{"id":3569,"date":"2025-06-17T07:00:00","date_gmt":"2025-06-17T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=3569"},"modified":"2025-06-17T07:00:00","modified_gmt":"2025-06-17T07:00:00","slug":"8-tips-for-mastering-multicloud-security","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=3569","title":{"rendered":"8 tips for mastering multicloud security"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

A growing number of enterprises are adopting multicloud strategies, enabling them to run workloads in the most appropriate locations without adding unnecessary complexity. But there\u2019s a catch. Multicloud environments may also expose security weaknesses, which can quickly negate many of its benefits.<\/p>\n

Ensuring multicloud security is challenging for any organization, regardless of its scope or size. Fortunately, a few relatively simple techniques and common-sense security practices will go a long way toward keeping attackers at bay, ensuring a more secure and resilient multicloud environment.<\/p>\n

To get maximum value out of your multicloud environment<\/a> without risking enterprise security, consider the following eight top tips.<\/p>\n

1. Build a centralized security authority<\/h2>\n

Security is ultimately a shared responsibility, observes Trevor Young<\/a>, chief product officer at security services firm Security Compass. \u201cNevertheless, oversight and strategic direction for multicloud security should ideally sit with a centralized security team or a dedicated individual within your organization.\u201d<\/p>\n

Whether it\u2019s a team or a dedicated individual, this party will be responsible for defining an overall security strategy, establishing consistent policies and standards, selecting and managing cross-cloud security tools, and ensuring compliance across all cloud environments. \u201cThey will act as the orchestrator, working closely with individual application teams and cloud owners,\u201d Young says.<\/p>\n

2. Create unified security governance<\/h2>\n

A unified security governance model should be established, spanning all cloud environments and supported by centralized identity management, visibility, automation, and policy enforcement, advises Nigel Gibbons, director and senior advisor at security services firm NCC Group.<\/p>\n

This approach, Gibbons says, minimizes complexity and silos by creating consistent security controls across cloud providers. \u201cIt reduces blind spots, enforces least privilege through centralized identity, such as Microsoft Entra ID or Okta, enables real-time threat detection, and streamlines compliance by applying the same standards regardless of the cloud platform,\u201d he says.<\/p>\n

A centralized cloud security team or Cloud Center of Excellence (CCoE), led by a CISO or cloud security architect, should address every security aspect, Gibbons says. \u201cThey should coordinate with DevOps, platform, and compliance teams to enforce consistent policies and oversee risk across environments.\u201d<\/p>\n

3. Expand your scope<\/h2>\n

Single-cloud security typically focuses on the specific security tools and services offered by that one provider, Security Compass\u2019 Young says. \u201cOver time, you become deeply familiar with their ecosystem.\u201d<\/p>\n

Multicloud security adds the extra complexity of dealing with different providers<\/a>, each with their own unique security models, services, and terminology, Young notes. \u201cYou can\u2019t just rely on the native tools of one cloud and expect it to cover everything.\u201d A multicloud environment requires a broader, more vendor-agnostic strategy.<\/p>\n

Many organizations adopt the native security tools of each provider with no cohesive strategy, Young says. This approach can lead to inconsistent policies, gaps in coverage, and difficulty in correlating security events across clouds. \u201cIt\u2019s like having different security guards who don\u2019t talk to each other protecting different parts of the same building \u2014 vulnerabilities are bound to slip through,\u201d he says.<\/p>\n

4. Construct a unified trust boundary<\/h2>\n

Stop thinking in terms of clouds at all, suggests Steve Tcherchian<\/a>, CISO at security software and services firm XYPRO. \u201cTreat every environment \u2014 whether AWS, Azure, on-prem, or legacy mainframes \u2014 as part of a single, unified trust boundary,\u201d he advises. Build controls around identities, data flows, and context \u2014 not platforms. \u201cThe minute you architect security per cloud, you\u2019ve already fragmented your control and you\u2019ll have a challenge catching up.\u201d<\/p>\n

A unified trust boundary<\/a> anchors security to constants \u2014 the user, the data, and the intent, Tcherchian says. \u201cClouds are just plumbing,\u201d he states. \u201cCISOs and security teams who obsess over cloud-native tools often end up duct-taping solutions together after the fact.\u201d<\/p>\n

