Multi-cloud Security Done Right – Relationships between Environments is Key

Hanan Bercu
Sunday, Jun 20th, 2021

92% of today’s enterprises have a multi-cloud strategy in place, with an average of 2.6 public and 2.7 private clouds in use across their network. The facts are in – and security that isn’t multi-cloud just isn’t comprehensive enough for today’s organizations. But what do security vendors mean when they add multi-cloud to their list of checkbox features and is it enough?

“Multi-cloud Security”

When today’s vendors talk about multi-cloud security, they will usually provide a list of the cloud providers that they extend support to, such as AWS, Azure, GCP, and more. They may even say, “We support any cloud environment.” However, in reality, most of these security vendors provide visibility into each cloud in a silo, and list security findings separately for each cloud environment.  

Today’s business environments are complex, and even a single production environment’s infrastructure can often combine multiple cloud providers. If your information is provided separately for each cloud, your first problem is an increase in the overhead and effort that’s required to mitigate any issue, adding downtime or delay for the business. 

Perhaps even more essentially, if you rely on security that separates out the detection and mitigation for each of the providers in a vacuum, you never access a full view of what’s actually occurring in your cloud environment, and you miss the infrastructural relationship between the different providers. In many cases, the relationship itself is the problem, or there is something happening between the two clouds that is opening up the business to true risk. As a result, security tools that shout “multi-cloud” but ignore the correlation and convergence of different clouds miss the point.

A Real-world Example in a Production Environment

Let’s think about a production environment that is set up on AWS and has Kubernetes Clusters deployed on EKS (AWS Elastic Kubernetes Services) where for both cases Azure Active Directory is being used as the Identity Federation. In this example, one of the pods inside the EKS Cluster has the client ID and the client secret inside which belongs to the service principal object (the object’s representative) in Azure’s Active Directory. This object has an owner role attached thus its permissions are broad. If this pod is exploited, the attack can lead to essential credentials leaking outside of the EKS, which causes an Azure Subscription Compromise.

This is not an unusual example. In fact, at panoptica we have detected this use case in many financial services companies who rely on Azure AD but have their main workloads running on AWS.

Real-world Example in a Production Environment

Securing Multi-cloud in the right way

By looking at the environment as a whole, with what we call real multi-cloud visibility, your organization gets the benefit of correlating the status of multiple cloud environments, and not only finding problems in a particular cloud, but also uncovering issues that happen at the point where they interact with one another. 

This is exactly the approach we take at panoptica, providing attack paths rather than isolated risks. We execute contextual multi-cloud security with a full view of your whole environment, in a single scan. 

As your dynamic environment moves and changes in real-time, panoptica re-calculates all potential attack paths. That means that while other solutions might have an ever-growing list of threats, some of which are out of date almost immediately or certainly by the point of mitigation, with panoptica certain attack paths (and therefore alerts) may disappear altogether, while others could open up. Instead of an ever-populating list of findings, you always have real-time insight into your real-world multi-cloud environment. 

It’s the Relationship That Matters

Many enterprises will look to make sure that a specific security provider covers multi-cloud before they sign on the dotted line. However, it’s clear that not all multi-cloud offerings are created equally. Most security vendors understand that as multi and hybrid cloud deployments become ubiquitous, they need to include the offering in order to remain relevant, but behind the scenes – the technology doesn’t stand up to scrutiny.

If your business and your infrastructure doesn’t work within the confines of siloed cloud environments, why would you accept your security solution taking that approach? 

Don’t settle for a multi-cloud offering that looks at each of your cloud environments individually. Instead, a real multi-cloud security stack detects issues across and between multiple cloud vendors, and isolates true, real-time attack paths from relationships, where providers interact in a dynamic and heterogeneous network.

Ready to talk about your unique cloud environment, and get context into an increasingly complex multi-cloud reality? Let’s set up a call!

Popup Image