Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
    • By Category
      • AI/Hyperautomation
      • Cloud/Cloud Wars
      • Cybersecurity
      • Data
    • By Interest
      • Leadership
      • Office of the CFO
      • Partners Ecosystem
      • Sustainability
    • By Industry
      • Financial Services
      • Healthcare
      • Manufacturing
      • Retail
    • By Type
      • Guidebooks
      • Digital Summits
      • Practitioner Roundtables
      • Practitioner Playlists
    • By Language
      • Español
  • Vendor Shortlists
    • All Vendors
    • AI/Hyperautomation
    • Cloud
    • Cybersecurity
    • Data
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
Twitter Instagram
  • CIO Summit
  • Summit NA
  • Dynamics Communities
Twitter LinkedIn
Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
        • By Category
          • AI/Hyperautomation
          • Cloud/Cloud Wars
          • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
          • Data
        • By Interest
          • Leadership
          • Office of the CFO
          • Partners Ecosystem
          • Sustainability
        • By Industry
          • Financial Services
          • Healthcare
          • Manufacturing
          • Retail
        • By Type
          • Guidebooks
          • Digital Summits
          • Practitioner Roundtables
          • Practitioner Playlists
        • By Language
          • Español
  • Vendor Shortlists
    • All Vendors
    • AI/Hyperautomation
    • Cloud
    • Cybersecurity
    • Data
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
    • Login / Register
Acceleration Economy
    • Login / Register
Home » How to Build and Manage Multi-Cloud Security in a Global Business
Cybersecurity as a Business Enabler

How to Build and Manage Multi-Cloud Security in a Global Business

Bill DoerrfeldBy Bill DoerrfeldMarch 3, 20235 Mins Read
Facebook Twitter LinkedIn Email
multi-cloud multi-geographies
Share
Facebook Twitter LinkedIn Email
Acceleration Economy Cybersecurity

These days, most large organizations have adopted a multi-cloud hybrid state to host their computing workloads and store data. Utilizing multiple cloud service providers (CSPs) can increase fault tolerance, bring performance optimizations, and empower development teams to choose “best of breed” architectures. For all these reasons and more, 90% of organizations report that multi-cloud is helping them realize their business goals.

Simultaneously, cloud-based services must often span multiple geographies, each with its own complexities around how enterprises must store data to meet privacy regulations. Doing so requires a zero-trust approach for internal assets, even for team members requesting access.

In a nutshell, navigating this new world of multiple clouds and geographies poses challenges to modern cybersecurity. Below, we’ll outline some of these risks and consider methods to protect multi-cloud, multi-geographic environments.

Which companies are the most important vendors in cybersecurity? Click here to see the Acceleration Economy Top 10 Cybersecurity Shortlist, as selected by our expert team of practitioner-analysts.

Identifying Risk

In the last decade or so, many organizations shifted from physical server rooms to cloud computing. But what started with adopting a single CSP eventually led to using multiple clouds, whether from AWS, Azure, Google Cloud, Oracle, IBM Cloud or others. According to the 2022 Global Hybrid Cloud Trends Report, 82% of organizations have already adopted a hybrid cloud. In addition to CSPs, organizations have also come to rely on various web-based APIs to avoid reinventing the wheel for common functions.

The multi-cloud trend has a few important implications for cybersecurity. For one, multi-cloud complexity increases your total attack surface area. There are more secrets to be exposed and more environments that could be misconfigured. Further, in multi-cloud, you no longer can have one source of truth for security policies and must navigate inconsistencies regarding how each cloud handles identity and access management. Other cloud-native threats include insecure defaults, leaky endpoints, and software supply chain disruption. 

See the Cybersecurity Top 10 shortlist

Simultaneously, organizations must manage compliance amid many complex geo-specific data privacy standards. U.S. corporations doing international business must comply with the EU’s General Data Protection Regulation (GDPR), as well as follow the intricacies of emerging state-specific policies within California (CCPA), Virginia (VCDPA), Colorado (CPA), Utah (UCPA), and elsewhere. There are also industry-specific data regulations to consider, such as Health Insurance Portability and Accountability Act (HIPAA) standards for healthcare and open banking data decrees for finance.

It’s not only tracking customer data across geographies that’s a cybersecurity concern: Many teams have also become globally distributed, collaborating asynchronously across multiple countries and time zones. Plus, organizations now loop a mixture of full-time employees, contractors, and partners into the same value streams. These new working relationships are a boon for collaboration, but they introduce risk management concerns, highlighting the need for hardened cybersecurity for internal networks. 

Establishing Standard Policies and Procedures

So, how can business leaders respond to new multi-cloud and multi-geo cybersecurity concerns?

Well, first, it’s crucial that you audit your surface area to get a better picture of the environments your business is operating in. Next, you’ll want to catalog the various data privacy standards that the company comes into contact with across geographies. Only by understanding your posture can you develop a comprehensive risk management plan and begin to implement standard policies and procedures.

