Multi-cloud computing is the norm for companies looking to take a fast and innovative approach to execute their business operations. From reliability and cost-performance optimization to flexibility, the benefits of working in multiple cloud environments would make any business leader jump at the opportunity. While recognizing the perks, the security organization is also in charge of protecting each of the environments and the expanded attack surface that accompanies them.
As if the threat landscape didn’t introduce enough complexity, the separate, and at times unique, policies surrounding the dispersed data is an additional problem, says Chris Schueler, senior vice president of Managed Security Services at Trustwave.
“You have security policies in each ecosystem you’re trying to maintain, and trying to manipulate your very rapid DevOps approach to pushing out content and new business applications,” Schueler says. “So working with the business owners to manage that content, then managing the policies around that content is a huge conundrum that security leaders are facing today.”
For those thinking that a single-policy approach could be a silver bullet, think again.
“To have a consistent policy that goes across all of the environments that’s ubiquitous…that’s pretty much irrelevant,” Schueler adds.
In the full interview below, Schueler discusses the state of security policies in multi-cloud environments, how some solution providers play a role, and approaches that do and don’t work when it comes time to managing the seemingly unmanageable.
Managing and navigating these complex environments requires time and expertise. As businesses look toward working with trusted security advisors to provide supplemental assistance, find out how Trustwave can ease your organization’s burden.
Marcos Colón is the content marketing manager at Trustwave and a former IT security reporter and editor.