This blog is part of a series to help organizations of any size optimize their security. Our experts provide insights and recommendations based on common security use cases, customer questions, and security software developer needs.
Running a business on multiple cloud environments to reduce costs and improve capabilities is now the norm. Organizations want to accelerate applications and services, avoid vendor lock-in, distribute applications to the edge, and support a distributed workforce.
Different clouds from different vendors, however, don’t always play nice together. A multi-cloud environment may result in inconsistent infrastructure, inefficient management, and gaps in cybersecurity.
The evolving complexity from multi-cloud environments calls for strategic and thoughtful cybersecurity planning to stop issues before they start.
What should be implemented in a multi-cloud environment for better security?
A multi-cloud environment needs a consolidated, centralized Security Operations Center (SOC). A SOC is necessary to avoid blind spots that can happen from isolated teams and environments, which can create substantial risk. Within a SOC, security teams are better able to monitor activity across a network, access and control systems as needed, detect incidents or abnormal behavior, and take immediate action to remediate vulnerabilities.
A central team alleviates siloes by providing overarching governance and policies, minimizing redundancies in both roles and technologies, and implementing a consistent framework for security across the IT ecosystem. Use of consistent tools and processes helps teams access data and information quickly across the enterprise to mitigate risks and security vulnerabilities in real time.
Need help getting started with a SOC or need to update one? Read more about setting one up in this article.
What should be done to protect critical data?
Cyberattacks target data, and the easiest way to get to that data is through stolen credentials. Cybercriminals may use data for crimes such as phishing scams and identity theft. The easiest and most overlooked method to prevent loss of data through stolen credentials is to implement an internal, ongoing learning program that teaches employees the basics of avoiding phishing emails, not clicking on spoofed URLs, guarding against visits to questionable websites, and creating secure passwords.
Access and identity management are crucial components to implement in any multi-cloud environment. Security teams should always know exactly where critical data is located and who has access to it. Critical data needs to be secured and access to it managed across the IT ecosystem.
Management of critical data includes data encryption, data backup, destruction of old or unused hardware, implementation of firewalls, encryption of devices such as USB drives, and disabling of file sharing if no longer needed.
In addition, security teams need to secure all endpoints, workloads, and network control points.
What about all the data logs collected across the IT ecosystem?
Keep all logs. The almost unfathomable amount of data that is logged by an IT environment is the only recourse to learning more about a cyber threat or attack should one occur. Affordable cloud storage makes it easy to archive logs that account for everything in a network: access, configurations, and activities.
Because we don’t know what may occur in the future or what may need to be analyzed, it’s imperative to keep everything. Data logs can provide clues about attackers, the timing of an attack, how long intruders were in the system, what happened to systems over time, how attackers moved within the network, what information was accessed, and anything that may have been exposed, damaged, or lost.
A SOC should include governance around the retention of data to support cyber forensics should they be needed.
How can automation be incorporated in cybersecurity governance?
Innocent mistakes are human, but the reality is that they can expose an organization to threats despite a well-communicated policy. The sheer volume of data to manage and monitor in any IT ecosystem calls for reinforcement for short-handed security teams.
Complex, multi-cloud environments benefit from platforms that offer capabilities and workflows to automate the enforcement of policies and standards. These platforms allow for scale and transparency and prevent non-compliance through automated controls that can be preconfigured for fast implementation and cost efficiency.
Organizations can leverage automation through platforms that utilize machine learning and artificial intelligence to establish baselines, retrieve information, detect anomalies, automate repetitive tasks, and enforce policies and governance.
Learn more about security for your multi-cloud environment
If you’re not sure about your security posture or the level of vulnerability in your organization’s IT environment, a security assessment can help you develop a clear view of your current state and possible remediations needed. Visit the Professional Services for Security resources section for overviews on the different types of assessments available, and contact us at SecurityPSInquiry@vmware.com to learn more.
For more support, read the other blogs in this series:
- The Security Toolbox: Building a SOC on a Budget – Learn about the common tools and methodologies for a security operations center.
- The Security Toolbox: Meet Cybersecurity Mesh Architecture – Discover the promise of better security through the concept of CSMA.
- The Security Toolbox: Slow the Risks of Attack Surface Expansion with AI – Read about the benefits of AI and machine learning for mitigating cyber risks.
- The Security Toolbox: Facing the Real Business of Ransomware – Mitigating ransomware risks starts by understanding how cybercriminals operate and incorporating security best practices.
- The Security Toolbox: Raising Preparedness with Wargaming – Learn how practice detecting and hunting threats in realistic scenarios raises security posture.
One comment has been added so far