{"id":4062,"date":"2022-08-30T09:15:49","date_gmt":"2022-08-30T13:15:49","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=4062"},"modified":"2022-08-30T09:29:20","modified_gmt":"2022-08-30T13:29:20","slug":"why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/","title":{"rendered":"Why Multi-Cloud Doesn’t Mean Clear Skies Ahead for Security Teams"},"content":{"rendered":"

\"Cloud<\/a><\/p>\n

As part of Solutions Review\u2019s Premium Content Series\u2014a collection of contributed columns written by industry experts in maturing software categories\u2014 Steve Riley of Netskope<\/a> soars into cloud security, and lays out why multi-cloud doesn’t mean clear skies ahead for security teams.<\/strong><\/em><\/p>\n

\"SREvery company today is a multi-cloud company. Once, that meant something as simple as subscribing to more than one SaaS application. Now, it means deploying some internal applications to AWS, others to Azure, and yet others to GCP. How did this come to be? Sometimes, a specific cloud platform is mandated by senior leadership. Other times, a particular platform might be more suitable for a specific application or better aligned with developer proficiency.<\/p>\n

While multi-cloud may bring benefits, including increased resiliency, flexibility to optimize performance, and cost control, it doesn\u2019t always mean clear skies ahead for a company \u2013 especially regarding security.<\/p>\n


Widget not in any sidebars
<\/span><\/p>\n

3 Thoughts to Consider in Cloud Security<\/strong><\/h2>\n
\n

Lack of Expertise Leads to More Mistakes<\/strong><\/h3>\n

It\u2019s already exceedingly challenging to become an expert in just one of the most popular cloud platforms. While they often employ substantially similar vocabulary, the similarity rarely extends to functionality. For instance, identity and access management models for AWS and GCP aren\u2019t alike, even though both vendors call it \u201cIAM.\u201d Bringing the AWS model to GCP will leave your GCP projects exposed. As one can imagine, trying to become an expert in two or three cloud platforms is nearly impossible. This lack of expertise translates into greater mistakes, most of which manifest themselves as security vulnerabilities that are advantageous to attackers.<\/p>\n

Companies are not immune to mistakes. In fact, during my time as a cloud security analyst at Gartner, while interacting with thousands of clients, it became clear that the vast majority of cloud security failures are configuration mistakes of some kind or another. It also became clear that developing the discipline of correct configuration is the best thing a company can do to ensure that it uses the cloud safely and securely.<\/p>\n

SaaS Applications Offer Minimal Built-In Security<\/strong><\/h3>\n

An average company subscribes to anywhere between 100 to 1,000 software-as-a-service (SaaS) applications. While these applications often help to boost productivity and collaboration, amongst other benefits, most, unfortunately, offer few built-in security features. A few of the most business-critical SaaS applications have evolved good security controls over time, but they may be wildly different in quantity and degree. For example, Microsoft Office 365 offers more built-in controls than Dropbox.<\/p>\n

Unlike infrastructure-as-a-service (IaaS) public cloud resources, where newly-created objects are closed by default, the opposite is true with SaaS. For example, the default configuration of a Microsoft 365 tenant is such that if users have access to a file, they can share that file with anyone in the world. Whoever finds the link can forward it to anyone else in the world. Microsoft decided to facilitate sharing \u2014 it wants it to be as easy as possible for individuals to collaborate. It’s a business decision, one with ramifications, so it’s imperative to think clearly and deliberately about how to configure SaaS security controls. Misconfiguration can be ruinous.<\/p>\n

Cloud Security Isn\u2019t One-Size-Fits-All<\/strong><\/h3>\n

The best way to protect the cloud is with the cloud. There is no other way. However, a single “cloud security” market does not exist. What companies often face is hundreds of cloud security products in a dozen overlapping markets, all vying for attention and a portion of the security budget. Countless startups have identified cloud security gaps and, as a result, established compelling offerings. In several scenarios, some of the more major, mature security players have acquired such startups, thus evolving their own cloud security capabilities.<\/p>\n

It\u2019s easy to be blinded by the shiny lights and false promises, though. One best practice to strengthen a company\u2019s cloud security strategy is to prefer vendors who offer integrated platforms and can work with existing infrastructure, such as SIEMs and endpoint protection products. As a general rule, conduct a proof-of-concept to verify the cloud security platform\u2019s integration effectiveness. It’s also sensible to rely on third-party, provider-neutral security posture management tools to ensure consistent and repeatable security policies across all cloud environments. Posture management tools sit alongside existing cloud deployments, and because they rely on cloud APIs to investigate configuration, they don\u2019t require scheduled production downtime or lengthy integration phases to begin delivering value.<\/p>\n

As cloud adoption continues to accelerate, companies must maintain an adequate security posture. By deploying an effective security posture management strategy, companies can continue to find and eliminate cloud security failures rooted in configuration errors.<\/p>\n


Widget not in any sidebars
<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

