As companies move more of their business infrastructure into the cloud, they grapple with the challenges of managing multiple cloud environments. Security companies are tackling multicloud security through increased visibility, cross-platform implementations, or a combination of both.
On Thursday, cloud networking company Aviatrix announced its new Distributed Cloud Firewall security platform that combines traffic inspection and policy enforcement across multicloud environments. The company uses native cloud platform features and its own technology to give companies a consolidated view into the security of their cloud workloads and the ability to push the same policy to different clouds, says Rod Stuhlmuller, VP of solution marketing at Aviatrix.
“The architecture is really what’s new, not necessarily the capabilities of each of the features,” he says. “It’s very different when you have to redirect traffic to one centralized inspection point for whatever security capabilities you have — that just becomes very complex and expensive to do.”
The vast majority of companies (87%) have moved their information infrastructure to a multicloud architecture, with the lion’s share (72%) using a hybrid approach that combines both private cloud infrastructure and public cloud services, according to Flexera’s 2023 State of the Cloud report. Among the top challenges for companies are managing their multicloud architecture and the security of their cloud infrastructure, with 80% and 78% struggling with the issues, respectively, according to Flexera.
When companies deploy workloads to multiple cloud service providers (CSPs), security can suffer. Because CSPs differ in how they handle security policies, traffic inspection and workload deployment, companies can quickly lose visibility into the security of their cloud infrastructure, says Patrick Coughlin, vice president of technical go-to-market for Splunk , a database. and insights cloud platform.
“Let’s say, maybe you go to Google for your machine learning tools and workloads, you go to Azure for your core enterprise services, and you go to AWS for cost-efficient storage and general data management — you might even have some applications in-house land that are legacy and highly regulated that you have to keep on prem,” he says. “But what the security team needs is visibility across all of this, and it’s a non-trivial challenge to be able to provide not only that visibility, but the ability to investigate all of that if something goes bump in the night.”
The Multicloud Security Mess
Initially, many providers created virtual instances of their firewall appliances and set them up as gateways to cloud infrastructure, but those virtual firewalls have become increasingly difficult to manage, especially across multiple cloud platforms, says John Grady, principal cybersecurity analyst at Enterprise Strategy Group.
“Virtual firewall instances have been around for a while, but there’s been a recognition over the last couple of years that these deployments can be complex and cumbersome and don’t take advantage of the key benefits that the cloud offers,” he says. “So we’ve seen a general shift toward more cloud-native network security solutions.”
With more organizations using multiple infrastructure-as-a-service (IaaS) solutions from the top cloud companies—Amazon Web Services, Microsoft Azure, and Google Cloud Platform—it’s critical to find a solution to the growing complexity.
Aviatrix, for example, allows companies to create an abstract policy that can be applied across all cloud platforms with their own security groups, without requiring the administrator to go to each cloud. For companies with proliferating workloads, driven by microservices-based software architectures, the number of containers and virtual machines that need to be updated can skyrocket, Stuhlmuller says.
“It’s not that we put firewalls everywhere, but we put the inspection and enforcement capability in the network in the natural path of traffic, with a (single management console) that allows us to do centralized policy creation, but push that distributed inspection enforcement anywhere in the network.”
Other major vendors focusing on cloud workload security, albeit with different approaches to the technologies, include Palo Alto Network, McAfee Enterprise, Trend Micro, Rapid7, and Check Point Software Technologies, according to Forrester Research, a business analysis firm.
Saving money is paramount
With uncertain economic times worrying the executive suites, cost savings may be the biggest argument for companies to consolidate their view of their cloud infrastructure. A security architecture based in the cloud and representing each cloud platform in the same way helps companies secure their cloud services more efficiently, but the approach also has the real advantage of saving money, says Andras Cser, vice president and principal analyst at Forrester Research.
“Multicloud security cuts costs,” he says. “Organizations do not need to invest in procuring and training for security solutions from multiple cloud providers. They can instead use a single provider or cloud provider to source all cloud security capabilities from a single tool – this reduces errors, improves security posture, and cuts costs.”
In addition, consolidating some functions leads to cost efficiency. For example, distributed firewalls have the ability to perform network address translation (NAT) and charge by the hour, unlike many vendors who charge by the hour and by bandwidth, according to Aviatrix’s Stuhlmuller.
Ultimately, a simpler approach to security in the cloud helps companies reduce the overhead of securing workloads and allows their security professionals to focus on improving security performance, says ESG’s Grady.
“Many organizations continue to struggle with the skills shortage and try to do more with less,” he says. “There is an efficiency benefit with a ‘write once, maintain anywhere’ model, such as time savings by not having to deploy individual instances and the associated cloud infrastructure – such as load balancers – to support them.”