Multicloud environments reflect the changing nature of the mission, providing resiliency and agility crucial for always-on, global operations. Additionally, certain workloads—particularly GenAI—may run better on specific cloud platforms, and using multiple cloud platforms may even be a contractual or operational necessity.
Still, the more connections between platforms, the greater the potential for breaches. Security tools designed for one platform may not be able to protect the entire cloud ecosystem. Applications and data residing on different platforms create gaps in visibility—and potentially missed alerts—when security tools cannot communicate with each other.
Fortunately, there is a straightforward path to securing a multicloud environment. Building on governance, cross-platform technology, and engaged personnel, agencies can protect critical data and systems and empower users to move the mission forward.
Achieving multi-platform security in a Zero Trust world
The demands of the mission, classification levels, and compliance drive cloud security. Multicloud makes this more challenging, as Zero Trust protocols must be maintained even as users move from platform to platform.
This means that identity and access control systems must work across barriers and connection points—which is not always a straightforward task, considering the proprietary design differences between platforms.
The solution starts with the mission, followed by an understanding of what tools and resources are at hand to achieve its goals. Agencies should focus on:
1. Knowing what you do not fully know.
The larger the infrastructure, the more likely some key information or vulnerability is hidden from view. That is why step one in securing a multicloud environment is to fully assess and inventory your current digital estate:
- Sensor up: Ensure all sensors across the network are operating as expected. Look for anomalies that may indicate threat activity.
- Sweep in: Examine existing analytics and logs running across all cloud platforms. Again, look for anything out of the ordinary.
- Take inventory: Applications, databases, and other digital assets all need to be accounted for. It is also critical to assess security controls and ensure they are optimally configured.
- Prioritize workflows: Determine what processes and information need to be secured and to what level. Meeting mission needs requires effectively allocating limited resources.
Clear, comprehensive knowledge of the entire cloud infrastructure is absolutely necessary to develop multicloud security that works. But there is an additional factor besides technology that needs to be considered: people.
2. Activating a culture of multicloud security.
For multicloud security to succeed, it is critical to engage the personnel operating various mission workloads across separate units and different clouds.
Consider this: Zero Trust means using identity as a security perimeter. While technology makes this work, it is all based on users taking an active role in the process, which requires not only fixed rules but also enabling users across the enterprise to take an active role.
Too often, cybersecurity protects information while putting up barriers to productivity. In a multicloud environment, where it may be necessary to log in and out several times to complete a task, this could lead to workarounds, rogue subscriptions, and shadow technology. Equipping cyber teams with the tools to identify, understand, and resolve these kinds of issues is one key element—but it is just as important to ensure everyone becomes part of the solution.
Governance should support this as well. Not only should effective governance reflect policy and compliance with standards, but it should also consider:
- The urgency of mission goals
- The changing threat environment and how to respond
- The realities and limitations of technology, and the risks of working across platforms
- The need for resources, training, and continuing education and awareness
Ongoing training and reinforcement are needed to ensure that the organizational culture evolves to balance the need for security with enabling and empowering people to do their jobs. It also provides an opportunity for upskilling personnel to take advantage of the capabilities multicloud provides, including more deeply technical and strategic roles for the existing workforce.
3. Balancing security with agility
With an ever-expanding threat space, mission workloads and data must be secure but also accessible to those with the need and authorization. Security should also provide confidence that mission priorities can be accomplished while keeping data, systems, and users safe.
One more factor is crucial to the success of multicloud initiatives. A trusted partner understands mission, security, multicloud, and how to bring those elements together effectively. The right technology partner also brings proven technology designed to make securing multicloud environments easier and more efficient—and can help integrate it into organizational processes in the most effective ways.
As reliance on multicloud grows, so do the risks—along with opportunities to accelerate mission workflows. Multicloud security can and should provide confidence that mission priorities can be accomplished, giving defense and intelligence organizations a clear advantage in protecting the nation.
CTA: Learn more with Microsoft’s 2024 State of Multicloud Security Risk Report