As part of Solutions Review\u2019s Premium Content Series\u2014a collection of contributed columns written by industry experts in maturing software categories\u2014 Steve Riley of Netskope soars into cloud security, and lays out why multi-cloud doesn’t mean clear skies ahead for security teams. Every company today is a multi-cloud company. Once, that meant something as simple as […]<\/p>\n","protected":false},"author":293,"featured_media":4063,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1],"tags":[1149,95,1914,1912,1909,884,1910,1821,1911,172,1854,1913,282,1855],"acf":[],"yoast_head":"\nWhy Multi-Cloud Doesn't Mean Clear Skies Ahead for Security Teams<\/title>\n<meta name=\"description\" content=\"Steve Riley of Netskope soars into cloud security, and lays out why multi-cloud doesn't mean clear skies ahead for security teams.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why Multi-Cloud Doesn't Mean Clear Skies Ahead for Security Teams\" \/>\n<meta property=\"og:description\" content=\"Steve Riley of Netskope soars into cloud security, and lays out why multi-cloud doesn't mean clear skies ahead for security teams.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions & Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-30T13:15:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-30T13:29:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/08\/Why-Multi-Cloud-Doesnt-Mean-Clear-Skies-Ahead-for-Security-Teams.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Steve Riley\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Steve Riley\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/\",\"name\":\"Why Multi-Cloud Doesn't Mean Clear Skies Ahead for Security Teams\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/08\/Why-Multi-Cloud-Doesnt-Mean-Clear-Skies-Ahead-for-Security-Teams.jpg\",\"datePublished\":\"2022-08-30T13:15:49+00:00\",\"dateModified\":\"2022-08-30T13:29:20+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/1130fcb99ef17851f89412693b73e443\"},\"description\":\"Steve Riley of Netskope soars into cloud security, and lays out why multi-cloud doesn't mean clear skies ahead for security teams.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/08\/Why-Multi-Cloud-Doesnt-Mean-Clear-Skies-Ahead-for-Security-Teams.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/08\/Why-Multi-Cloud-Doesnt-Mean-Clear-Skies-Ahead-for-Security-Teams.jpg\",\"width\":800,\"height\":400,\"caption\":\"Cloud Security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why Multi-Cloud Doesn’t Mean Clear Skies Ahead for Security Teams\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions & Vendors\",\"description\":\"Buyer's Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/1130fcb99ef17851f89412693b73e443\",\"name\":\"Steve Riley\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9ce809ded08c29a09ee55f540f2c3e1b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9ce809ded08c29a09ee55f540f2c3e1b?s=96&d=mm&r=g\",\"caption\":\"Steve Riley\"},\"description\":\"Steve Riley is a Field CTO at Netskope. A widely-renowned expert speaker, author, researcher, and analyst, Steve came to Netskope from Gartner, where for five years he maintained a collection of cloud security research that included the Magic Quadrant for Cloud Access Security Brokers and the Market Guide for Zero Trust Network Access. Before Gartner, Steve spent four years as Deputy CTO of Riverbed Technology and held various security strategy and technical program management roles at Amazon Web Services for two years and at Microsoft for eleven years.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/sriley\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why Multi-Cloud Doesn't Mean Clear Skies Ahead for Security Teams","description":"Steve Riley of Netskope soars into cloud security, and lays out why multi-cloud doesn't mean clear skies ahead for security teams.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/","og_locale":"en_US","og_type":"article","og_title":"Why Multi-Cloud Doesn't Mean Clear Skies Ahead for Security Teams","og_description":"Steve Riley of Netskope soars into cloud security, and lays out why multi-cloud doesn't mean clear skies ahead for security teams.","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","article_published_time":"2022-08-30T13:15:49+00:00","article_modified_time":"2022-08-30T13:29:20+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/08\/Why-Multi-Cloud-Doesnt-Mean-Clear-Skies-Ahead-for-Security-Teams.jpg","type":"image\/jpeg"}],"author":"Steve Riley","twitter_misc":{"Written by":"Steve Riley","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/","name":"Why Multi-Cloud Doesn't Mean Clear Skies Ahead for Security Teams","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/08\/Why-Multi-Cloud-Doesnt-Mean-Clear-Skies-Ahead-for-Security-Teams.jpg","datePublished":"2022-08-30T13:15:49+00:00","dateModified":"2022-08-30T13:29:20+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/1130fcb99ef17851f89412693b73e443"},"description":"Steve Riley of Netskope soars into cloud security, and lays out why multi-cloud doesn't mean clear skies ahead for security teams.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/08\/Why-Multi-Cloud-Doesnt-Mean-Clear-Skies-Ahead-for-Security-Teams.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/08\/Why-Multi-Cloud-Doesnt-Mean-Clear-Skies-Ahead-for-Security-Teams.jpg","width":800,"height":400,"caption":"Cloud Security"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/why-multi-cloud-doesnt-mean-clear-skies-ahead-for-security-teams\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"Why Multi-Cloud Doesn’t Mean Clear Skies Ahead for Security Teams"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","description":"Buyer's Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/1130fcb99ef17851f89412693b73e443","name":"Steve Riley","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/9ce809ded08c29a09ee55f540f2c3e1b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9ce809ded08c29a09ee55f540f2c3e1b?s=96&d=mm&r=g","caption":"Steve Riley"},"description":"Steve Riley is a Field CTO at Netskope. A widely-renowned expert speaker, author, researcher, and analyst, Steve came to Netskope from Gartner, where for five years he maintained a collection of cloud security research that included the Magic Quadrant for Cloud Access Security Brokers and the Market Guide for Zero Trust Network Access. Before Gartner, Steve spent four years as Deputy CTO of Riverbed Technology and held various security strategy and technical program management roles at Amazon Web Services for two years and at Microsoft for eleven years.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/sriley\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/4062"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/293"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=4062"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/4062\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/4063"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=4062"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=4062"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=4062"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}