The people deploying multicloud will tell you that 'security is a nightmare.' Cross-cloud abstraction and automation of security services is the right solution. Credit: Thinkstock I’ve addressed concerns with multicloud security many times before. Here’s the essence of what I and others assert: Multicloud complexity causes systemic security issues. That’s a fact. Today let’s talk about how we can mediate this complexity to deal with security risks, and what will solve the problems. It does not take a rocket scientist to figure out the core problem. When we deploy a cloud solution, we deal with security for that deployment using whatever native tools are best for that cloud. As we all march toward multicloud, we soon discover that what is functional for a single cloud deployment is not functional for a multicloud deployment. Why? Two main problems: First, the number of moving parts triples or quadruples because we must deal with two or three very different native-cloud security systems. Second, the security operations budget remains static. It can’t be doubled or tripled just because we now use more than one cloud. Thus, as far as security goes, you don’t have the budget to hire the talent needed to run all public clouds the way that each needs to run. You solve this problem, as I’ve mentioned here before, by using the concepts of abstraction and automation. These allow you to deal with each native-cloud security system as a single layer of abstraction. You don’t work with native security systems on their own terms; instead, you have a common dashboard that provides security observability services and common mechanisms to work with each cloud’s specific native security layer. It’s the only way we can make multicloud work. It’s one thing to say and another to do. Here’s the problem we now face: Generally speaking, most of those who build multicloud systems or manage multicloud security have little idea how it’s done or what technology to use. To get as much abstraction and automation as you can, this technology stack will be made up of many different technologies that can work together. This includes cross-cloud directories that support common identity and access management systems, common encryption services (both in flight and at rest), support for common security logging and observability, and so forth. The bigger issue? The solutions you must build around your requirements are extremely different from multicloud to multicloud. Moreover, with few exceptions, a single cross-cloud security technology will not do the job. What works for one use case likely won’t work for yours. Success lies more with the right security architecture talent than tossing technology and money at the problem. The takeaway: You need to get started on cross-cloud security right now before your multicloud exists, or if it already exists, before it becomes too complex to manage. Invest in the talent to figure things out the right way—and “things” includes testing, deployment, and operations. I hate to give you bad news, but we needed to figure this one out yesterday. Related content analysis Generative AI won’t fix cloud migration You’ve probably heard how generative AI will solve all cloud migration problems. It’s not that simple. Generative AI could actually make it harder and more costly. By David Linthicum Jul 12, 2024 5 mins Generative AI Artificial Intelligence Cloud Computing analysis All the brilliance of AI on minimalist platforms Buy all the processing and storage you can or go with a minimum viable platform? AI developers and designers are dividing into two camps. By David Linthicum Jul 09, 2024 5 mins Generative AI Cloud Architecture Artificial Intelligence analysis The next 10 years for cloud computing Despite AI's explosive growth, the industry still needs to face facts that customers are unhappy about costs and vendor lock-in. By David Linthicum Jul 05, 2024 5 mins Amazon Web Services Google Cloud Platform Microsoft Azure analysis Serverless cloud technology fades away Serverless was a big deal for a hot minute, but now it seems old-fashioned, even though its basic elements, agility and scalability, are still relevant. By David Linthicum Jul 02, 2024 4 mins Serverless Computing Cloud Computing Software Development Resources Videos