{"id":3504,"date":"2025-06-10T10:00:00","date_gmt":"2025-06-10T10:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=3504"},"modified":"2025-06-10T10:00:00","modified_gmt":"2025-06-10T10:00:00","slug":"multicloud-security-automation-is-essential-but-no-silver-bullet","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=3504","title":{"rendered":"Multicloud security automation is essential \u2014 but no silver bullet"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Multicloud architectures are becoming more common across enterprises, as they enable IT leaders to strategically choose best-of-breed services from multiple providers. But with flexibility comes greater complexity, and security challenges can compound quickly. Cloud providers differ in how they handle access controls, encryption, and compliance. Native tools and security services also evolve constantly, sometimes without notice.<\/p>\n

For CISOs, security architects, and engineers, automated tools are the only way to keep pace in a multicloud environment<\/a>. But automation is no silver bullet, security practitioners say. It works only when implemented deliberately, monitored continuously, and guided by human judgment.<\/p>\n

Here is a look at how automation can help cyber teams address the unique challenges of securing multicloud environments.<\/p>\n

Why multicloud automation is a must<\/h2>\n

Multicloud security wasn\u2019t supposed to be this hard. \u201cLet\u2019s start by understanding that \u2018multicloud\u2019 is a term that originally meant \u2018have portable workloads that you can easily load-balance across multiple clouds,\u2019\u201d says Andy Ellis<\/a>, partner at YL Ventures and former CSO at Akamai.<\/p>\n

\u201cIdeally, this would have prevented vendor lock-in and allowed cloud security to be easily separable into workload security, where you\u2019d worry about how you\u2019d architected your workload, and infrastructure security, where you\u2019d focus on getting the details right in your configuration and implementation,\u201d Ellis says.<\/p>\n

That vision held clear appeal for the C-suite \u2014 it \u201cwas very popular among CISOs, who loved the security implications, and CFOs, who adored the idea of making cloud providers bid each other down,\u201d Ellis says. \u201cBut it never really caught on with engineers, who wanted to adopt the latest and coolest features developed by the cloud providers \u2014 who absolutely wanted customers to adopt sticky features that were incompatible across environments.\u201d<\/p>\n

The result: \u201c\u2018Multicloud\u2019 came to mean \u2018different parts of your organization use different clouds,\u2019 and CISOs and their teams are left trying to implement security across a diverse ecosystem,\u201d Ellis says.<\/p>\n

Such a heterogenous architecture caused complexity to pile up<\/a> for those charged with securing it. \u201cEvery cloud provider speaks its own \u2018dialect\u2019 \u2014 different APIs, rules, and interpretations of shared responsibility,\u201d says Vinod Goje<\/a>, a data-driven solutions and applied AI expert. \u201cIt\u2019s like juggling three different operating manuals for the same mission.\u201d<\/p>\n

Ellis agrees: \u201cThe first challenge that security teams face is that various cloud providers have different fundamental security capabilities.\u201d<\/p>\n

Take access control, Ellis says. \u201cOne provider\u2019s role-based access control deals with system roles but not user roles, while another one focuses on user roles, with only slight lip service to system roles \u2014 and that\u2019s even assuming that they have the same capabilities.<\/p>\n

\u201cEven within one cloud provider, different services may support wildly divergent security capabilities,\u201d he says.<\/p>\n

Inconsistencies such as these create gaps that security teams must address, says Erich Barlow<\/a>, head of information security for the Americas at BSI.<\/p>\n

\u201cFor example, one vendor might have a different method of data encryption or identity management method than another, leading to potential weak points that attackers can exploit,\u201d Barlow says.<\/p>\n

Patching and updating systems in a multicloud environment is another pain point, Barlow says, \u201cbecause it requires coordinating with multiple service providers with different schedules and procedures for rolling out updates. This situation can delay critical security updates, leaving systems vulnerable for longer periods.\u201d<\/p>\n

That\u2019s where security automation<\/a> comes in \u2014 not as a luxury, but as a necessity.<\/p>\n

