Issue link: https://insights.oneneck.com/i/1463401
AlertLogic.com C A S E S T U DY: M I S S I O N 8 8 KEY CONSIDERATIONS Beyond the best practices, there are several key considerations you should keep in mind as you build your multi-cloud strategy. Each represents critical elements that should be known and incorporated into your strategy. Shared Security Responsibilities: When it comes to the shared security responsibility model, the obligations between cloud provider and organization are clearly defined. And when working in one cloud environment, it is clear how to manage your responsibilities. What becomes challenging, however, is ensuring effectiveness in a second or third cloud environment. An organization's confidence of SSRM for different cloud services may differ. As a result, consider: • The impact of adopting a new delivery model — you may need to adapt your approach to each public cloud provider accordingly • The maturity levels for each public cloud provider • Building your in-house expertise through a cloud architect or dedicated training • Leveraging a third-party service to assist with ensuring adherence to shared responsibility requirements More Tools Do Not Equal Easier or Better It should come as no surprise, there are many tools when it comes to multi-cloud. For example, each public cloud vendor has a portfolio of tools. There are also many on the market designed for specific functions and capabilities but require strong effort to get the same level of information and insights across all of them. More tools translate to more raw data and if you cannot interpret and act on that data, then you have not addressed your original problem. Consider a single tool or service that can give you visibility across the entire IT estate for a more comprehensive view of your environment, including visibility to public and private clouds, applications, even endpoints along with actionable insights. If you're like the 62% of organizations using native cloud provider security tools ** to provide coverage, it is important to recognize these tools may not be sufficient. While they are designed to provide security for their respective environments, that coverage does not always extend to other public cloud providers. If your strategy is to build a multi-cloud environment, you will need to incorporate other services and/or tool to close the gap. Role of People & Processes It should come as no surprise that people, process, and tools are the trifecta elements to tackle any cloud environment. Each plays a critical role in ensuring the security of your enterprise. We have already explored tools, now let's dive into people and process. People: Identifying and maintaining the right talent and skillset is no easy task. Having a cloud architect's perspective on the design, implementation, and deployment of your cloud is ideal but can be costly since they are in high demand. Be realistic about your ability to operate and manage at the skill and process levels required for your environment. Ask Yourself If you do not have the knowledge, expertise, and/or resources to address these questions, consider third-party services to fill the gaps. Can I execute effectively in each environment? Do I know the best applications to utilize? Do I know the best services to run? Do I know the most cost effective? Are my resources properly trained and being utilized in the right way?