TomorrowLab turns Living Tomorrow’s inspiration into action, helping businesses, cities, and governments shape their innovation vision.
Learn more about Tomorrowlab
Strategy and security in the multicloud
Companies are increasingly choosing a multicloud approach: a combination of various public clouds, either alone or alongside private cloud or on-premise infrastructure. But that raises significant maintenance and security management challenges.
It’s no surprise that companies operate in different public clouds. “Hyperscalers provide various solutions and services,” says Thierry Van Nuffelen, Product Manager Cloud at Proximus NXT. “If you are looking for very specific applications, you may only find them with a specific provider.”
Adopting a multicloud approach also can help to keep costs under control through the principle of diversification. “If one cloud provider increases its prices for certain services, and those services are also available from a competitor, such as IaaS, then it makes sense to switch to another provider,” says Thierry. In practice, most medium-sized and large companies opt for a multicloud solution. “You need a certain volume in order to justify the investment and costs involved with migrating from one public cloud to another.”
Medium and large companies may have compelling reasons for choosing a multicloud approach but integrating different public clouds can also present challenges. Most importantly, companies need to find a solution that will enable them to secure their cloud architecture consistently and efficiently.
Choosing a strategy
Everything starts with the strategy that an organization follows. Thierry: “If a company chooses a hyperscaler-centric cloud infrastructure, it will focus on a single provider. The organization then uses one public cloud as the primary hub, connecting it to the stacks of the other clouds. This improves operational efficiency.” But there are also limitations. “If you use tools from one public cloud in other environments, you can't tweak them as easily as in the tool's own native cloud.” Thierry Van Nuffelen, Product Manager Cloud at Proximus NXT
Other organizations opt for a distributed cloud infrastructure. Here, the company does not choose a single tool stack within a single public cloud but instead opts for tools that work with all the public clouds used – and often private clouds too. “With the hyperscaler-centric strategy, you go for depth in one cloud,” explains Thierry. “With the distributed strategy, you use the best of each individual public cloud.”
“If an organization has built up expertise in a single public cloud over many years, it will find it easier to choose that as its central cloud hub.”
The right security
“The tool stack that a company typically uses to secure the public cloud looks different from the classic tools for on-premise security,” says Bart Callens, Product Manager Cybersecurity at Proximus NXT. “For applications and operating systems running in your own data center, you are responsible for handling the patching yourself. In a SaaS or PaaS environment in the public cloud, this is mainly the responsibility of the provider. The focus there is more on secure configuration.”
The question remains: how do you secure the various combined public clouds? “By definition, you can arrange cybersecurity separately for each public cloud, using the native stack in each case,” Bart continues. “But then you need a separate security specialist for each cloud.” However, there is an alternative approach. “With Azure Cloud Security Posture Management (CSPM), for example, you can detect and correct incorrect configurations not only in Azure, but also in AWS and on the Google Cloud Platform. However, this cannot be done as comprehensively as it can be in Azure itself.”
Comprehensive security
“You can also add a layer of security middleware that covers all the clouds used,” Bart continues. “Such solutions include Prisma Cloud from Palo Alto Networks. The company then develops central policies that the solution implements across the different clouds. Compliance reporting is also easier when the security is comprehensive.”
If a company already has experience with one of these security solutions, rolling it out to other public clouds requires relatively little effort. “Suppliers are consolidating more and more protection functionalities into their comprehensive solutions,” says Bart. “These are also available in the hyperscalers' own stack. That makes it easy to set up a virtual firewall across different clouds. We are also seeing how a company like Palo Alto is incorporating advanced security features into Azure's own firewall in a cloud-native way, which may ultimately persuade customers to choose the hyperscaler-centric approach again.”
What about management and maintenance?
These are the decisions companies can make based on their cloud infrastructure and the related security for the multicloud environment. But each choice also has an impact on the overall monitoring and management, and, importantly, the necessary expertise. Thierry: “In practice, an organization may be focused on a single public cloud, such as Azure, but the business may request specific applications within another cloud, such as Google or Amazon.”
If the organization wants – or needs – to respond to this demand, it faces an additional challenge. It must develop expertise in that other cloud domain, not just in functional terms, but also in terms of the additional security required.
What can a company do if the management and maintenance of the multicloud environment proves too complex?
Thierry: “If the company has sufficient expertise and available staff, one solution could be to implement a cloud management platform across the various clouds and then use it to manage the multicloud environment.” What if a company wants to use a specific service from a hyperscaler but doesn't have the right skills in-house? “In that case, the company can come to us for a managed service for that cloud,” says Thierry. Proximus NXT has specialized expertise in-house. “A company can also outsource the management and maintenance of its multicloud entirely to us.”
“For the security of your multicloud, you can add a layer of security middleware that covers all clouds used.”
Modular approach
“The same applies to security,” Bart concludes. Due to the ongoing shortage of specialized security profiles and the rapid pace at which security requirements are evolving, companies are increasingly opting for support from a partner. “We not only provide the security licenses that run in the cloud, but also manage the security controls for the company, on-site and in the various clouds, regardless of the multicloud strategy the company follows.” The services offered are modular and cover operational, tactical and strategic levels. “This ranges from keeping security controls available to providing Security Operations Center (SOC) services to a full range of Governance, Risk & Compliance (GRC) services.”
Secure and efficient management of your multicloud environment.
How do you maintain control and consistent security across all your cloud environments without compromising flexibility?
Thierry Van Nuffelen is Product Manager Cloud at Proximus NXT. He holds a degree in Marketing from Group T and has earned certifications in ITIL and Agile methodologies. Thierry joined Proximus in 2010, initially taking on various IT-related roles within the Sales department before specializing in cloud solutions.
Bart Callens is Product Manager Cybersecurity at Proximus NXT. He holds a degree in Civil Engineering Telecommunications from KU Leuven and has earned certifications in ITIL, ISO 27001 as well as several Cybersecurity technology certifications. Bart joined the Proximus Group in 1998, taking various roles, including IT Engineering and Operations, Solution Sales and Product Management, mostly focused on Cybersecurity.
Latest insights & stories
Smart Buildings & Infrastructure
How smart water systems redefine sustainability in large buildings
Smart Work
Post-quantum cryptography: waiting isn’t an option
Quantum computers constitute a real threat to standard encryption. Given the harmful impact, Proximus experts Peter Spiegeleer and Kristof Spriet point out the need to switch to post-quantum cryptography (PQC) promptly.
7 practical lessons from over 150 AI projects
The implementation of AI is still a bumpy road in many organizations. Anyone who wants to be successful must look beyond the hype. Experts Benoît Hespel and Dirk Luyckx share the 7 most important lessons from over 150 AI projects.