Author: Kevin L. Jackson, CISSP®,CCSP®
CEO, GC GlobalNet / Consultant / Educator / 2X USA Today and WSJ Best-Selling Author / Inventor
Readers of this article know me primarily from my work in cloud computing and cybersecurity. Others may have recently learned of me from my digital transformation lectures and “Digital Business” online application. The quiet few also worked with me within the guarded facilities and locked doors of the United States Intelligence Community. The one thing, however, that many of you don’t know is that I was both a military and civilian pilot. I mentioned this because I have over 3,000 hours of experience flying many aircraft through white clouds, gray clouds, and even a few black ones. I’ve piloted many aircraft through the airspace of many countries while accumulating over 200 traps on US aircraft carriers. I have literally piloted planes around the globe! This experience is why I feel exceptionally qualified to act as your “Multi-Cloud Pilot.”
Acting in that role, this article expands on a recent television entertainment trend of presenting an after-show after the latest streaming hit episode. In an honest effort to replicate the success of that model, this article serves as the after-show for the latest episode of the VMware hit video livestream “Multi-Cloud Expedition.” Hosted by Alexander Romero, Senior Director of Cross-Cloud Services at VMware, that series brings together experts from across VMware to discuss and demonstrate solutions to the most pressing multi-cloud challenges today. This edition of “Multi-Cloud Pilot” highlights the critical takeaways from Multi-Cloud Expedition Episode 3: Advanced Strategies for Governance and Security.
Key Point #1: Multi-Cloud Changes Everything
The enterprise information technology environment dramatically changes when consuming services from multiple clouds. Organizations routinely leverage hyper-scale cloud service providers, sovereign clouds, industry clouds, private clouds, traditional data center services, and managed service providers for information technology resources.
This change affects both infrastructure and application operations. The chaos of today’s multi-cloud world often leads to using numerous tools and processes for cloud operations. Maintaining detailed visibility into the relationships between resources and the application of consistent security controls across multiple cloud environments based on application needs presents challenges. Managers must evaluate and deploy consistent, unified management solutions to break down operational silos, improve efficiency, and ensure that investments deliver value to dynamic digital businesses. To learn more about avoiding “cloud chaos,” please check out The Multi-Cloud Journey: Skipping Over the Chaos to Arrive at “Cloud Smart.”
Key Point #2: The New Definition for Endpoint Protection
If you Google “endpoint security,” the results will probably describe it as securing endpoints or entry points of end-user devices such as desktops, laptops, and mobile devices from being exploited by malicious actors and campaigns. The answer compares favorably to most published articles and books on the subject, but that viewpoint is worthless from a cloud application security point of view. Today’s modern applications are dynamically assembled collections of microservices connected with APIs. This application development and deployment model consumes services from multiple IT service sources. This approach often includes using services from various cloud service providers, multiple data centers, and multiple MSPs. Other entities manage many, obscuring your corporate team’s visibility into a service’s inner workings. Microservice assembly can also occur outside or inside the endpoint device, and this reality makes the microservice API the new focus for endpoint security.
Key Point #3: “Zero Trust” Requires API Endpoint Protection
Zero Trust requires authentication, authorization, and continuous validation for proper security configuration and posture. These actions are done before granting or keeping access to applications and data. Since every microservice is an independent user entity, authentication and authorization must be performed continuously by every API endpoint. That makes API endpoint protection an essential component of any Zero Trust strategy. This practice also applies to cloud service provider infrastructure and application API endpoints. The enterprise is responsible for implementing, monitoring, and managing this multi-cloud critical security process.
Call To Action
Challenges associated with managing a multi-cloud IT environment include:
- Need to use numerous tools and processes for cloud operations;
- Inability to understand how security policies affect application performance;
- Frequent cloud misconfigurations;
- Ineffective compliance management; and
- Lack of security automation at the application level.
Organizations must consistently apply security policy templates across cloud services to address these challenges. Companies must also monitor for any service configuration change or unanticipated configuration drift. Industry best practice is to execute these tasks using a single tool. Operators should also continuously monitor service consumption across clouds or on-premise without resorting to changes to each application. To learn about how VMware can help your organization safely complete its Multi-Cloud Expedition, please check out the following:
- Aria Guardrails – Governance and policy management service that helps to define policies in templates and detect configuration drift.
- Aria Automation for Secure Clouds – Single tool for multi-cloud monitoring and policy management visibility.
- Tanzu Service Mesh – Provides modern application connectivity and zero trust security with visibility for APIs and services across clusters and clouds.
VMware Cross-Cloud Services provides a portfolio of cloud services that deliver standardized ways to build, operate, secure, and access applications on any cloud. By providing industry-leading multi-cloud governance and security services, VMware offers services and tools to help you securely use the right cloud, for the right application, at the right time.
One final point. Don’t miss me, your “Multi-Cloud Pilot,” with Alexander Romero, May 10, 2023, on the VMware Multi-Cloud Expedition!