Then, it’s a good idea to establish common security policies and centralize them with the help of a decoupled policy management layer. Certain open-source tools like Open Policy Agent and Kyverno can implement standard policies across various cloud-native infrastructures. (As a general rule of thumb, when developing user authentication and authorization policies, it’s a good idea to follow the principle of least privilege which assigns access to roles only on a need-to-know basis. This will help ensure access isn’t over-assigned to the various roles that interface with cloud-based architecture and customer data.)

Insights into the Why & How to Secure SaaS Applications_featured
Guidebook: Secure SaaS Applications

Some CSPs bake in support to help manage customer and employee data across various geographies. For example, Microsoft 365 users can take advantage of Multi-Geo environments in which the Microsoft 365 Tenant is spread across a centralized location as well as satellite offices. This consolidates locations, groups, and user information in a central Azure directory structure and synchronizes them with distributed sites. 

Some other tips include:

  • Utilizing encryption to protect data at rest and in transit
  • Establishing data storage and access policies
  • Establishing network security policies
  • Deploying firewalls and other security measures
  • Evolving the traditional governance model

Monitoring and Maintenance

Next, businesses will want to ensure they are always meeting compliance requirements with security policies and procedures. This will require regular security assessments and audits. It’s also a good idea to schedule regular updates and patches to avoid code vulnerabilities within open-source software. For example, using tooling to automate the detection of zero-day vulnerabilities can help ensure applications are more secure across clouds.

In addition to regular security assessments, companies should implement a comprehensive monitoring system to track data access and usage. This system can help monitor system performance for frailties and investigate security threats to take necessary actions when misuse is discovered. In addition to regular monitoring, it’s important that software vendors are compliant with security regulations — as such, consider requesting a Software Bill of Materials (SBOM) from new vendors. This will help auditing efforts and ensure that the provenance of software dependencies is known.

Going Global With Multi-Cloud

As Satya Nadella, CEO of Microsoft, has said, “all companies are software companies.” And as they transition into software companies, they are producing software and data with a value that transcends geographical boundaries. But as companies seek to do business in multiple clouds and in numerous countries and states, they must face the reality of escalating data regulations and cloud-native threats.

To conduct business safely across distributed clouds and territories, information technology leaders must take action to wrangle the increasingly diverse number of deployments and databases in use today. Only by enabling robust authentication and authorization, and continually assessing risk can they begin to manage the compounding threat landscape. In addition to the policies described above, it’s good to stay up-to-date on security trends and best practices and train staff on your standard security protocols.


Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel:

Acceleration Economy Cybersecurity

automation Compliance data featured financial services GDPR healthcare Industries multi-cloud Open-Source Software Risk Management supply chain vulnerability
Share. Facebook Twitter LinkedIn Email
Analystuser

Bill Doerrfeld

Tech Journalist
Editor-in-Chief

Areas of Expertise
  • Cybersecurity
  • Low Code/No Code
  • LinkedIn

Bill Doerrfeld, an Acceleration Economy Analyst focused on Low Code/No Code & Cybersecurity, is a tech journalist and API thought leader. Bill has been researching and covering SaaS and cloud IT trends since 2013, sharing insights through high-impact articles, interviews, and reports. Bill is the Editor in Chief for Nordic APIs, one the most well-known API blogs in the world. He is also a contributor to DevOps.com, Container Journal, Tech Beacon, ProgrammableWeb, and other presences. He's originally from Seattle, where he attended the University of Washington. He now lives and works in Portland, Maine. Bill loves connecting with new folks and forecasting the future of our digital world. If you have a PR, or would like to discuss how to work together, feel free to reach out at his personal website: www.doerrfeld.io.

  Contact Bill Doerrfeld ...

Related Posts

Why Cybersecurity Leaders Need to Know the CISA Zero Trust Maturity Model

March 30, 2023

How Informatica Unlocks Digital Transformation With AI-Powered Data Management Platform

March 30, 2023

How ChaptGPT Plugins Create New AI Value, Including Real-Time Information

March 30, 2023

How to Prioritize IT Projects and Explain Their Value to the C-Suite, Board, and Business Units

March 30, 2023
Add A Comment

Comments are closed.

Recent Posts
  • Why Cybersecurity Leaders Need to Know the CISA Zero Trust Maturity Model
  • Let’s Talk Transformation | Strategy
  • How Informatica Unlocks Digital Transformation With AI-Powered Data Management Platform
  • How ChaptGPT Plugins Create New AI Value, Including Real-Time Information
  • How to Prioritize IT Projects and Explain Their Value to the C-Suite, Board, and Business Units

  • 3X a week
  • Analyst Videos, Articles & Playlists
  • Exclusive Digital Business Content
This field is for validation purposes and should be left unchanged.
Most Popular Guidebooks

Securing Multi-Cloud Ecosystems

March 24, 2023

Securing Software-as-a-Service Applications

March 1, 2023

Retail Innovation With AI, Data, and Cybersecurity

March 1, 2023

Cloud Data Strategy, Analytics, and Governance

February 27, 2023

Advertisement
Acceleration Economy
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Advertising Opportunities
© 2023 Acceleration Economy.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?

Connect with

Login with Google Login with Windowslive

Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.