In the multi-cloud era, are governments secure enough?

By Fortinet

Sean Hong, Regional Director, Strategic Alliances Cloud at Fortinet, shares how governments can keep pace with new vulnerabilities even as they harness the cloud’s potential.

In our digital-first world, governments’ savvy usage of cloud computing is fast becoming the norm. As early as 2018, the Singapore government committed to using commercial cloud services in tandem with the private government cloud to “re-engineer government” and streamline services for citizens.

Indeed, the shift to cloud presents clear benefits. Cloud computing can help governments cut operations and maintenance costs for technology services, flexibly scale services, and tap resource-intensive capabilities such as big data analytics and machine learning.

However, the cloud also opens up new security threats. What are the main threats, and how can governments secure their applications and data? Sean Hong, Regional Director, Strategic Alliances Cloud at Fortinet, shares his thoughts.

Wider perimeters, weakened defenses

Multi-cloud deployment, in which organisations host their data across multiple cloud environments and providers, is growing in popularity. 71 per cent of organisations are pursuing a hybrid or multi-cloud strategy, the 2021 Fortinet Cloud Security Report finds.

Multi-cloud allows agencies to choose cloud platforms that best meet their needs and shuffle applications and data between clouds as needs change, Hong notes. However, moving away from a single set of cloud security controls can increase cyber risk in two ways.

First, multi-cloud opens agencies up to new and increasingly complex systems and tools. These “exponentially grow agencies’ digital attack surface”, making agencies more susceptible to breaches.

Next, multi-cloud creates visibility challenges for security teams. Agencies could end up with a a flurry of technologies with disparate cloud security controls, sitting in various cloud environments', Hong warns.

In this complex environment, understanding the coverage and configuration of each cloud vendor’s security systems, or simply figuring out “which security events have been recorded”, become increasingly difficult.

These issues are compounded by an industry shortage of skilled professionals with a deep understanding of both cloud and cybersecurity, Hong notes. Already stretched security teams make securing multi-cloud even trickier.

Enter adaptive cloud security

In the face of such threats, government agencies must consider an adaptive cloud security system. This “follows applications wherever they may be deployed, on whichever cloud or clouds they may be deployed on,” Hong explains.

An adaptive system would be integrated seamlessly across data centers and multiple public clouds, allowing for consistent policies to be applied across the board, Hong explains. Security teams will also gain deeper visibility into disparate systems, contributing to a “seamless security posture” for government.

The result: more flexibility for agencies to pursue and modify cloud-enabled digital innovations, without having to sacrifice security, efficiency, or take on undue complexity.

For instance, Fortinet's Security Fabric weaves together core security elements with a common management center. This eliminates the need for multiple security point products, providing a simple and unified system for security.

Automation to adapt to ever-shifting systems

An effective security strategy should also allow agencies to automate security and compliance tasks, Hong highlights. Staff can then devote their attention to more complex threat intelligence sharing and management tasks.

Automation will allow security systems to “tightly integrate” with the dynamic environment of multi-cloud. For instance, automated systems can greatly reduce manual configuration errors, scale and evolve security systems. They can also continuously detect threats and ensure compliance as new applications are being developed.

With AI and machine learning, automated systems are becoming even more intelligent and responsive to organisations’ complex security needs. For instance, machine learning is now supercharging threat detection systems. Highly trained models flag anomalies in web applications, determine threat levels, and take an appropriate action — all without human involvement.

Even as automation becomes essential, Fortinet’s security solutions offer a rich array of automation scripts and templates, ready to be deployed against a wide range of scenarios on all major clouds. This allows Fortinet to automatically deliver near-real-time and coordinated protection across its Security Fabric.

Multi-cloud offers agencies a chance to innovate and best serve citizens, but leaves systems open to attack. With a security solution that follows applications and data throughout the cloud, agencies can embrace mission agility without fear of vulnerability.