Upcoming Webinar
Enable secure app access for all users (even 3rd parties) on any device (even BYOD) with complete visibility.
Icon Rounded Closed - BRIX Templates

How financial services organizations can secure multi-cloud applications

|

Long gone are the days when a single cloud is the preferred choice for financial services (finserv) organizations still undergoing a digital transformation. Instead, most are quickly moving toward a multi-cloud environment that mixes both public and private platforms–although it may be at a slower pace than other sections.

According to the 2022 Enterprise Cloud Index (ECI), the finserv industry is behind other industries in multi-cloud infrastructure adoption, trailing the global average by 10%. However, it’s expected to pick up and nearly double from 26% to 56% in the next three years.

But that mixture leaves their security teams in a quandary. As finserv organizations move more of their workload to the cloud, the teams charged with safeguarding assets need to lock down apps and plug other vulnerable hotspots that arise or are amplified by a multi-cloud strategy, but they can’t make those security measures burdensome to users. Otherwise, users can’t easily do their jobs — at any time and from anywhere, as today’s digital economy dictates — and they’re more likely to find workarounds that undercut security.

The flip to multi-cloud is fully underway, after arguments against the move evaporated in the face of digital transformation and as the pandemic bore down, sending workforces home to work remotely. These events accelerated migration to the multi-cloud environment to meet the increased demand by users to access apps and data from outside the office. Even in finserv organizations, some departments had to be able to do their jobs from wherever they were — at home, in the office, or at a coffee shop — and using any device, managed or not.

In the “Before Times” — pre-2020 — there were already clear indicators that a shift to multi-cloud or hybrid environments was in the making. Early cloud strategies hewed toward single-cloud implementations — perhaps because they were more tightly coupled to a vendor like Microsoft, with which an organization already had an existing business relationship for other products and services. But as different branches of an organization saw the benefits and efficiencies of moving to the cloud, they added different platforms to the mix.

The pandemic, and the resultant shift to remote work, accelerated not only migration to the cloud but also the embrace of multi-cloud or hybrid environments. A study by the Harvard Business Review found that 69 percent of organizations expect upwards of 60 percent of their workloads and infrastructure to be in the cloud in the next two years. When taking a look at the 2022 State of the Cloud report from cloud management firm Flexera–where a bulk of respondents are from financial services–89 percent of respondents reporting having a multi-cloud strategy.

Couple those results with findings from Denodo that reveal a proclivity toward hybrid and multi-cloud for 53 percent of respondents and the trend is clear: adopting a multi-cloud infrastructure is quickly becoming a de facto standard.

But as the number of cloud implementations multiplies, so do the challenges — security and otherwise. Regardless of whether an organization patches together its cloud offerings or executes a more careful strategy, integrating cloud platforms operationally and securely is a monumental task. Among the top obstacles organizations face are the following:

Management of access to apps.

Applications in a multi-cloud environment are often out of reach for those who need them most. Some organizations have applications in their private clouds that are not as centrally located as they would be in a traditional data center. Others still have applications in the data center that aren’t easily accessible via cloud environments.

Standardization of processes.

Not surprisingly, different branches of an organization have developed their own sets of processes on the cloud platforms they use. When those platforms are melded into a single strategy, processes aren’t consistent across an environment, and in some cases they’re in conflict. Standardizing and securing processes, though, requires particular attention to how they’re used by employees.

Poor visibility into assets.

It’s difficult enough to “see” assets across a single cloud platform; add others to the mix and visibility dims further. Since organizations can’t protect what they can’t see, poor visibility can cripple even the best security strategy.

Uneven encryption.

Again, not surprisingly, different branches of an organization may vary their approach to encryption, with some adopting more stringent encryption requirements while others take a more relaxed, piecemeal approach. But encryption is meaningless if it isn’t end to end, so it’s important for organizations to develop and execute a comprehensive encryption plan across cloud platforms.

Gaps in security skills.

Cloud security pros often specialize on one platform or the other and are not skilled in other cloud offerings or on particular security issues. As organizations integrate their cloud platforms, they likely will find gaps in the skills their IT and security pros bring to the table.

Management and remediation of vulnerabilities.

Many organizations are felled by breaches that result from unpatched flaws, many of which have been known for years. When environments span multiple clouds, spotting and addressing those vulnerabilities before they’re exploited by bad actors becomes more difficult. Shared responsibility that gets murkier.

Finserv organizations on a single cloud platform already grapple with understanding where a provider’s security responsibility ends and where its own begins. That problem is magnified in an environment with multiple clouds in play. Who’s in charge of what gets lost in the shuffle.

While cloud environments have matured and become more complex, security clearly has not kept pace. As work increasingly is done outside the enterprise data center and more traffic occurs in the cloud, securing access to applications without increasing friction for users requires migrating legacy perimeters to cloud-based, converged security capabilities — like those found under the Secure Access Service Edge (SASE) model — that support modern work.

By integrating tools that organizations already depend on, such as Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Zero Trust Network Access (ZTNA) with software-defined wide area networking (SD-WAN) capabilities and even 5G connectivity, SASE can protect finserv users as they access applications no matter where they are or where they go online — and users are none the wiser.

Driven in part by the pandemic, SASE adoption has been well underway, and, in fact, this timeline has been accelerated to five years from the previously estimated 10 years as organizations continue their digital transformations. But to put a SASE strategy into motion to protect access to apps in a multi-cloud environment, organizations should follow a few prudent guidelines:

Start where you are.

No two organizations are at the same place on their cloud journeys. It’s critical that an enterprise invests in a solution that meets its current needs and supports a path for future growth, utilizing a shared platform where possible.

Prioritize the user experience.

In today’s modern work environment, during a “Great Resignation,” it’s all about users and giving them the tools — and apps — to best do their jobs. Security and networking teams should consult with all major stakeholders within an organization to understand how users work, then align the provision of secure access to applications that meet users’ needs.

Embrace Zero Trust Network Access (ZTNA).

The old joke goes “On the Internet, no one knows you’re a dog.” The same is basically true in the cloud. Zero Trust essentially assumes everyone is a “dog,” then grants access to apps as identity is confirmed. ZTNA solutions should be easily delivered to users either as clientless or as a client providing easy access while always maintaining security policies.

Find a solution with strong isolation technology capabilities.

Finserv organizations need to identify threats and isolate them before they impact users — without changing the user experience, degrading users’ performance, or interrupting workflow. Isolation technology should be considered a foundational aspect of security solutions.

Ensure scalability.

If the last two years proved anything, it’s that change is inevitable — but unpredictable. Organizations must be prepared for whatever changes and growth opportunities come their way, and that means investing in a security solution that is scalable to future needs.

Regardless of where an enterprise is in its cloud journey — and make no mistake, all organizations are on a cloud journey or will be very soon — the time to secure applications is now. Whether a public or private sector organization has most of its workloads on premises today and is slowly moving to cloud or is already very cloud focused and is expanding rapidly to a multi-cloud model, it’s crucial to implement security measures that support current needs but can scale as the cloud environment grows. Securing applications as they’re migrated to the cloud without placing undue burdens on users should be the centerpiece of any such strategy.

Menlo Security

menlo security logo
linkedin logotwitter/x logofacebook logoSocial share icon via eMail