During the second quarter of 2020 — for the first time in history — customers worldwide spent more on public cloud systems than on investments in non-cloud IT systems. With more cloud spending than ever before, the battle for market share among the leading public cloud providers (PCPs) heated up. The same tactics major providers rely on to encourage cloud customer loyalty tend to amplify the cloud security challenges these customers face. 

Furthermore, many customers want to avoid locking in to a single vendor. This way, they can maximize the well-known perks of moving computing out of their private data centers in the first place. It comes as no surprise that only a small fraction of today’s cloud environments are built within a single public cloud provider’s domain. Instead, 93% are multicloud landscapes, and most rely on hybrid strategies that mix public and private cloud elements as well as on-premise components. 

What are the Major Cloud Security Challenges?

This means today’s defense teams are tasked with creating new tactics for tomorrow’s hybrid and multicloud world

Cloud security challenges can come with both multi-vendor and hybrid cloud strategies. Cloud deployments make IT vastly more complex even as they reduce the demands of physical management. This is taxing for security teams, who frequently struggle to maintain insight in multicloud landscapes. The drive to avoid vendor lock-in can result in an avalanche of readings from various providers’ platforms and software-as-a-service (SaaS) apps. These can be stored in disparate, poorly-integrated data silos, which makes it very difficult to create efficient and effective monitoring and incident response workflows.

Other cloud security challenges come from the way more complex data leads to lack of control. When enterprises use architecture and service delivery models from multiple cloud providers, it becomes more difficult to exercise the granular control needed to ensure data protection standards are met across the board.

The rapid pace of change that has become par for the course on a public cloud only adds to the problem. PCPs constantly shift their offerings, often in an effort to make it harder for customers to move workloads to competing providers’ platforms. Because of this, staying up-to-date on potential problems becomes harder and harder.

No cloud landscape can ever be truly secure if the team tasked with watching for threats, detecting strange events and risks and coordinating workflows can’t keep up. What might seem to be cost-saving measures might not be if they make working so confusing that it leads to errors or mistaken exposure of cloud resources. 

Security Best Practices for Securing a Cloud Environment

1. Watch for Misconfiguration

Guard against misconfiguration, which is still at fault in most cloud data breaches.

More than one-fifth of data breaches reported in 2019 resulted from misconfigurations, and in all cases, they came from human error.

“Just don’t make mistakes” is easier said than done, however.

The majority of teams involved didn’t realize they were responsible for fixing the specific problem that was to blame. In other cases, they lacked the tools to audit the configuration.

It’s essential to invest in support and training for IT operations personnel, as well as to ensure that defense teams have adequate knowledge of the cloud. Using cloud-native tools that monitor for common misconfigurations, including storage bucket risks, can also be helpful.

2. Encryption by Default 

Leverage encryption for cloud data at rest by default.

While encryption doesn’t protect against breaches per se, it does provide another layer of assurance that data won’t be compromised in case of breaches. This is simply an extra safeguard, but it has a key role to play in multi-vendor cloud defense. Automated tools can aid in giving granular insight into whether or not encryption is turned on for every cloud storage bucket.

3. Maintain Identity and Access Management Controls 

Maintain identity and access management (IAM) solutions carefully to address some of the most common cloud security challenges. 

Credential compromise is a significant threat in cloud-based and hybrid environments. These types of attacks are known for being difficult to detect quickly. Local-hosted IAM solutions tend not to work well across hybrid and multicloud landscapes. IAM solutions that are purpose-built for hybrid landscapes, such as those using lightweight directory access protocol (LDAP), show promise. So do hardware token-based services, such as Google’s Titan Security Key or the YubiKey.

4. Monitor Your Environment

Effective monitoring is essential for facing hybrid and cloud security challenges.

Security operations processes and workflows need to evolve at the same time as the cloud. Supporting workers while they tackle cloud security challenges and helping them level up their skills is critical. 

Adopting automated solutions to help analysts collect and monitor the growing volumes of log data created by cloud platforms without becoming overwhelmed by false positives will be key. SOAR platforms, moreso those based on open-source technologies and standards, can work across multiple vendors’ tools and cloud providers’ platforms. They simplify incident triage and response. Artificial intelligence and machine learning-assisted tools can also help with filtering data to reduce alert volumes.

5. Weigh Costs and Benefits 

Think carefully about trade-offs when designing your multi-vendor cloud plan.

There are pros and cons to everything, including multicloud. The primary benefits to selecting services and platforms from an array of PCPs include potential cost savings and the chance for development teams to select the platforms best suited to optimize application performance.

On the other hand, this means you could create a workflow in which there are major skills gaps. These are most likely to appear when it’s time to move data between platforms or manage security across the entire ecosystem.

Choose the Right Cloud Security Strategy Roadmap for You

So how do you choose which approach is right for acing your cloud security challenges? Consider one that puts emphasis on frameworks and standards. Then, select services on the basis of whether or not they’ll fit into this ecosystem. This might increase the upfront cost of services, but will likely pay for itself in terms of reduced admin overhead later.

With a hybrid and multi-vendor cloud security strategy that’s both extensive and unified, you can have the best of both worlds — a secure cloud environment that is practical to build, administer and maintain.

More from Cloud Security

The importance of Infrastructure as Code (IaC) when Securing cloud environments

4 min read - According to the 2023 Thales Data Threat Report, 55% of organizations experiencing a data breach have reported “human error” as the primary cause. This is further compounded by organizations now facing attacks from increasingly sophisticated cyber criminals with a wide range of automated tools. As organizations move more of their operations to the cloud, they must also become increasingly aware of the security risks and threats that come with it. It’s not enough anymore to simply have a set of…

How I got started: Cloud security engineer

3 min read - In today’s increasingly cloud-focused business environment, cloud security engineers are pivotal in protecting an organization’s critical data and infrastructure. As experts in cloud security, they leverage their expertise to ensure that the ever-expanding amount of cloud data is safe from emerging threats and vulnerabilities. Cloud security professionals combine their passion for technology with a deep understanding of security principles to design and implement robust cloud security strategies. What experience do these security experts have, and what led them to the…

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

Lessons learned from the Microsoft Cloud breach

3 min read - In early July, the news broke that threat actors in China used a Microsoft security flaw to execute highly targeted and sophisticated espionage against dozens of entities. Victims included the U.S. Commerce Secretary, several U.S. State Department officials and other organizations not yet publicly named. Officials and researchers alike are concerned that Microsoft products were again used to pull off an intelligence coup, such as during the SolarWinds incident. In the wake of the breach, the Department of Homeland Security…