Security is security, right? Sorry, but multicloud requires learning different approaches and mechanisms than on-premises or native public cloud Credit: SQBack / Getty Images Those of you who built a security plan and physical security technology stack for a single public cloud provider just a few years ago hopefully don’t also believe that you can replicate that to many cloud brands or multicloud. It just won’t work. The security mistakes I see today with multicloud deployment and operations are around selecting and deploying security architecture and enabling technology. That being said, I’ve compiled three pieces of advice for deploying multicloud security. First, traditional approaches to security won’t work. Those of you who have had success in enterprises using traditional security approaches, such as role-based, won’t find the same results in multicloud. Multicloud requires that you deal with the complexity it brings and leverage security that’s able to configure around that complexity. IAM (identity access management) married with a good encryption system for both at rest and in flight are much better options. Second, you can’t use cloud-native security. Although the security that comes with AWS, Azure, and Google Cloud works great for the native platforms, they are not designed to secure a non-native or a competitor’s platform, for obvious reasons. Still, I run into enterprise users who use a cloud-native security platform as a centralized security manager and fail instantly. The challenge with multicloud is that many common services (security, governance, management, monitoring, etc.) need to be managed as common services across all cloud brands within a multicloud deployment. This requires third-party security systems that can span different public cloud brands and also provide modern capabilities such as IAM. Finally, you’re responsible for more than you think. Public cloud providers put forth the shared-responsibility model as a way to help their cloud customers understand that although the providers do offer some rudimentary security, ultimately enterprise cloud users are responsible for their own security in the cloud. In a multicloud arrangement this is even more the case. A common security system and its use are the responsibility of the enterprise using multicloud. In this case it’s likely that you’ve not leveraged many cloud-native security services anyway to support a common model across cloud brands. Security is a challenge for multicloud and requires a very different approach that most enterprises don’t yet fully understand. Hopefully, you’ll learn from these points and avoid the obvious mistakes. Related content analysis Strategies to navigate the pitfalls of cloud costs Cloud providers waste a lot of their customers’ cloud dollars, but enterprises can take action. By David Linthicum Nov 15, 2024 6 mins Cloud Architecture Cloud Management Cloud Computing analysis Understanding Hyperlight, Microsoft’s minimal VM manager Microsoft is making its Rust-based, functions-focused VM tool available on Azure at last, ready to help event-driven applications at scale. By Simon Bisson Nov 14, 2024 8 mins Microsoft Azure Rust Serverless Computing how-to Docker tutorial: Get started with Docker volumes Learn the ins, outs, and limits of Docker's native technology for integrating containers with local file systems. By Serdar Yegulalp Nov 13, 2024 8 mins Devops Cloud Computing Software Development news Red Hat OpenShift AI unveils model registry, data drift detection Cloud-based AI and machine learning platform also adds support for Nvidia NIM, AMD GPUs, the vLLM runtime for KServe, KServe Modelcars, and LoRA fine-tuning. By Paul Krill Nov 12, 2024 3 mins Generative AI PaaS Artificial Intelligence Resources Videos