Sep 01 2020

How Can Security Keep Up with Multicloud Environments?

A recent survey suggests that federal cybersecurity leaders are not doing enough to secure their evolving cloud deployments.

Research has indicated that about 4 out of 5 federal agencies use more than one cloud platform, and that approach is expected to accelerate in the years ahead. However, security concerns remain about multicloud environments in agencies, especially with so many workers using cloud-based collaboration tools while working from home.

According to a survey and research report recently released by MeriTalk, just half of multicloud users or fewer report taking critical steps to secure their environments, such as using data encryption.

The survey results underline the idea that although federal agencies have been busy adopting cloud services and infrastructure over the past few years, cloud security remains an area in which they will need to invest. MeriTalk surveyed 150 federal cybersecurity managers to explore multicloud cybersecurity challenges and opportunities, how they are using and securing the cloud now, and how they intend to move forward.

What Is Being Done to Enhance Cloud Security?

According to the survey, 91 percent of feds say securing multicloud will be a

top priority over the next two years. However, while agencies are accelerating multicloud adoption to support collaboration tools such as Microsoft Teams, security concerns abound.

Indeed, the survey found that 83 percent of respondents say their agencies are increasing multicloud adoption to support telework and mission needs related to the coronavirus pandemic. And 76 percent have begun moving critical services to the cloud to address telework-related availability issues.

Yet just 42 percent say they are trying to adapt cybersecurity strategies accordingly, but they say it’s not fast enough for the evolving cloud environment.

Few multicloud users are fully confident in their agencies’ cybersecurity postures. The main challenges to securing multicloud environments, according to the survey, include budget constraints (39 percent), difficulty meeting regulatory requirements (32 percent), the lack of a skilled workforce (32 percent), a lack of sufficient cybersecurity solutions baked in (such as APIs and identity, credential and access management solutions) and an increased attack surface (30 percent).

What is being done to secure multicloud environments? The survey suggests there’s a lot of room for improvement. About half, 51 percent, say that they are using data encryption at their agencies. But when it comes to other solutions, adoption rates start to fall off.

According to the survey, 41 percent have implemented zero-trust security principles, 39 percent have adopted FedRAMP-compliant solutions, 38 percent have established centralized controls for threat detection and 34 percent use a cloud access security broker.

Looking ahead in terms of solutions, the report recommends that cybersecurity leaders focus on agility. As clouds environments grow more complex, federal cybersecurity strategies must evolve to keep up, the report argues. “IT teams and agency leadership must meet regularly to review the state of play, confirm priorities, and adjust to ever evolving threats,” the report states.

Another step that IT leaders should take is to centralize cloud management, according to the report. “Many agencies found themselves in multi-cloud environments due to disparate cloud adoption,” the report notes. “Going forward, Feds should work toward consistency across platforms to streamline management and apply holistic cybersecurity.”

Finally, the report suggests that agency IT teams elect an “automation team captain” to be the point person for driving automation into their environments.

“Federal cyber leaders are actively working to improve multi-cloud visibility, scalability, resiliency, and control,” the report notes. “Agencies should look to automation in areas like scaling, analytics, policy, and DevSecOps to move the ball forward.”

MORE FROM FEDTECH: Find out how to effectively plan for a hybrid cloud environment.

kanawatvector/Getty Images