Bridging the Delivery Divide between Cyber and Multicloud

When it comes to global financial organizations, protecting multicloud environments from cyber threats is impossible without teamwork. Let’s explore the challenges of bringing together cybersecurity and cloud teams and how to overcome them.

Accelerated multicloud transformations in the financial services industry is distributing sensitive data and assets across shared environments and pushing cloud and cybersecurity teams to work together more frequently. 

That’s creating complexity, as application owners with speed and agility in mind must work closer with cybersecurity teams that have a critical responsibility to protect the infrastructure at large and are generally resistant to using cloud-native security tools. 

This divide is defeating the entire purpose to secure the environment and protect critical data and assets. 

Why the hesitation?

Cloud-native security refers to security measures and controls specifically designed to protect applications and infrastructure that are developed, deployed and operated in a cloud-native environment.  

Each of the major CSPs offer tools built natively into their services, but they are typically limited to a single CSP, which can be a challenge for organizations that deploy a multicloud approach.

Now, why would cyber teams object to these cloud-native security tools? There are several reasons:

  • Compliance pressures
  • Security concerns
  • Lack of control
  • Lack of interoperability
  • Limited coverage 
  • Complexity
  • Cost

Bridging the divide

The good news is that the security landscape for multicloud security has matured significantly. It’s now entirely possible to fulfill security requirements at the speed of modern business evolution with a consistent operational model, all at a comparable cost to CSP-native security tools.  

It doesn’t have to be all or nothing. Some multicloud security approaches use specialized tools and services designed to provide comprehensive security coverage across all cloud environments while also addressing the unique challenges of multicloud security.

Cloud-native security considers the dynamic nature of cloud environments, where resources are constantly being added, removed or modified. It also considers the distributed nature of cloud systems, where applications and services may span multiple cloud providers and regions.

Cloud-native security includes a wide range of measures:

  • Cloud Security Posture Management
  • Cloud Identity and Entitlement Management
  • Cloud Workload Protection Platforms
  • Data Security Posture Management
  • Data Classification
  • Policy as Code
  • Secrets Management  

Benefits include the ability to automate security processes and integrate them into the overall application lifecycle, which enables the cloud and cyber teams to detect and respond to security threats in real-time, reducing the risk of data breaches and other security incidents.

It’s up to leadership

Ultimately, it’s the CISO and the cybersecurity team who own accountability for protecting a bank’s sensitive data and assets. But in a multicloud environment, it’s imperative to consider the expertise of the cloud team, too.  

Fostering a more collaborative spirit between cloud and cyber teams is the right way to go. Here are some ways to make that happen:

  • Communication: CISOs should make sure cyber and cloud teams work closely to understand each other’s needs and concerns and provide guidance on security best practices and policies.
  • Education: CISOs should provide training to cloud teams on the organization’s security policies and procedures as well as share the threats and risks facing the organization and why a consistent security model is required. Helping the cloud teams understand the limitations of CSP-native tools will develop a teamed interest so the cyber team can address security needs while maintaining the benefits of going to the cloud.
  • Collaboration: CISOs should collaborate with cloud teams to identify and address security risks and vulnerabilities in the cloud environment; this can include conducting regular security assessments and audits, and implementing security controls to mitigate risks.
  • Cooperation: CISOs and cloud delivery teams should team together to select cloud-native tools that work across all CSPs and help the organization achieve compliance and security requirements at the speed of the business.

Doing all of the above will create a true multicloud-native security environment that will benefit your entire organization. 

The cloud-native software ecosystem has matured, so you need a collaborative strategy that will bridge the current divide and foster symbiosis between the cyber and cloud teams so that your organization’s cloud security goals are achieved.

Author's Bio

Todd Hathaway

World Wide Technology Consulting Solutions Architect – Cyber Security