5. Share responsibility<\/h2>\n

\u201cMulticloud security should be a shared responsibility between the CISO, cloud architects, DevOps, and security engineering teams,\u201d says Ensar Seker<\/a>, CISO at threat intelligence and security operations provider SOCRadar. \u201cYet ultimate accountability should lie with the CISO, who must ensure that security policies are technology-agnostic, consistently enforced, and aligned with business risk tolerance,\u201d he advises.<\/p>\n

\u201cIt\u2019s crucial to break down silos between teams and ensure that cross-cloud visibility is centralized under a unified SecOps function,\u201d he adds.<\/p>\n

Multicloud isn\u2019t just a technology strategy. \u201cIt\u2019s a business resilience strategy, and its security posture must reflect this fact,\u201d Seker states.<\/p>\n

\u201cOrganizations should invest in cloud threat intelligence that reflects cross-cloud attack patterns and deploy runtime monitoring and policy drift detection to maintain continuous assurance,\u201d he says. \u201cIn today\u2019s environment, cloud sprawl without unified security is not just a risk; it\u2019s a liability.\u201d<\/p>\n

6. Build a collaborative management environment<\/h2>\n

Effective security management requires collaborative engagement between security teams and other key stakeholders, says Brandyn Fisher<\/a>, director of security services for Centric Consulting. Strong collaboration ensures all security measures will effectively align with and support broader business objectives.<\/p>\n

Depending on the enterprise\u2019s organizational structure and complexity, collaboration typically includes solution architects, cloud specialists, and system administrators, Fisher says. \u201cThe most effective approach establishes a clear division of responsibilities,\u201d he notes.<\/p>\n

Typically, the security team defines requirements and governance frameworks, while implementation is carried out by a dedicated technical team. \u201cThis balanced approach maintains clear ownership while fostering the cross-functional collaboration necessary for comprehensive security management across multiple cloud environments,\u201d he says.<\/p>\n

It\u2019s easy to become complacent as cloud technology rapidly evolves, Fisher observes. \u201cStaying vigilant and proactive is essential, which means continually developing your teams\u2019 skills through industry conferences, training opportunities, and active participation in professional communities.\u201d<\/p>\n

7. Consider a unified detection and response strategy<\/h2>\n

A unified threat-centric detection and response strategy, operating across all cloud environments, is an effective way to protect against even the most devious attackers, says Mitchem Boles<\/a>, field CISO with cybersecurity platform provider Intezer. \u201cBy correlating alerts and behaviors from AWS, Azure, Google Cloud Platform, and other providers into a centralized system, security teams can focus on real threats rather than fighting alert fatigue.\u201d<\/p>\n

Boles believes this approach is highly effective because it cuts through the sprawl of cloud-native alerts and identifies true threats quickly using behavior-based correlation and automation. \u201cIt empowers teams to respond faster while reducing manual triage across complex environments,\u201d he notes.<\/p>\n

Multicloud security requires complex management of inconsistent tools, logs, and identity models across providers, introducing potential blind spots, Boles says. \u201cUnlike single-cloud setups, multicloud demands a unified view to ensure visibility, policy enforcement, and triage across the board.\u201d<\/p>\n

8. Control cloud access<\/h2>\n

It\u2019s all about narrowing the attack surface, says Jaymes David<\/a>, chief technology evangelist at digital workspaces provider Kasm Technologies. \u201cBy limiting access to cloud resources through short-lived, isolated sessions, you\u2019ll cut down on the chance of malware sticking around or someone sneaking in where they shouldn\u2019t,\u201d he says. \u201cAdd in session recording, SIEM integration, DLP, and even watermarking, and you\u2019ve got a strong security story that\u2019s trackable, enforceable, and auditable.\u201d<\/p>\n

Bad actors don\u2019t care if you\u2019re on one cloud or five, David says. \u201cYet, operationally, multicloud does add complexity.\u201d The key challenge is managing policy enforcement consistently across all platforms, he advises. \u201cIronically, I\u2019d argue a single-cloud setup could be riskier if you\u2019re overly reliant on it and don\u2019t build for resiliency.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

A growing number of enterprises are adopting multicloud strategies, enabling them to run workloads in the most appropriate locations without adding unnecessary complexity. But there\u2019s a catch. Multicloud environments may also expose security weaknesses, which can quickly negate many of its benefits. Ensuring multicloud security is challenging for any organization, regardless of its scope or […]<\/p>\n","protected":false},"author":0,"featured_media":3570,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-3569","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3569"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3569"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3569\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/3570"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3569"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3569"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3569"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}