The unprecedented growth of the cloud computing industry has had the business community rejoice. The discussion among the business and IT leaders is no longer concerning ‘Should we move to the cloud?’ but ‘How do we optimize our cloud migration strategy?’ Taking advantage of the competitive cloud market, enterprises have gradually abandoned all-in-one solution suites and begun opting for best-of-breed offerings. Exclusivity is a story of the past; enterprises now work with multiple vendors to meet their cloud computing needs, giving rise to the strategy known as multi-cloud.
There is no denying the increasing popularity of multi-cloud. According to a study by Microsoft and 451 Research, nearly a third of organizations work with three to four cloud vendors. While different departments within a company happily turn to their vendor-of-choice for solutions to their particular needs, multi-cloud management can appear a challenging task for CIOs, especially when it comes to security.
What is multi-cloud?
Multi-cloud, a strategy when companies deploy cloud services from two or more vendors, is becoming a preferred choice for a host of reasons, most notably the flexibility to mix and match offerings. For instance, a company might rely on Amazon Web Services for computing capacity and Google for machine learning.
Tapping into the resources of multiple vendors also grants enterprises more negotiating power and the flexibility to migrate their business operations based on shifting dynamics such as new offerings and pricing, resulting in enhancement of productivity and lower cost.
However, some business leaders might consider multi-cloud as a strategy that will expose their organization to the cyberstorm that has been gathering strength recently. The 2017 Worldwide DDoS Attacks and Cyber Insights Research Report by Neustar revealed an 11 percent increase in the number of organizations targeted by DDoS attack. Despite having various forms of security measures in place, businesses still suffered from sluggish detection and response to malicious activities, with 33 percent of organizations in APAC reporting an average revenue loss of at least $250,000. Multi-cloud has proven to be a vital disaster prevention/recovery strategy: enterprises can avoid outages by relying on failover architecture on unaffected clouds. However, securing a multi-cloud environment can be seen as highly problematic and challenging.
DDoS in multi-cloud
Multi-cloud is commonly considered the superior strategy when it comes to overcoming a wide variety of problems within an enterprise. Ideally, multi-cloud’s abilities as a problem-solver should offload some computing resources otherwise required for business operations and lead to the simplification of the IT infrastructure. After all, profound benefits such as business continuity, flexibility and cost-savings are the main factors driving this trend of deployment. But with these payoffs come a few multi-cloud management headaches, particularly with regard to securing a multi-cloud environment against DDoS attacks.
As more organizational data floods to the cloud, businesses are increasingly relying on Application Programming Interfaces (APIs) to smoothen the process and optimize the use of all services available. In a cloud environment, however, APIs can be a fickle friend. On one hand, APIs enable users to access, interact with, and manage cloud resources, resulting in ease of integration, infrastructural expansion, or in the case of multi-cloud, cross-cloud compatibility. On the other hand, exposed APIs can leave enterprises vulnerable to breaches as they open the floodgate to DoS/DDoS attacks. Consequently, poor management of multiple API networks on multiple clouds exponentially increases the risk of cyberattacks for businesses.
Multi-layered security approach
With the relentless wave of DDoS attacks showing no sign of slowing down, it is clear that organizations need a robust yet manageable network security scheme, with solutions that extend the protection of resources to all cloud networks to manage all potential risk factors. Vital components of this security scheme include vulnerability testing, API assets consolidation and rigorous authentication mechanisms.
But ultimately, the only way to secure a multi-cloud environment is to apply a multi-layered security approach. Understandably, managing multiple cloud networks can strain in-house IT resources, prompting companies to seek external support from third-party security vendors. Dedicated cybersecurity partners with extensive knowledge of the underlying infrastructures of different cloud platforms can assist businesses in constantly monitoring and implementing sophisticated mitigation strategies. This allows innovative enterprises to continue to leverage on the latest computing technologies while seeking to remain vigilant and agile in an ever-shifting cyberthreat landscape.
Migrating in-house business operations to the cloud is a vital step in helping businesses redefine their digital readiness. With just a few clicks, they can enjoy the flexibility and computing prowess powered by vendors’ superior computing infrastructure while significantly reducing the expenditure that would otherwise be spent on in-house IT resources.
However, as vibrant as the cloud computing market currently appears, enterprises need to be mindful that in some cases vendors might not have rigorous data security standards and sophisticated protection tools. For this reason, in addition to relying on the cloud vendors for security measures, enterprises must play an active role in monitoring their information resources, devise a layered security plan, and work with trusted cybersecurity partners to remain vigilant against future threats.
Robin Shmitt is general manager for APAC at Neustar, a company specializing in domain name registration and Intrernet analytics