Securing the Cloud: Integrating Existing Infrastructure with Multiple Cloud Providers

Create a holistic strategy that includes identity and access management, asset management, and vulnerability management

istock 816843954

IBM and IDG Content

It’s becoming clear that traditional perimeter-based security controls and practices are insufficient in today’s cloud-centric world. Yet many IT leaders struggle with creating new security postures that integrate on-premises infrastructure with multiple clouds in order to close visibility gaps and build holistic protection.

An exclusive IBM and IDG research study shows that the majority (77%) of respondents say the rise of multi-cloud makes them look at security differently. In addition, survey respondents believe multi-cloud adds another layer of complexity to the security equation, making it the top challenge related to managing multi-cloud environments.

“Compared to a traditional on-premises environment, the main [cloud security] challenges have to do with speed, the democratization of IT in that anyone can create and deploy a system, and variety, as you have different classes of things you need to worry about,” explains Chris Dotson, senior technical staff member and executive architect for IBM.

At the same time, however, a menu of proven security practices that include access & identity management, vulnerability management, and asset management can help protect infrastructure that spans on-premises and multi-cloud environments. Cloud platforms and security tools that support a high level of integration along with automation functionality are critical to achieving visibility and mitigating risk in an increasingly diverse landscape, Dotson notes.

These three pegs are crucial to securing the enterprise, from on-premises systems to multi-cloud-based services:

  • Identity & Access Management (IAM): Whether it’s a cloud-based solution or an on-premises system, lost and stolen credentials remain the primary means for bad actors to gain entrée. An IAM platform should support a central identity store that works easily across multiple clouds and on-premises systems, allowing users to employ certificate-based authentication to gain secure access to all their applications via a single sign on (SSO), says Dotson.

    This type of advanced IAM solution, whether run by internal IT or as many prefer, contracted as a managed service, should support multi-factor authentication (MFA) to ensure an added level of security while enabling these services through the entire lifecycle. IAM in a multi-cloud world should also serve as a checkpoint for automatically revoking access privileges when employees change jobs or move into different roles.

    Upfront planning for centralized identity and authentication functionality ahead of time will help minimize complexity. “It can get complicated to try to sync identity management between systems—you need automation to do that,” Dotson explains.
  • Automated Asset Management: Key to a holistic security posture is understanding the breadth of an organization’s assets (hardware, virtualized servers, public cloud instances, IaaS, etc.). Most cloud platforms have their own way of tracking and managing assets. In order to achieve multi-cloud-to-on-premises visibility and mitigate risk, automation-based tools are a must. “It’s not difficult to track things on-premises, but it’s far more difficult when you are spinning up and destroying virtual machines (VMs) and even more so in the cloud,” Dotson says. “You need automation to figure out what you have at any given time.”

  • Vulnerability Management: Once continuous assets and systems updates are in place, enterprises have a formal roadmap for spotting and then correcting potential vulnerabilities. This works whether the problem lies at an operating system level in an on-premises system or in a library in the cloud, Dotson notes. Here again, automation can help simplify and expedite vulnerability management across assets spread between on-premises and multi-cloud systems.

Beyond the technology, embracing a shared responsibility model between the internal IT organization and the various cloud service providers (CSPs) is a central strategy for closing gaps and promoting safeguards. “Know where the CSP’s responsibility ends and yours begins,” Dotson says. “Otherwise, you’re in for problems.”

For more information on IBM’s managed security services, visit https://www.ibm.com/cloud/security

To continue reading about this topic, check out our white paper: Multi-cloud Organizations Confront IT Security Challenges