4 Steps to Centralized Management for Cloud Security

As business adoption of cloud technologies continues to grow, and as businesses are moving more workloads to public cloud, most are embracing multiple cloud platforms for various reasons. According to a report from Forrester, 76 percent of organizations have already adopted a multicloud strategy. 

A multicloud environment offers numerous benefits, including a high degree of scalability and flexibility, but it also presents challenges around security. IT and business leaders should consider these four steps to remove complexity from their cloud security environments and keep their resources safe from attack.

Solutions such as cloud security posture management and cloud workload protection secure cloud-native applications and environments from development to production. Centralized tools go a long way toward streamlining security and management for multicloud environments. 

Without cloud-specific security tools, organizations must create individual security policies within each of their cloud environments, then ensure these policies are applied consistently and updated regularly. With so many moving parts, it becomes easy for things to slip through the cracks. A siloed security strategy can also lead to a tribalization of security knowledge for each platform, potentially leaving organizations vulnerable to employee turnover. Centralized tooling creates risk management consistency and operational efficiency that organizations with multicloud footprints should prioritize.

Although individual cloud providers have their own identity and access management tools, which are quite capable, organizations are again left to create and manage identities (human and nonhuman) at individual cloud platform levels. This often leads to inconsistent access controls and poor identity governance across cloud environments. To address this need, we’re seeing the emergence of new innovative products and technology solutions such as cloud infrastructure entitlement management (CIEM) to help organizations implement a more holistic strategy around identity and access. 

This centralized, automated strategy is important, as it allows organizations to set effective access privileges according to each environment for each user or group. (Under broader access policies, cybercriminals who steal credentials can access any resource at will.) CIEM tools can even automate the process of setting access policies by analyzing what users have historically accessed to do their jobs and then granting them just-in-time privileges to those resources. This capability reduces the need for manual access reviews, an even more cumbersome process with multicloud organizations.

Historically, most security tools have served as alarm bells, alerting IT and business leaders when there is a problem. With the remediation and response variance inherent in multicloud, it is crucial that organizations can efficiently respond to various alarms in an efficient manner.

One category of cybersecurity tools enabling this efficiency is security orchestration, automation and response (SOAR), defined by Gartner as “technologies that enable organizations to collect inputs monitored by the security operations team,” such as alerts from security information and event management (SIEM) systems. SOAR tools allow organizations to define incident analysis and response procedures and then deploy those responses when needed, either automatically or with the click of a button. For multicloud, this enables teams to respond to event types consistently and quickly, regardless of where the event occurred.

With the use of critical data and infrastructure across multiple cloud environments, it becomes increasingly important for organizations to apply a cohesive monitoring strategy. When possible, we suggest applying the same monitoring policies across environments to create a consistent experience. Rather than using different monitoring tools for each cloud environment, it’s typically better to monitor all cloud resources along with an organization’s broader security footprint in one tool. 

For instance, if a company is using a SIEM tool for monitoring, it is crucial to integrate logs from all environments (cloud and on-premises) into this solution to maintain a centralized location. This enables more sophisticated alerting and a more efficient analysis process. Cybersecurity leaders need to consider what specific types of activity they want to detect, then build out event logging to detect those events with their centralized monitoring tools. Consistent monitoring will help an organization leverage the benefits of a multicloud environment while minimizing the security management headaches that often come along with it.

Story by

Kyle McNulty, an industry adviser for CDW and the founder of Secure Ventures, a podcast where he interviews cybersecurity company founders and executives. He previously led CDW’s cloud security and DevSecOps consulting practices, and before that worked for KPMG’s cyber practice. He is a published author in the book series Reflections on Risk, and he has written extensively on emerging security technology topics such as cloud security, DevSecOps and security operations.

Sachin Sheth, CDW’s director for cloud security and application security. He has been in the technology industry for more than 25 years in various roles, including enterprise architect, CISO and CTO. He has helped organizations develop and successfully deploy cloud adoption strategies and large-scale cloud workload migrations, ensuring they have a secure cloud journey and implement end-to-end security across their cloud footprint.