\u201cI consider automated tools as the cornerstone of modern foundational capabilities,\u201d says Randy Armknecht<\/a>, managing director at Protiviti. \u201cIndicators of a need for greater automation include increased mean-time-to-remediate metrics, security staff burnout, and inconsistent responses to similar incidents across environments.\u201d<\/p>\n

For Armknecht, the goal isn\u2019t just efficiency \u2014 it\u2019s transformation.<\/p>\n

\u201cThe fundamental responsibility of the role is to create an environment where security acts as a business enabler rather than a roadblock,\u201d he says. \u201cImplementing comprehensive and thoughtful controls, combined with the efficiency of automation, provides consistent risk mitigation needed for rapid innovation,\u201d he says. Used properly, \u201cautomation and observability enhance security posture, reduce cloud waste, and drive team efficiency.\u201d<\/p>\n

Defining multicloud automation strategies<\/h2>\n

As an engineering leader, how should you approach implementing security automation in a multicloud environment? The experts we spoke to emphasized intentional design, layered planning, and a commitment to continual refinement.<\/p>\n

\u201cI like to consider the planning process in terms of layers,\u201d says Protiviti\u2019s Armknecht. \u201cThe foundational layer involves achieving observability across the multicloud environment. Next, we align with a unified security framework to ensure policy consistency across various platforms, avoiding different standards for AWS, GCP, and Azure. Finally, we establish processes to respond to deviations from the standard, which may include prevention, alerting, or automatic remediation.\u201d These layers help build a resilient architecture that balances proactive monitoring with structured response mechanisms.<\/p>\n

Observability is foundational not just for the systems themselves, but also for the humans managing them. Drew Firment<\/a>, chief cloud strategist at Pluralsight, emphasized the importance of visibility. \u201cOrganizations need to first prioritize investment in security tools that help monitor and manage data across the cloud, giving employees visibility into what is happening within the cloud environments,\u201d he says.<\/p>\n

But visibility can\u2019t stop at the surface. Automation introduces complexity of its own, and teams need insight into how automated tools are operating. \u201cOrganizations need to develop robust frameworks to monitor and control automated tools,\u201d says BSI\u2019s Barlow. \u201cThis involves setting transparent processes and protocols for when human intervention is necessary and ensuring that automated tools are aligned with the overall security strategy.\u201d Barlow also stresses the need for regular audits of automated systems, so their efficacy can be evaluated and adjusted over time.<\/p>\n

That iterative mindset is essential. \u201cThe complexity of security policy is such that organizations will find it impossible to go from zero to \u2018good enough\u2019 in one fell swoop,\u201d says YL Ventures\u2019 Ellis. \u201cSecurity automation needs to track progress in a meaningful way: Understanding the currently intended policies and changes, driving improvements in those areas, while not saturating organizations with alerts about deviations for (not-implemented) policies.\u201d In other words, automation should reflect where an organization is in its maturity curve, not where it aspires to be someday.<\/p>\n

These iterations are often necessary because the underlying cloud platforms that your tools will be monitoring change \u2014 sometimes without customers being aware of it.<\/p>\n

\u201cCloud providers also sometimes update their existing native tools, and companies need to both detect that these changes have happened and then update their usage of the tools to be consistent with the changes,\u201d Ellis says.<\/p>\n

\u201cThese changes are not only driven by new features, but also as cloud providers \u2018fix\u2019 insecure implementations by silently updating features. Past integrations may no longer meet best practices \u2014 not because the cloud team \u2018did it wrong,\u2019 but because the tools themselves now work better than they did \u2014 and automation needs to understand how to reimplement security practices,\u201d he says.<\/p>\n

For that reason, AI expert Goje recommends conducting regular \u201csecurity calibration\u201d sessions. \u201cIt\u2019s a chance to step back and reassess how automation is behaving, especially as cloud services evolve,\u201d he says. \u201cThe truth is, there\u2019s no magic button for multicloud security. Until AIOps<\/a> matures enough to truly simplify things, the best bet is a thoughtful, hybrid model pairing automation with human judgment.\u201d<\/p>\n

