By David Sloan, Solutions Architect

The more clouds you use, the more security risks your business could face. Here's how to keep your business safe in a multicloud environment.

Picture an energy utility spread across a major urban center, servicing millions of people. Employees and contractors require 24/7 access to cloud desktops and networks for all aspects of customer service, finances, transportation, and materials. Others use handheld Internet of Things (IoT) devices in the field.

Overnight, a hurricane takes out a few of the city’s major transformers, causing blackouts across a vital urban center. This issue is unfortunately becoming more common.

In 2020, Hurricane Delta knocked out power throughout Louisiana, affecting hundreds of thousands of consumers. Ida, an even more powerful hurricane, struck the next year. It caused service outages across eight states, disrupting about 1.2 million customers. And 2024’s active hurricane season caused multiple widespread internet outages across the Caribbean and Southeastern United States.

Natural disasters are not the only threat to a cloud’s infrastructure. Cybercriminals are a constant danger, and they’re profiting in growing numbers. In TechCrunch’s roundup of the biggest data breaches in 2024, it was noted that the worst breaches “have surpassed 1 billion stolen records and rising.”

While these resilience and security risks are present when using one cloud, they multiply when using multiple clouds.

The growing use of multicloud

The move to multicloud infrastructure—whether by online specialty stores, public utilities, or global development banks—is inevitable across all industries, and a current reality for most businesses.

Suppose your enterprise is shifting from single cloud storage to a multicloud option. This can encompass public, private, or edge clouds for applications and other services. (Another option is hybrid cloud, which combines public or private cloud architecture and on-premises IT servers.)

Using multiple cloud providers allows you to customize based on your needs, avoiding lock-in with a service that has strengths in some areas but not others. You retain the expertise of cloud-based security, but with that security spread among different providers, it becomes harder to manage.

The largest cloud providers offer multiple scalable packages. The security features of AWS can help manage military data, government records, or high-volume financial transactions.

Your remote workforce can stream Office and other desktop applications and conferencing software through Microsoft Azure, or your company can use Google Cloud Platform to build, test, and develop apps. These three cloud companies now control much of the world’s cloud data.

Using multiple clouds unlocks benefits like:

• lower latency
• higher bandwidth
• staff expertise and capability
• best vendor selection based on service offers and optimization
• outsourced security and OS updates
• cutting-edge software improvements
• accurate compliance (for banking and other data-sensitive industries)
• edge computing for handheld devices and remote workforces
• more disaster recovery and business continuity options
• simplified mergers and acquisitions.

Is multicloud safe?

In 2024, it’s estimated that 89% of companies use a multicloud approach and 80% use a hybrid cloud approach to their enterprise network. But with these increasingly distributed workloads comes a higher level of security risks:

• The extensive scale of services and architectures available can make comprehensive oversight more challenging.
• Deployment of new features can occur more quickly than security controls.
• Higher number of public-facing endpoints can increase the attack surface.

As enterprises expand their architectures and data across cloud environments, IT teams need a customized, adaptable strategy toward security features across all providers. This added cost is a necessity to keep data safe across their multicloud architectures.

A single cloud provider controls its security software updates, simplifying interactions with its clients. Therefore, transitioning to a multicloud architecture poses these challenges:

• IT has to keep up with all the upgrades among multiple clouds, and ensure employees are using them.
• Sometimes third-party services handle security for cloud providers, meaning parts of the cloud environment aren’t accessible.
• Because employees are accessing multiple clouds, each with their own security and access protocols, the risk of vulnerabilities increases.
• Remote employees may be using handheld devices and personal laptops, which means human error can creep in and may be harder to identify.
• Lack of thorough training for all cloud platforms can lead to errors when setting up each cloud’s security measures.

Best practices for multicloud security

Cloud providers include many security features including multi-factor authentication, encryption, identity and access management, compliance and governance tools, and threat and anomaly detection.

But Gartner points out that human error can still lead to expensive security breaches. This advocates a mindset shift from asking “Is the cloud secure?” to “Am I using the cloud securely?”

You can answer this question by adopting several best practices:

• Don’t completely outsource security to cloud providers – take security ownership through a risk assessment that you modify as needed.
• Regularly audit and discuss how your team can adapt your security strategy from lessons learned, both internally and from breaches that hit the news.
• For each data stream, weigh the cost against the risk tolerance to prioritize which streams require the strongest security features. This can help you stagger investments in line with your security budget.
• Synchronize security tools across multicloud platforms to automate compliance protocols. Try to reduce or eliminate specific security tools that address only one potential problem, because patchwork fixes can multiply and become hard to track.
• Virtualize and use additional SaaS products, apart from cloud products, for reporting, deployment, and creating a thorough security policy.
• Reduce human error through automation and APIs that apply consistent security measures across your cloud stack.
• Foster a cybersecurity culture in your business and form alliances with IT cloud security staff to maximize insight and learn from their expertise.

These best practices—along with hiring the right personnel—can go a long way toward avoiding breaches and retrieving data in the face of disasters.

Adopt a zero trust approach

When enterprises relied on internal servers, a castle-and-moat philosophy reigned, meaning firewalls kept most hackers at bay. Yet now, according to Gartner, “Trust based on physical location breaks down when users are mobile and when external partners require access. It creates excessive implicit trust – trust that attackers abuse.”

Therefore, security teams are increasingly adopting a zero trust approach. They’re embedding security throughout the infrastructure as well as continually monitoring and testing areas that could be vectors for illegal entry.

Security solutions have to be ongoing, rigorous, and at an enterprise level, with scrutiny on what individual users have access to, from where, and at what times. With the rise of mobile devices, security has to go to the edge of data endpoints.

In short, we advocate to:

• promote consistent security measures across cloud environments.
• use an Infrastructure as Code (IaC) tool, like the Megaport Terraform Provider, to enforce configuration consistency and support change management.
• reduce public-facing endpoints by using private multicloud connectivity solutions, like Megaport Cloud Router (MCR) or Megaport Virtual Edge (MVE) for cloud-to-cloud routing, or our data center connectivity options for DC-to-cloud connectivity.
• consider a SASE and ZTNA architecture for your cloud edge, and Firewall as a Service (FWaaS) options for intercloud and edge connectivity.

Get a free demo to discover how you can level up your multicloud security with Megaport.