This month at Distology we launched our Multi-Cloud Security portfolio. This is made up of a number of vendors who I believe have taken some traditional cybersecurity technologies and retrofitted them for the challenges that IT teams are facing in modern multi-cloud environments.
We also have a Cybersecurity Operations (Cybersec Ops) specialism, so what’s the difference? Ultimately, the solutions that are joining the multi-cloud specialism are specifically focusing on helping with the security and management of environments that use a hybrid or cloud approach and therefore present additional challenges to traditional security; Traditional challenges that the solutions in our Cybersec-Ops specialism have been dealing with on-prem for years already. So in short, they are Cybersec-Ops tooling, but we believe that their super power lies in how well they support organisations running across multi-cloud and hybrid environments.
For example, one of the vendors joining multi-cloud, ThreatX, is a web app and API (that’s short for application interface and is how web apps connect to other web apps) protection solution, that is API and Cloud native. Web firewalls are not new, and have been used in traditional infrastructures for years. However, API native solutions that can support on-prem and multiple cloud deployed resources simultaneously, whilst also being super-lightweight to deploy and maintain, are not in abundance on the market. ThreatX offers exactly this, and they are an exciting addition to a multi-cloud strategy with their 24/7 security operations centre (or “SOC”) support sitting behind the platform.
As the Senior Solutions Engineer for multi-cloud, it was important to work with our CPO Lance Williams to identify technology that was not only innovative and modern, but also that had an easy deployment and user experience at its core. We all know there is a growing skills shortage in the industry, and many departments have talent and budgeting restraints that are impacting their security strategies. It is a complex matter securing a single environment, so given that the average company is using 2.2 public clouds with on-prem resources too, the room for error is growing along with the attack surface that needs protecting. Another thing I personally looked at was the integration with DevOps and the CI/CD pipeline; with many friends in these spaces, I know how important it is to them that any new technology can be automated and easy to work into their existing stacks.
Although the list is exhaustive, at Distology we have identified the following key challenges that are further complicated when running a multi-cloud or hybrid environment:
To simplify this list, we have identified three key areas that companies can focus on with their multi-cloud strategy: Network, Apps and Data. Having this approach we hope allows a solutions focused approach, rather than trying to stick plasters over gaps and hope they hold for now. Imagining a user’s journey, be them an external customer or employee, the journey through a company’s service is simple; An application hosted on your network is used to communicate with the underlying data store. So focusing there seems like a logical place to start while the cloud continues to evolve. We have worked hard to understand the issues our partners and their customers are having in navigating the multi-cloud world, and to build a portfolio that starts to address many of those issues. This is an ever-changing landscape and, though we might not have all the answers today, we do have a great place to start from!