Adapting your risk management strategy to cater to a multi-cloud environment


Photo of Rob Robinson

Rob Robinson

Head of Telstra Purple LinkedIn

The relevance and usefulness of a cloud strategy have always varied from industry to industry. However, this all changed when the requirement for remote working exploded. Organisations who rushed to accelerate their cloud adoption were confronted with an intensified cyber-threat vista and the need to shore up their defences.

The challenges over the last few years have meant that organisations have had to approach security from a different angle. The adoption of new collaboration and communication technologies were often deployed rapidly to get users online and productive to keep business functioning. With security-by-design principles often not considered upfront in the clamber to get applications live in the cloud, cybercriminals have taken full advantage of these potentially exposed attack surfaces.

Cloud threats and vulnerabilities will increase

Moving forward, these threats are becoming more sophisticated and frequent. More than 67% of organisations have now experienced a cloud account compromise that has exposed sensitive data, even though the perception of security risks in the cloud is relatively low.

These were the findings of a recent Ponemon Institute report in which only 39% of respondents said their organisations are vigilant in conducting security assessments of cloud apps before they are deployed. Furthermore, 80% of organizations worryingly believe their security teams lack visibility and control of the activity of every user and device. This includes controls such as conditional and multifactor authentication (MFA).

Multi-cloud multiplies the risks

Distributed networking and any-place-anywhere access have accelerated cloud adoption. On average, organisations use 2.6 public and 2.7 private clouds – and these cloud estates are rapidly expanding as they look for a competitive edge, swifter innovation, and a faster route to market.

Cloud estates are complex by their nature, made up of a mix of software as a service (SaaS), hyperscaler cloud services, on-premises data centres, and co-location. For a complete risk view, any location hosting an organisation’s IT services, cloud or not, must also be considered part of the overall multi-cloud estate.

There are also likely to be multiple cloud environments or multiple tenancies that exist without the same security rigour as the main corporate instance. There may even be shadow cloud environments that the IT department is unaware of. Traditional security tools cannot provide the level of monitoring and protection required to mitigate risk in a multi-cloud environment.

The shared responsibility model

You need to consider any risks regarding communications between the private data centre and cloud data centre, and user access to SaaS. Often employees can access SaaS applications without going through the enterprise’s data centre and authentication processes, which increases the risk of malware and malicious data exfiltration. Risk, therefore, needs to be assessed against the appropriate framework with the right tools.

Multi-cloud risk management isn’t a tick box exercise

Managing risks associated with multi-cloud computing is an ongoing process. IT teams need a full view of applications and data both at rest and in transit to mitigate risk. Determining risks is the first step to continuous cloud security.

Following on, you need to discover all the assets that currently sit in your cloud environment and ensure you maintain visibility of them, understanding the relationships between these assets and how they work. It is these potential weaknesses in the chain that malevolent actors swoop on.

Getting it right every time is not an easy task. Cloud adds another layer of complexity to the IT estate, and the more clouds you add, the more complex it gets.

Building a strategy to address the risks and regulatory procedures of your multi-cloud landscape will enable your organisation to harvest the benefits of a more secure cloud environment.


Identify and stop cloud exposure before it does your business harm

At Telstra Purple, our team of experts can deliver a comprehensive cloud risk and shadow IT assessment to highlight and prioritise previously unknown security gaps, misconfigurations, and threats across your cloud estate.

Our risk assessment will quickly build a complete picture of your enterprise cloud posture and shadow IT usage, providing timely, actionable insights.

We work with industry-leading partners to bring you the best technologies. Our vendor-agnostic, holistic approach will ensure you adopt the best multi-cloud technologies to enhance your cloud posture, aligned with your business goals. Put simply, our end-to-end approach will ensure your cloud estate remains agile and secure.

Related Insights

Link your Enterprise to your Public Cloud

Managing connectivity from traditional networks up to public cloud is becoming increasingly important in the world of Enterprise IT.

Learn more

Microsoft end-to-end Security – Microsoft Priva

Manage the risks of handling sensitive information within Microsoft 365. Microsoft Priva is a privacy management solution that works alongside Microsoft Purview to protect your personal data and manage the identified risks.

Learn more

Microsoft Purview

Microsoft Purview helps you to protect your data and adhere to Compliance and Legal regulations. Flexibility is an important - Purview is able to be used with non-Microsoft tools too. A powerful tool when integrated with the other components of the end-to-end security suite.

Learn more