 |
| What is multi cloud strategy? |
Multicloud is the use of multiple cloud computing and storage services in a single heterogeneous architecture. ... It differs from hybrid cloud in that it refers to multiple cloud services rather than multiple deployment modes (public, private, legacy).
Users of a multi-cloud storage strategy are twice as likely to face a security breach than those who use hybrid or single cloud, a report UK-based security expert Nomnet released this week.
Of the survey respondents adopting a multi-cloud approach, 24 percent faced a data breach in the last 12 months, compared to 24 percent of hybrid cloud users and 24 percent of single-cloud users, polling the firm with nearly 300c. Found it later. -Level executives and IT professionals.
In addition, companies that adopted a multi-cloud approach were more likely to have breaches, the survey found. Nineteen percent of multi-cloud users faced between 11 and 30 breaches, compared to 19 percent of single-cloud and 13 percent of hybrid-cloud users.
Such numbers are unlikely to instill confidence in cloud users who may already have serious reservations about protecting off-site storage. Ninety surveys found that seventy percent of users were concerned about malicious activity in either minor, very few or cloud-based storage solutions.
One of the heavily regulated industries expressed concern about the security provided by cloud vendors. Healthcare providers topped the list by 55 percent; Of those suspected of Badal, 47 were in financial services, and 46 percent were in the pharmaceutical sector.
One factor for some international users is that the GDPR has increased potential penalties. Twenty-six percent of respondents cited fines as a major concern for data leaks. Respondents also noted the increasing sophistication of cybercriminals.
Why a multi-cloud strategy?
The main goal of a multi-cloud approach to storage - sometimes referred to as the "polynimbus cloud strategy" - is to eliminate dependency on a single cloud vendor. It differs from the hybrid cloud approach as it uses multiple cloud services as opposed to multiple deployment modes.
A multi-cloud approach does not require synchronization between vendors. Instead of separate cloud providers (infrastructure a service, or IaaS), platform (platform as a service, or PaaS) and software (software as a service, or SaaS) for storage or hosting of business infrastructure Can be used.
", The devil is always always in the details, so in theory one can find the right architecture, interfaces, tools, and practices to enable a multi-cloud organization to operate efficiently and safely," Jim Purtillo, professor of computer science, said the University of Maryland.
"And even in theory, penguins can fly," he said.
"In the real world I live in, however, the complexity of the system obscures the many nuances that no human sees until something malfunctions," Purtillo told TechnologyMagan.
"Our broad technical decisions have unintended consequences - some of which introduce flaws and open weaknesses that our opponents notice," he said. "The more clouds you want to integrate, the more organizational fault lines you present - and the greater your risk is that some of those faults and weaknesses become an attack surface."
Eggs in multiple baskets
A solution that spans data can be similar to distributing one's eggs. This may seem sensible compared to taking the proverbial risk of "putting all your eggs in one basket". However, this may actually mean exposing some data to greater risk.
"It's an appropriate way of looking at it," said Stuart Reid, Nomnet's vice president, the firm that conducts the survey.
"From multi-cloud, or indeed any cloud-based solution, you're increasing the perimeter being hacked," he told TechnologyMagan.
"You're relinquishing control and increasing touchpoints, so that access to data is wider," Reid said. "Data is valuable to anyone, and where the data is located is true."
Simply put, one consequence is that malicious actors have more goals. While this may mean that not all metaphorical eggs are endangered, the risk of danger may be greater on some.
"As a design principle, I would not like to drive the complexity of my architecture by trying to accommodate diverse services that are outside our own digital perimeter," said UMD's Pertillo.
"Complexity is also the overall cost driver, so when you add clouds, you multiply the overhead, if for no other reason the end customers don't lose your economy of scale," he suggested. "It's great for vendors who can point a finger at other people when something inevitably breaks at an organizational boundary, but I'm sure customers would prefer a leaner operation."
Trust cloud
The key to cloud success may depend not only on better security, but also on a proactive approach from those who use the cloud, as well as cloud vendors.
"Confidence is part of the relationship, and it extends to the cloud," Nomnets Reid said.
"When you use the cloud to store your data, you always relinquish part of that trust, so you have to work at the same level of security in your data to work with a third party Be it or host it yourself, ”she added.
To do this, the security provided by the cloud vendor must be matched to any model that will be in your own facility, Reid reported.
"Security also needs to be done at scale with any digital initiative - and security needs to be an enabler in this process rather than just the cost of doing business," he said. "Here's where diligence is important; you have to make sure the cloud matches the security expectations of the vendor. How is the data being processed?"
There will be violation
It is not a matter of whether a cloud will explode according to Nomnet, but how often a violation occurs. The very nature of the cloud is that it can be accessed remotely, making it an ideal target for hackers.
More importantly, it works just like a bank - but rather than having money in it, it is potentially more valuable - namely, data.
For these reasons, when a multi-cloud solution is adopted, it is important to understand how a set of compromised data can endanger other clouds. A compromised IaaS, for example, can make it easier for hackers to access related PaS or even SaaS data.
Reid warned, "Data is not just a dollar bill that can be stolen - it can be information copied and shared."
"Its defense involves more than physical protection that a bank would have. It also requires a different type of response," he explained.
"It is important to implement an immediate response plan, which can mitigate a breach," Reid said.
This may be the biggest reason that a multi-cloud approach may not be ideal for many companies - it creates many moving pieces. The security of each cloud depends on the others. The complexity increases security, but may also make the system more vulnerable to hackers.
"As long as you consider the scale of applications that can demand 'multi-cloud' integration, you should live by the motto, 'Simple is Good,'" said Puerto. "We have yet to see successful projects any other way."