The term cloud agnostic data security relates to uniformly applying best practices to secure data across multiple clouds. In this respect, the term is simple to understand. However, cloud agnostic data security can turn complicated when it comes to enforcing best practices.
There’s been a trend over the past year or so to describe many multi-cloud activities as “agnostic”. This is despite a strict definition of the term meaning that cloud agnostic tools, services, and applications should be capable of being moved to and from any on-premises infrastructure, and to or from any public cloud platform, regardless of the underlying operating system or any other dependency.
Clearly that’s not the case with many multicloud tools, services, and applications because they don’t comply with the lowest common denominator requirement of cloud agnosticism. However, with regards to the term cloud agnostic data security, it is possible for best practices to be genuinely agnostic because they can be applied to any on-premises infrastructure or public cloud platform.
What are cloud agnostic data security best practices?
Cloud agnostic data security best practices are simply data security best practices applied uniformly across multiple clouds. Depending on the nature of the business’s cloud activities and propensity to risk, data security best practices can include data encryption (including masking/tokenization), access controls (including multi-factor authentication), and data monitoring.
Strictly speaking, provided the best practices can be, and are, applied equally across from any on-premises infrastructure, and to or from any public cloud platform, they are cloud agnostic. Where cloud agnostic data security becomes complicated is how compliance with the best practices is monitored and what measures are implemented to ensure best practices are enforced.
How cloud agnostic data security becomes complicated
Let’s say a business operates a hybrid cloud environment consisting of an on-premises infrastructure and three public clouds. To ensure compliance with the best practices across all four platforms, the business will need up to four monitoring solutions because AWS monitoring tools are not capable of monitoring activities on Google Cloud Platform.
Using multiple monitoring tools to ensure compliance not only increases the management overhead, but blind spots will also exist when data is transferred between clouds. Without having total visibility into what’s going on between clouds, it is impossible to tell where data is, what it’s doing, and who (or what) might be accessing the data without authorization.
Are cloud agnostic monitoring tools a thing yet?
The solution to ensuring compliance with data security best practices, reducing management overhead, and eliminating blind spots would be a cloud agnostic monitoring tool. However, it is not yet possible to find such a solution that strictly conforms to the definition of cloud agnostic because none work across any on-premises infrastructure and every public cloud platform.
The best compromise is a cloud management solution such as CloudHealth by VMware that monitors activity across VMware-compatible on-premises infrastructures and any combination of AWS, Azure, and Google public clouds. CloudHealth also has policy-driven automation capabilities in order to ensure cloud agnostic data security best practices are complied with. Learn more about data security in our whitepaper.
Is your organization already working on bridging your security and development teams? Cloud Security Alliance is hosting an educational workshop highlighting successful strategies for organizations looking to improve their security posture while empowering developers to stay agile throughout their development pipeline.