Security is security, right? Sorry, but multicloud requires learning different approaches and mechanisms than on-premises or native public cloud Credit: SQBack / Getty Images Those of you who built a security plan and physical security technology stack for a single public cloud provider just a few years ago hopefully don’t also believe that you can replicate that to many cloud brands or multicloud. It just won’t work. The security mistakes I see today with multicloud deployment and operations are around selecting and deploying security architecture and enabling technology. That being said, I’ve compiled three pieces of advice for deploying multicloud security. First, traditional approaches to security won’t work. Those of you who have had success in enterprises using traditional security approaches, such as role-based, won’t find the same results in multicloud. Multicloud requires that you deal with the complexity it brings and leverage security that’s able to configure around that complexity. IAM (identity access management) married with a good encryption system for both at rest and in flight are much better options. Second, you can’t use cloud-native security. Although the security that comes with AWS, Azure, and Google Cloud works great for the native platforms, they are not designed to secure a non-native or a competitor’s platform, for obvious reasons. Still, I run into enterprise users who use a cloud-native security platform as a centralized security manager and fail instantly. The challenge with multicloud is that many common services (security, governance, management, monitoring, etc.) need to be managed as common services across all cloud brands within a multicloud deployment. This requires third-party security systems that can span different public cloud brands and also provide modern capabilities such as IAM. Finally, you’re responsible for more than you think. Public cloud providers put forth the shared-responsibility model as a way to help their cloud customers understand that although the providers do offer some rudimentary security, ultimately enterprise cloud users are responsible for their own security in the cloud. In a multicloud arrangement this is even more the case. A common security system and its use are the responsibility of the enterprise using multicloud. In this case it’s likely that you’ve not leveraged many cloud-native security services anyway to support a common model across cloud brands. Security is a challenge for multicloud and requires a very different approach that most enterprises don’t yet fully understand. Hopefully, you’ll learn from these points and avoid the obvious mistakes. Related content analysis Generative AI won’t fix cloud migration You’ve probably heard how generative AI will solve all cloud migration problems. It’s not that simple. Generative AI could actually make it harder and more costly. By David Linthicum Jul 12, 2024 5 mins Generative AI Artificial Intelligence Cloud Computing analysis All the brilliance of AI on minimalist platforms Buy all the processing and storage you can or go with a minimum viable platform? AI developers and designers are dividing into two camps. By David Linthicum Jul 09, 2024 5 mins Generative AI Cloud Architecture Artificial Intelligence analysis The next 10 years for cloud computing Despite AI's explosive growth, the industry still needs to face facts that customers are unhappy about costs and vendor lock-in. By David Linthicum Jul 05, 2024 5 mins Amazon Web Services Google Cloud Platform Microsoft Azure analysis Serverless cloud technology fades away Serverless was a big deal for a hot minute, but now it seems old-fashioned, even though its basic elements, agility and scalability, are still relevant. By David Linthicum Jul 02, 2024 4 mins Serverless Computing Cloud Computing Software Development Resources Videos