPA), and elsewhere. There are also industry-specific data regulations to consider, such as Health Insurance Portability and Accountability Act (HIPAA) standards for healthcare and open banking data decrees for finance.

It’s not only tracking customer data across geographies that’s a cybersecurity concern: Many teams have also become globally distributed, collaborating asynchronously across multiple countries and time zones. Plus, organizations now loop a mixture of full-time employees, contractors, and partners into the same value streams. These new working relationships are a boon for collaboration, but they introduce risk management concerns, highlighting the need for hardened cybersecurity for internal networks. 

Establishing Standard Policies and Procedures

So, how can business leaders respond to new multi-cloud and multi-geo cybersecurity concerns?

Well, first, it’s crucial that you audit your surface area to get a better picture of the environments your business is operating in. Next, you’ll want to catalog the various data privacy standards that the company comes into contact with across geographies. Only by understanding your posture can you develop a comprehensive risk management plan and begin to implement standard policies and procedures.

Then, it’s a good idea to establish common security policies and centralize them with the help of a decoupled policy management layer. Certain open-source tools like Open Policy Agent and Kyverno can implement standard policies across various cloud-native infrastructures. (As a general rule of thumb, when developing user authentication and authorization policies, it’s a good idea to follow the principle of least privilege which assigns access to roles only on a need-to-know basis. This will help ensure access isn’t over-assigned to the various roles that interface with cloud-based architecture and customer data.)

Insights into the Why & How to Secure SaaS Applications_featured
Guidebook: Secure SaaS Applications

Some CSPs bake in support to help manage customer and employee data across various geographies. For example, Microsoft 365 users can take advantage of Multi-Geo environments in which the Microsoft 365 Tenant is spread across a centralized location as well as satellite offices. This consolidates locations, groups, and user information in a central Azure directory structure and synchronizes them with distributed sites. 

Some other tips include:

  • Utilizing encryption to protect data at rest and in transit
  • Establishing data storage and access policies
  • Establishing network security policies
  • Deploying firewalls and other security measures
  • Evolving the traditional governance model

Monitoring and Maintenance

Next, businesses will want to ensure they are always meeting compliance requirements with security policies and procedures. This will require regular security assessments and audits. It’s also a good idea to schedule regular updates and patches to avoid code vulnerabilities within open-source software. For example, using tooling to automate the detection of zero-day vulnerabilities can help ensure applications are more secure across clouds.

In addition to regular security assessments, companies should implement a comprehensive monitoring system to track data access and usage. This system can help monitor system performance for frailties and investigate security threats to take necessary actions when misuse is discovered. In addition to regular monitoring, it’s important that software vendors are compliant with security regulations — as such, consider requesting a Software Bill of Materials (SBOM) from new vendors. This will help auditing efforts and ensure that the provenance of software dependencies is known.

Going Global With Multi-Cloud

As Satya Nadella, CEO of Microsoft, has said, “all companies are software companies.” And as they transition into software companies, they are producing software and data with a value that transcends geographical boundaries. But as companies seek to do business in multiple clouds and in numerous countries and states, they must face the reality of escalating data regulations and cloud-native threats.

To conduct business safely across distributed clouds and territories, information technology leaders must take action to wrangle the increasingly diverse number of deployments and databases in use today. Only by enabling robust authentication and authorization, and continually assessing risk can they begin to manage the compounding threat landscape. In addition to the policies described above, it’s good to stay up-to-date on security trends and best practices and train staff on your standard security protocols.


Want more cybersecurity insights? Visit the Cybersecurity channel:

Acceleration Economy Cybersecurity

automation Compliance data featured financial services GDPR healthcare Industries multi-cloud Open-Source Software Risk Management supply chain vulnerability
Share. Facebook Twitter LinkedIn Email
Analystuser

Bill Doerrfeld

Tech Journalist
Editor-in-Chief

Areas of Expertise
  • Cybersecurity
  • Low Code/No Code
  • LinkedIn

Bill Doerrfeld, an Acceleration Economy Analyst focused on Low Code/No Code & Cybersecurity, is a tech journalist and API thought leader. Bill has been researching and covering SaaS and cloud IT trends since 2013, sharing insights through high-impact articles, interviews, and reports. Bill is the Editor in Chief for Nordic APIs, one the most well-known API blogs in the world. He is also a contributor to DevOps.com, Container Journal, Tech Beacon, ProgrammableWeb, and other presences. He's originally from Seattle, where he attended the University of Washington. He now lives and works in Portland, Maine. Bill loves connecting with new folks and forecasting the future of our digital world. If you have a PR, or would like to discuss how to work together, feel free to reach out at his personal website: www.doerrfeld.io.

  Contact Bill Doerrfeld ...

Related Posts

Oracle Q1: Despite Market-Cap Thrashing, Cloud Growth Still Surging

September 13, 2023

C3 AI Extends Enterprise Generative AI Focus With Suite for Industries, Processes

September 13, 2023

Generative AI’s Role in Reshaping Business Dynamics: Uphoff on Industry

September 13, 2023

Oracle Q1: Catz, Ellison Bullish but Investors Cut Market Cap by $35B

September 13, 2023
Add A Comment

Comments are closed.

Recent Posts
  • Oracle Q1: Despite Market-Cap Thrashing, Cloud Growth Still Surging
  • C3 AI Extends Enterprise Generative AI Focus With Suite for Industries, Processes
  • Generative AI’s Role in Reshaping Business Dynamics: Uphoff on Industry
  • Oracle Q1: Catz, Ellison Bullish but Investors Cut Market Cap by $35B
  • AI Index: PayPal and VISA Reduce Risk with AI; ConverSight Secures $9 Million; Hugging Face Announces SafeCoder

  • 2X a week
  • Analyst Videos & Articles
  • Exclusive Digital Business Content
This field is for validation purposes and should be left unchanged.
Most Popular Guidebooks

The State of Process Mining 2023: Unlocking Efficiency and Driving Customer Satisfaction

July 31, 2023

How Workday Creates Agile Monetization Opportunities for CFOs

June 21, 2023

Why & How to Create a Zero-Trust Framework

June 12, 2023

The Ethical and Workforce Impacts of Generative AI

May 26, 2023

Advertisement
Acceleration Economy
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Advertising Opportunities
  • Do not sell my information
© 2023 Acceleration Economy.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.