Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

How and Why to Put Multicloud to Work

Complex multicloud environments present organizations with security challenges, but also opportunities for efficiency.

Joshua Goldfarb, Field CISO

April 10, 2023

3 Min Read
Illustration of a physical model of a cloud, broken open to show lots of smaller clouds inside
Source: ScimanSky via Alamy Stock Photo

Many enterprises find themselves with hybrid and multicloud environments. While the days where everything was either on-premises or in private clouds are gone, it is far from the case that enterprises have put all — or even the vast majority of — their applications and infrastructure into the cloud. Further, it is nearly never the case that an enterprise has consolidated everything into a single cloud provider; instead, businesses operate with a complex mix of diverse environments. It appears that this will be the case for quite some time.

What may be less known, or at least less considered, is the amount of complexity and the number of challenges that these environments bring. What this means for most enterprises is that they find themselves struggling to efficiently manage and secure hybrid and multicloud environments. In addition, many enterprises find themselves spinning up and maintaining multiple technology stacks within each environment, often requiring entire teams dedicated to this function. As the popular security mantra so aptly says, complexity is the enemy of security.

How so? For starters, complexity introduces the opportunity for human error and oversight. This often brings with it security holes, which in turn increase the attack surface of business-critical applications and the infrastructure they run on.

To get an idea of how complex of an environment most enterprises are faced with, let's look at a few data points from F5's "2023 State of Application Strategy" report:

  • 85% of organizations operate multiple application architectures and locations.

  • 90% of organizations that maintain multicloud infrastructures report challenges.

  • 42% of organizations leverage four or more cloud providers.

  • 37% of applications are deployed on-premises.

  • 15% of applications are deployed in the cloud.

  • 58% of organizations are using digital services to substantially drive the business, with those services accounting for half or more of the firm's annual revenue.

The data clearly articulates the complexity that most enterprises face, and it also shows that hybrid and multicloud environments — and the challenges they bring — are here to stay.

Business Challenges of Multicloud Environments

What are some of these challenges that businesses face? While not an exhaustive list, here are a few of them:

  • Managing and securing multiple complex environments.

  • Applying policy and security consistently across diverse environments.

  • Easily provisioning the required networking and security infrastructure.

  • Deploying applications easily where required across the ecosystem.

  • Ensuring the requisite connectivity and security across applications.

  • Needing a central console to manage multiple complex environments.

  • Gaining visibility into infrastructure and applications to ensure health, compliance, and security.

  • Properly monitoring for and responding to infrastructure and security issues.

Thankfully, enterprises have options when it comes to addressing these points and can leverage distributed cloud and multicloud solutions to help reduce complexity and simplify. Doing so allows enterprises to more efficiently and effectively manage and secure their hybrid and multicloud environments.

What to Look for in Distributed Cloud

When looking at distributed cloud solutions, enterprises should take into account a few important points:

  • Workload protection and application security (at layer 7) is a must, particularly for applications that span multiple environments.

  • While many solutions provide network security (layers 3 and 4), fewer seamlessly integrate workload protection and application security on top of network security.

  • The user layer (layer 8) is extremely important when looking to protect against automated attacks and fraud. This is mainly because differentiating between human and automated traffic and between legitimate and fraudulent traffic requires an understanding of intent that can only be gleaned from the user layer.

  • A central console that brings everything together and facilitates the management and security of both applications and infrastructure is imperative.

  • Inclusion in the architecture and design of the enterprise early on, with an ability to flexibly consume different features and grow around, is central.

  • An ability to efficiently address what the market demands — flexibility and fast pace — without introducing complexity and security holes is important.

Although it requires some investment and effort, taking control of the challenges that hybrid and multicloud environments present is essential for enterprises to remain competitive, keep costs under control, reduce complexity, and adequately manage and secure both applications and infrastructure. The sooner an enterprise begins tackling these challenges, the sooner it can efficiently and securely provide its customers the functionality they seek.

About the Author

Joshua Goldfarb

Field CISO, F5

Josh Goldfarb is currently Field CISO at F5. Previously, Josh served as VP and CTO of Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team, where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh's blogging and public speaking appearances, he is also a regular contributor to Dark Reading and SecurityWeek.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights