How to Secure Your Organization in a Multi-Cloud Environment
Many organizations today are migrating not just into one cloud environment but into a multi-cloud environment. This multi-cloud migration presents a challenge to organizations especially in securing this new environment.
What Is Multi-Cloud?
In the good old days, the primary means of storing, managing and processing data was through on-premise local server or personal computer. Thanks in part to more developed internet infrastructure, over the past few years, there has been an unprecedented growth of the “cloud”, which refers to a network of servers that can be accessed via the internet to store, manage and process data.
Amazon (via Amazon Web Services), Microsoft (via Microsoft Azure) and Google (via Google Cloud) are some of the major companies that offer cloud services. The cloud services offered by these companies are called “public cloud” as these services are open to anyone in the public who wants to use the service for a certain fee. Multi-cloud, meanwhile, refers to the use of multiple public cloud services.
Data from Gartnershowed that the worldwide public cloud services market is projected to grow by 17.3% in 2019 to total $206.2 billion, up from $175.8 billion in 2018. According to Gartner, while most organizations will retain a primary cloud provider for a particular purpose, most organizations will use more than one public cloud provider.
Many organizations have come to embrace the multi-cloud environment due to the following reasons:
Vendor Lock-In Avoidance
Many organizations have embraced the multi-cloud environment as they don’t want to rely mainly on one cloud provider. Having an option to transfer to another cloud provider is important especially when a particular cloud provider charges an unacceptable price hike and in case the provider goes out of business.
Latency Avoidance
Latency refers to the time delay during network connections. The latency of one public cloud provider can either be shorter or longer compared to another public cloud provider as cloud solutions are served from different geographical locations. For instance, your organization has no choice but to transfer to another equally competent public cloud provider as the cloud solution of this other provider is geographically located near your organization’s headquarter, providing a shorter latency compared to your original provider.
Disaster Recovery Mitigation
Many organizations have embraced the multi-cloud environment for disaster recovery mitigation. Having more than one public cloud provider ensures that your organization has another provider to rely on in case of outages, downtime and data loss in one provider.
Getting the Best Options
Not all public cloud providers are created equal. Each provider has its own strengths and limitations. By using more than one provider, your organization can get the best of each of these cloud providers.
Security Challenges in a Multi-Cloud Environment
While a multi-cloud environment offers benefits to organizations, this environment also presents a security challenge and cyber criminals know this predicament.
In a multi-cloud environment, security is a shared responsibility among public cloud providers and the customers. Every cloud provider offers basic native security services, such as access controls and data protection tools. But by having multiple public cloud services, your organization runs the risk of a fragmented security.
Misconfigurations
In mid-2017, UpGuardresearchers discovered terabytes of Verizon’s customer data was stored in the public cloud that was left exposed to the public as a result of misconfiguration, leaving the data exposed by simply knowing the correct URL.
In September 2017, UpGuard researchers discovered 137 gigabytes of Accenture’s customer datastored in the public cloud was left exposed to the public as a result of misconfiguration.
RedLock, meanwhile, reported that a number of Kubernetes (referring to the open-source platform for managing containerized workloads and services) administrative consoles deployed on Amazon Web Services, Microsoft Azure, and Google Cloud were not password protected. In October 2017, RedLock researchers discovered that Aviva’s Kubernetesadministration console was deployed on a cloud without a username or password protection. Aviva’s exposed Kubernetes administration console, RedLock said, was leaking access credentials to critical infrastructure such as Amazon Web Services (AWS). As a result of this exposure, cyber criminals illicitly use the compute power within Aviva’s cloud account to mine a cryptocurrency – the process known as cryptojacking.
In February 2018, RedLock reported another cryptojacking incident, this time, involving Tesla’s cloud account. RedLock said that Tesla’s Kubernetes consolewas similarly not password protected, which then led to the exposure of access credentials of Tesla’s cloud account. As a result of this exposure, RedLock said Tesla’s cloud account was illicitly used to mine a cryptocurrency.
What’s disconcerting about the above-mentioned data exposure is that cloud configuration doesn’t need much technical knowledge as it only needs a few clicks to close the data exposure. The worst scenario in the above-mentioned data exposure is that the companies themselves were unaware of this self-imposed data exposure. The said companies only knew and closed the data gap when security researchers reported to them about the security loophole.
Known Security Vulnerabilities
Correct configuration isn’t the only thing that organizations need to be aware of in protecting their cloud environment. The recent critical security vulnerability in Kubernetesallows attackers remote access to vulnerable cloud accounts, enabling them to steal data, steal compute power or crash production applications. The only way to protect your organization’s cloud account from this latest security vulnerability is by updating to Kubernetes revisions v1.10.11, v1.11.5, v1.12.3, and v1.13.0-rc.1.
Contact us todayif you need assistance in protecting your organization’s multi-cloud environment or moving your important data to a secure cloud.