Multicloud security automation: Tools of the trade <\/h3>\n

There are a variety of security automation tools designed for multicloud environments. One common package, dubbed a cloud-native application protection platform (CNAPP<\/a>), includes several components, including a cloud infrastructure entitlements manager (CIEM), which manages overall access controls and risk management tasks, and a cloud security posture manager (CSPM<\/a>), which combines threat intelligence and remediation.\n<\/p>\n

In general, the panoply of automated tools security teams use for cloud deployments would also be used in multicloud environments. Many vendors offer multicloud capabilities built in, such as Qualys\u2019s FlexScan offering<\/a> for cloud security management. But in some cases, you\u2019ll be left to bridge the gaps between cloud vendors yourself.<\/p>\n

The human touch<\/h2>\n

In fact, security experts agree that even when extensive security automation is used in multicloud architectures humans need to remain in the mix.<\/p>\n

As Goje says, \u201cI\u2019ve seen teams lean too far into [automation], only to have their SOAR<\/a> platforms mistakenly isolate critical workloads because of a false positive. When that happens, business takes a hit. And automated compliance tools? They can trigger a flood of alerts \u2014 many of them irrelevant \u2014 leaving analysts buried in noise instead of focused on actual threats.\u201d<\/p>\n

Even the most advanced tools, like CSPM<\/a> platforms, require humans in the loop to add context. \u201cThe smarter approach I\u2019ve seen work is balance,\u201d Goje says. \u201cAI-powered tools like CSPM are incredibly helpful, but they shine brightest when analysts are still in the loop adding context and gut-checking the decisions that automation makes. That human touch still matters.\u201d<\/p>\n

Standardizing security policy across multicloud environments introduces even more complexity. \u201cLet\u2019s say that a security team manages to address the problem of different primitives and now wants to standardize policy across its various cloud environments,\u201d says YL Ventures\u2019 Ellis.<\/p>\n

\u201cAs various clouds are owned by various teams, this isn\u2019t as simple as having automation that \u2018makes it so.\u2019 Each suborganization will have a different SLA<\/a> for how those changes go out, from \u2018just push them out for us\u2019 to \u2018run this through a change management board.\u2019 A security team has to be flexible in how they implement changes, and their automation needs to understand and accommodate those differences,\u201d he says.<\/p>\n

Humans are also needed for dealing with organizational diversity and corporate politics. \u201cDifferent teams with different needs cause problems that security can\u2019t just solve,\u201d Ellis says. \u201cA security team has to convince humans \u2014 themselves and their auditors \u2014 that their security controls are actually effective and meet their needs. So, it isn\u2019t sufficient to merely automate everything. Security teams need to be able to translate detailed technical implementations into human-readable, control-oriented language that addresses how those controls achieve the objectives of various compliance regimes.<\/strong>\u201d<\/p>\n

That\u2019s why investment in people remains central to security strategy. \u201cOrganizations then need to provide employees with the proper training on mastering one cloud and how to easily spot security threats so they can provide solutions before vulnerabilities turn into a crisis,\u201d says Pluralsight\u2019s Firment. \u201cAfter they master one cloud provider, employees and organizations will have a much easier time managing multicloud environments.\u201d<\/p>\n

Multicloud security automation isn\u2019t a magic fix \u2014 it\u2019s a discipline. Tools can help you scale and streamline security efforts, but only if paired with layered planning, rigorous visibility, and empowered teams. Automation must be built to flex around organizational realities, and it needs people who can guide it, tune it, and make sense of it. That\u2019s why the best security programs don\u2019t just buy automation \u2014 they invest in the humans who make it work.<\/p>\n

Protiviti\u2019s Armknecht puts it simply: \u201cInvesting in the team\u2019s continuous technical education to stay ahead of evolving threats and empowering them to drive meaningful change based on daily operations is crucial.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Multicloud architectures are becoming more common across enterprises, as they enable IT leaders to strategically choose best-of-breed services from multiple providers. But with flexibility comes greater complexity, and security challenges can compound quickly. Cloud providers differ in how they handle access controls, encryption, and compliance. Native tools and security services also evolve constantly, sometimes without […]<\/p>\n","protected":false},"author":0,"featured_media":3505,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-3504","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3504"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3504"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3504\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/3505"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}