Back to News

As seen on Forbes.

Businesses of all sizes are at risk for theft, leakage or ransom of data stored online. It’s crucial to ensure your information is protected through cloud security methods such as firewalls, encryption and VPNs.

As cloud usage in businesses becomes increasingly complex, security becomes an even hotter issue, and businesses must be especially careful about where and how their data is accessed. Below, 12 members of Forbes Technology Council share tips for maintaining security in a multi-cloud environment.

1. Know your data lifecycles.

One tip for maintaining security in a multi-cloud environment is to know the lifecycle of the data you care about. How is the data collected? Where is it stored? How is it used? How is it shared? And when and how is it destroyed? Organizations should start by conducting a data risk assessment, which will inform their data governance across the entire enterprise, including the cloud. – Bob Fabien Zinga, Directly, Inc./U.S. Navy Reserve

2. Automate as many processes as possible.

If your organization is using a multi-cloud environment, automate as much as possible. A multi-cloud system that automates several tasks greatly decreases the human risk factor. It also allows you to stay agile. Make sure you prioritize security while implementing your automation capabilities—this ensures that protection is a main focal point every time automation is leveraged. – Marc Fischer, Dogtown Media LLC

3. Educate yourself on encryption key management.

Ensure your business understands encryption key management. Major cloud providers offer key management systems, meaning they have control of both the encryption (or the lock) and the encryption keys. Each cloud provider’s KMS can’t be used in other clouds. For true multi-cloud key management, adopt a KMS that centralizes KM functions across all of your cloud and on-premises environments. – Jeff MacMillan, StorMagic

4. Take a policy-based approach to security.

Cloud security requires a policy-based approach to ensure only the right people are deploying only the resources they’re supposed to. Also, continuous automation is critical to enhance security and enforce compliance against standards like CIS, NIST and HIPPA. By continuously monitoring applications with automation, you can detect threats and improve shift-left DevSecOps practices to drive business outcomes. – Jeff Kukowski, CloudBolt

5. Use cloud-architected privileged access management.

One security challenge with multi-cloud is controlling privileged access to cloud workloads using the tools offered by each provider, since they don’t work with each other and create identity silos that increase risk. Using a cloud-architected privileged access management solution to centralize access controls and leave zero standing privileges can close vulnerabilities and reduce that risk. – Flint Brenton, Centrify Corporation

6. Regularly check and validate your controls.

Like everything else, we don’t have an issue with technology itself. The reality is that we don’t take the time to “complete” and “validate” all the controls with continuous monitoring. Bad implementation or “install and go” isn’t going to work and never has. Conduct periodic checks and validation. – Gene Yoo, Resecurity, Inc.

7. Centralize security governance.

Large organizations with disparate cloud platforms across siloed business units are extremely vulnerable due to the inability to govern their entire assets under a single pane of control. Centralized security governance with tuned DevSecOps pipelines, strong configuration and policy monitoring combined with SOAR and SIEM technologies will get rid of security blind spots and minimize the attack surface. – Shashank Garg, Infocepts

8. Establish standard methodologies for your team.

The key to securing multi-cloud environments is establishing standard methodologies and toolsets so your teams can identify and address potential risks and active concerns holistically and uniformly across environments. For example, use the same penetration testing, authentication and authorization services, and edge security threat monitoring systems across all of your environments. – Denis King, Solace

9. Automate security testing.

As businesses adopt multiple cloud services and their multi-cloud environments become increasingly complex, so too does their security stack. Companies should employ automated solutions that allow security teams to continuously test the effectiveness of their company’s security controls and ensure they are working to protect their multi-cloud environments as expected. – Stephan Chenette, AttackIQ

10. Explore SASE platforms.

As threat actors strike more frequently, outdated or disjointed security solutions are simply not enough in a multi-cloud environment. For successful multi-cloud adoption and consistent security across every app, device and more, businesses must look to a secure access service edge platform to provide comprehensive visibility and control wherever data goes—all from a single dashboard. – Anurag Kahol, Bitglass

11. Routinely back up your cloud data.

Companies focus and guard against outside bad actors, so that is where they focus their attention. Going online is great for ease of use and offloading hardware and support costs. The third-party provider performs backups in case of hardware failures. However, this does nothing to guard against an internal threat. Therefore, be sure to routinely perform backups of all cloud data. – Jay Marshall, EyeLock LLC

12. Create vendor-neutral security control policies.

Each cloud service provider has its own tools and even terminology for securing its platform, so it’s difficult to build consistent security controls in a multi-cloud environment. Try to create vendor-neutral policies and definitions for security controls you need and then map them to each platform. With greater consistency, you reduce the risk that some controls or activities fall through the cracks. – Ilia Sotnikov, Netwrix