Multi Cloud Security

By: Aseem Rastogi | 9 Jul 2019

Cloud computing has evolved as universal infrastructure solution that is delivered as a service. The cloud has revolutionized the way computing infrastructure is abstracted and used. As with any new technology, there are challenges and obstacles that has to be faced and conquered by the stakeholders such as Manage Security Service Providers. Today cloud has evolved to become mainstream business enabler for companies.

Multi Cloud Adoption

Cloud providers, with increasing competition have tried to carve their own niche by specializing in certain business use cases such as e-commerce, gaming, AI/Big data analytics & so on. As the need for organization evolve and become more complex, using multiple clouds to solve business challenges becomes all but inevitable. For example – latest research from IBM Institute for Business says, 85 percent already operate in multi cloud environments. And most of those that don’t currently use multi cloud plan to soon. By 2021, 98 percent of companies are expected to use multi-cloud.

1,016 executives from 19 different industries surveyed, about two-thirds (66 percent) said multi cloud is crucial to reducing costs.

Multi-cloud usage requires careful orchestration & management of emergent risks. The situation also creates risks & opportunities for Managed Security Service Provider. Some of the challenges of multi-cloud are:

Lack of visibility

Running and executing applications in silos across clouds, is becoming a huge security risk. None of which are integrated or able to share data, it becomes increasingly difficult to have a common set of expectations and hence become less visible. Often times, operations team do not know the extent of their assets & its usage, thereby making it difficult to secure them.


Most common issues are lack of nomenclature consistency, availability of security protocols and policies etc. This makes it difficult to centralize security operations across multiple clouds.

Skills gap

As we know, behind every security strategy implementation lies a skilled team. With increasing complexity, it is difficult to assemble a well functioning team for multi-cloud security operations. Consider a scenario, where team needs to house not only AWS, Azur and Google developers but also these resources need to be skilled in networking, storage, security & other infrastructure technologies – A tall order.

Compliance Challenges

Large companies also carry their compliance needs such PCI, HIPAA & ISO 27001, GDPR etc. to the multi-cloud. The task is really complex. For example – Data Security @rest control needs to be translated into actionable technical requirements for each of the clouds, assessed, monitored & reported.

Multi Cloud – MSSP Opportunity

MSSP offer a unique service to their customers by centralizing skills required to deliver IT operations. Security services like monitoring, management of firewalls, intrusion detection, secure web gateways and other security infrastructure elements, to newer services such as detection and response, threat intelligence are delivered efficiently.

Naturally, many organizations  turn to MSSPs for faster deployment times and improved time to value on security investments.

Given the nature of the business, MSSPs are always under pressure to reduce cost – while expanding their service portfolio. This is an impossible goal, if attempted to delivered using skilled resources.

Advent of multi-cloud is essentially passes on the challenges to MSSP from customer in terms of business opportunity. In our view only option MSSPs have is to either partner with some new age multi-cloud platforms to deliver value, or build it themselves.

These platforms provide real-time visibility, security & compliance to the cloud environment across their customers – ringing in enormous savings. As an additional benefit, as cloud providers evolve, multi-cloud security platforms evolve to address new challenges.