3 Ways Multi-Cloud Means Multi-Attack Vectors
Customers like to spread their cloud usage around, for good reason. But more data stores also translate into more ways for criminals to get in.
Cloud adoption is on a steady upward march. It’s not uncommon to hear that laggard organizations, even those that are highly regulated and historically slow to adopt new tech, are leveraging SaaS applications or a private cloud. But one thing that has surprised some pundits: As digital transformation pushes CIOs forward, your customers are not moving workflows to a single massive public cloud. They’re hedging, spreading workloads across several cloud environments. RightScale’s latest State of the Cloud Survey reports that 85 percent of enterprises currently use a multicloud strategy. As to the mix, IDC predicts that public cloud will account for almost 32 percent of all IT infrastructure spending in 2020, while private cloud will represent a little less than 20 percent.
This spreading of the wealth isn’t just about digital diversity. A multicloud architecture provides benefits beyond the advantages that are generally attributed to the cloud, such as accessibility, scalability and lower upfront costs. Multicloud allows organizations to benefit from a wide range of features, mitigates challenges posed by certain license restrictions and potentially offers greater cost flexibility.
For these, along with a number of industry-specific reasons, multicloud environments make sense; however, they also pose their own security challenges that must be addressed, because adopting cloud environments for improved efficiency at the sacrifice of security is not an option.
As your customers continue to innovate, here are several risks they should be aware of, along with strategies for how to mitigate them.
Increased attack surface: This is a problem when deploying almost any new technology. Allowing increased access to network resources and stored data across distributed environments through things like connected devices and applications also makes assets more accessible to cybercriminals. That’s because they are more likely to find an exploitable vulnerability somewhere along the extended attack chain.
IoT devices: Your customers are increasingly connecting IoT devices to their networks, whether for business-critical reasons or as the result of bring-your-own-device (BYOD) policies. Many of these devices are not designed with strong security features and can be easily compromised. Moreover, it is nearly impossible to ensure that each of these devices, or the applications running on them, are secure. As a result, IoT has become a common attack vector for cybercriminals who, if successful, can leverage that entryway to access the cloud platform.
Decreased visibility: Cloud environments often create diminished visibility into device use, data storage and movement, and applications and workflows. This challenge is amplified in multicloud environments, as IT security teams are required to monitor multiple, non-integrated portals. The lack of visibility and integration across these systems, resulting in the need to manually correlate threat intelligence, makes it more difficult to spot threat trends across their various environments.
Cloud providers have ensured that there are security controls in place to guard their infrastructures — things such as encryption, DDoS prevention, access management, penetration testing and intrusion prevention. However, these tools don’t provide the sort of deep contextual security that today’s networks require, which means organizations shouldn’t rely on these alone. While cloud providers aim to ensure data remains secure, the ultimate responsibility to keep sensitive data safe falls on your customers and, should there be a data breach, it is their reputation that will be damaged.
Cybercriminals have taken notice of the growing use of multicloud, which is why, in addition to the common cloud-security risks listed above, there is a constant influx of new, sophisticated malware that specifically targets the cloud. Cybercriminals are propagating malware through endpoints and phishing emails, as well as exploiting the trust your customers have in their SaaS applications. As a result, when an employee clicks a malicious link or connects a compromised device to the network, this access can be leveraged to infect the greater cloud network with malware, which far too often today turns out to be ransomware. These attacks can also be especially effective because, as SaaS applications are approved, it makes it easier for compromised instances to slip past security.
Additionally, as my company, Fortinet’s, recent threat landscape predictions note, it is likely that cloud-service providers themselves will be the next major ransomware targets. Should one service provider be infiltrated, they will have access to the data of countless businesses.
Securing Multicloud
As your customers adopt multicloud environments, they need your help to ensure they have all necessary security controls in one place – not just those implemented by the service provider – with optimal levels of visibility and integration.
For multicloud security to be effective, it must also be integrated, allowing clear visibility and communication across platforms. Additionally, it must be dynamic and flexible, able to stretch alongside cloud environments as they expand. Finally, cloud-security controls should employ segmentation and give your customers the ability to stretch their own security policies into their cloud environments.
An interwoven security fabric approach removes the risks associated with the multicloud, allowing your customers to embrace digital transformation without sacrificing security. This approach integrates security across each cloud platform and then ties everything together into a unified and centralized control point, bringing visibility and intelligence back to your distributed network. This architectural approach allows cloud defenses, application defenses and endpoint defenses to communicate, ensuring the fastest threat detection and response times. Furthermore, a security fabric incorporates CASBs, which allow your customers to extend their own security policies into the cloud. This is especially important to customers in highly regulated industries, such as finance and health care.
Multicloud is actively being adopted by many of your customers for the cost, flexibility and scalability benefits; however, it can decrease visibility while broadening the attack surface. To protect data, customers must look beyond the basic built-in security features provided by cloud providers and work with partners to incorporate integrated and automated controls that can span the entire distributed network environment.
Jon Bove is the vice president of Americas channels at Fortinet. In this capacity, Bove and his team are responsible for strategizing, promoting and driving the channel sales strategy for partners in the United States as it seeks to help them build successful – and profitable – security practices. A 17-year veteran of the technology industry, Bove has held progressively responsible sales, sales-leadership and channel-leadership positions. During his time at Fortinet, he has been responsible for establishing Fortinet’s national partner program and aligning Fortinet’s regional partner strategy to allow partners to develop Fortinet security practices with the tools and programs to successfully grow their businesses.
About the Author
You May Also Like