Even before the COVID-19 pandemic, many organizations were operating in a multicloud environment. Indeed, eighty percent of 150 Federal IT decision makers surveyed by MeriTalk in 2019 said their agency already uses multiple cloud platforms. In the post COVID-19 era, as organizations adjust to a more decentralized workforce and recalibrate their business models, this reliance on multiple cloud platforms will increasingly become the norm.
Beyond the pandemic, main drivers of multicloud adoptions include mergers and acquisitions, and cost and capability differences among providers that might require a more diversified approach. Yet, as with most every technological advancement, the move toward multiple cloud environments, which brings added flexibility and scalability, can also pose new, and often unanticipated, risks. And maintaining multiple cloud providers can create confusion if mature enterprise governance is not in place.
A recent white paper from ISACA (where I am a board director) on the security impacts of a cloud environment provides context around why the multicloud security landscape is becoming prevalent and what organizations need to do to adapt. As the white paper indicates, “Implementations can be driven by different groups: One business team may employ a different cloud provider from the one strategically selected for broader organizational use.” By the time IT is aware of the usage, several business processes may have been set in motion that are dependent upon it.
Developing a multicloud strategy is a security imperative
Proper multicloud governance comes with benefits, including cost advantages, lowering initial investments in an OPEX vs CAPEX model, and better integration with existing security processes.