Simplify and secure your multi-cloud environment

18 March, 2024

Explore findings from our Global Digital Trust Insights survey

As organizations across sectors recognize the urgent need to reinvent themselves, cloud is becoming ubiquitous. But cloud security threats are real—and increasingly top of mind for the C-suite.

In our recent Global Digital Trust Insights survey, we found cloud attacks and attacks on connected devices are the cyber threats Canadian respondents are most concerned about (52% and 50%, respectively). However, when asked about their organization’s cyber budget priorities over the next year, only one in three (35%) Canadian tech-specialist respondents highlighted cloud security as being in their organization’s top three priorities.

Why the gap? Many leaders of large organizations assume security is taken care of by cloud providers. Even if they recognize that’s not enough, many struggle to pinpoint where to invest resources to strengthen their cloud security. This is often because of the sheer complexity of their multi-cloud hybrid environments.

When functional groups in an organization invest in different cloud service providers, the resulting multi-cloud environment tends to be disorganized and unwieldy. Cloud providers and lines of business typically push cloud-native security technologies, but these are limited and often overlap or even compete with each other, as well as with enterprise security technologies—leaving security gaps and vulnerabilities.

So how can large organizations simplify and strengthen their multi-cloud environments so they can use the power of cloud to securely expand operations and fulfill business objectives?

Key steps to secure multi-cloud environments

To take advantage of cloud securely, it’s essential to proactively sense risks. But this is impossible if you don’t have a single, centralized view of your organization’s risk exposure. In complex, multi-cloud environments, leaders rarely have the correlated data and context they need to quickly assess, prioritize and deal with their most critical risks.

The first step many multi-cloud users are taking is to drive towards a consolidated architecture centred around a cloud-native application protection platform (CNAPP). The goal is to reduce the fragmented footprint and increase visibility into risks across their organization’s cloud estate.

For example, we’ve worked with large financial services organizations that use multiple technologies from different vendors to solve the same problems. To help them define their cloud security strategy, we scope their key objectives, guiding principles and current-state landscape. To prove out the target-state technology design and how it operates within multi-cloud environments, we use our experience to draft requirements and stage testing environments in our Digital Resilience Centre labs. Given how the CNAPP vendor landscape has been evolving, we take advantage of our relationships with different cloud vendors to get additional insights into feature roadmaps.

However, technologies like CNAPP don’t solve all problems. We identify skill set gaps and process improvements the organization needs to make to take full advantage of their investment in technology.

When helping organizations strengthen their cybersecurity, we have two objectives: to reduce their mean time to detect and their mean time to respond. To do so, we recommend tools are integrated in their environment in line with leading practices we’ve observed in our work, as well as in the industry. So once the stakeholders are aligned and have selected a streamlined solution, our next step is to enable the solution to be designed, implemented and operationalized to its best capacity.

Security tools generate a high volume of alerts. On an ongoing basis, we support organizations by enabling systems to be configured correctly, vetting their alerts, triaging and reducing the noise, and helping them only take action on true issues. The result is tailor-made, well-functioning solutions integrated in their internal systems that alert them to critical issues that need immediate attention.

In other scenarios, we centralize the operation of the security model and help organizations monitor threats 24/7/365. It depends on the extent to which the organization wants to streamline and free time for their people to focus on their core business.

Define your enterprise-wide security strategy

In their rush to move to the cloud, many large organizations have found themselves in a messy, complex situation. They’re often using multiple clouds to do the same job, leading to a fragmented and siloed security posture.

Distributed growth of cloud platforms combined with a lack of proper supply chain and third-party risk management, enterprise architecture, and foundational security and operational services almost always leads to unmanaged buckets of platform services.

It all comes back to the need for an enterprise-wide security strategy. Against the backdrop of evolving cybersecurity risks, organizations must define a strategy that enables the business to have the visibility into risks they need to confidently and securely use the power of cloud.

Ready to optimize your organization’s approach to cloud cybersecurity and cloud security operations? Reach out to us today to start the conversation.

Follow PwC Canada

Contact us

Joanna Lewis

Joanna Lewis

Partner, Cybersecurity, Privacy and Financial Crime, PwC Canada

Tel: +1 416 687 9139

Alvin Madar

Alvin Madar

Partner, Cybersecurity, Privacy and Financial Crime and National Cybersecurity Leader, PwC Canada

Tel: +1 604 806 7603

Umang Handa

Umang Handa

Partner, National Cybersecurity Managed Services Leader, PwC Canada

Tel: +1 416 815 5208