Half of ‘complex’ multi-cloud setups breached in last year

Embracing a ‘polynimbus’ approach can lead to complexity, and with complexity comes risks to security, says Synopsys’ Boris Cipot.
5 September 2019

Growth slows at AWS, Google, Intel, Microsoft, indicating a cut back on cloud spending Source: Shutterstock

Multi-cloud environments are becoming commonplace as businesses choose to adopt the technology, without being reliant on a single service provider. 

Organizations employing a multi-cloud approach will distribute software and applications across several cloud-hosting environments. Typically, the architecture will utilize two or more public clouds as well as perhaps several private clouds. 

Unlike hybrid clouds, multi-cloud network systems may operate separately from one another. Not being reliant, or ‘locked in’, to a single provider allows businesses to innovate without restrictions, shifting their workloads to the service with the best platform for specific applications; businesses can also leverage cloud vendor competition to manage storage costs, shifting their data to the cheapest provider when prices changes. 

Those advantages are such that multi-cloud as a strategy is now becoming the norm. As reported by TechHQ this week, today’s organizations now work on a combination of 3.4 public and private clouds on average. 

But while multi-cloud environments have their fair share of perks, being disjointed from one another, they come with complexity, and that’s the root issue behind more than half of multi-cloud setups suffering a breach within the past year. 

A new report by Nominet, featuring the views of 300 CIOs, CISOs and CTOs in the UK and US, found 52 percent of multi-cloud environments had succumbed to a breach, compared to just 24 percent of synchronous hybrid cloud organizations, and the same portion of single-cloud users. 

“With more elements comes more complexity. With more complexity comes more potential for security gaps,” Synopsys’ Senior Security Engineer, Boris Cipot, told TechHQ. Complexity has never been a friend to security.

“The more complex a system— or in this respect also an application, service— is the harder it is to define and maintain security policies for it and its usage, or even to monitor the usage and identify breaches.

“When using multi-cloud in comparison to hybrid cloud, your used functionality is spread out on several different platforms to which you connect from your network and which you also need to connect with each other.

“You are most likely also using different technologies that you now need to know through and through to ensure you know what you are doing, and doing so securely,” Cipot said. 

Security issues can also derive as a byproduct of experimentation. With cloud technology still evolving— and service providers still in the competitive thick of development themselves— organizations are looking to establish the best services for their needs. 

According to Cipot, this can see cloud environments used for testing evolve incidentally into “interconnected production services”.

“The problem with this is that in such incidental solutions, from a security standpoint, aren’t always put to the highest priority,” said Cipot.