🔖 Security & Compliance

Ensuring security and compliance of IT systems is among the biggest concerns of organizations adopting a multi-cloud strategy. Leveraging cloud service provides with public cloud platforms is a form of outsourcing that requires oversight by a retained organization - and the cloud foundation team is best positioned to fulfill this need. This includes ensuring that workloads running on the cloud platform are managed and secured in accordance with the organization’s internal standards and policies.

However, Cloud Foundation teams cannot absorb all responsibilities of building and running secure systems. After all they cannot possibly forsee all the use cases and applications that application teams will built atop the cloud’s infrastructure. It’s therefore inevitable that the cloud foundation team has to provide a clear Shared Responsibility Model Alignment that defines its responsibilities between the cloud service provider and the organization’s application teams.

💡 It’s helpful to apply the same considerations to private cloud platforms as well and not treat them as “safe by default”. They require a similar split in responsibilities between platform teams and application teams.

Key Activities for Multi-Cloud Security & Compliance

Multi-Cloud Security & Compliance involves the following key activities and capabilities

As the cloud foundation approach is all about integrating the capabilities of its constituent pillars, the Security & Compliance pillar has several important links to other cloud foundation capabilities

🗂 Tenant Management

🔐 IAM

💵 Cost Management

🛠 Service Ecosystem

Designing a Multi-Cloud Security & Compliance Strategy

Especially when considering a multi-cloud scenario, cloud foundation teams need to design a security & compliance strategy that enables consistently securing workloads across all cloud platforms.

Multi-Cloud Security and Compliance: The Comprehensive Guide 2021

Take a look into the Security Guide 2021 for more insights on building an effective multi-cloud security & compliance strategy.

Read the Security & Compliance Guide

Key Stakeholders for Multi-Cloud Security & Compliance

Cloud Foundation teams need to cover the spectrum of knowledge about the organization’s security & compliance guidelines all the way to the technical implementation capabilities in different cloud platforms. Inter-disciplinary teams comprising information security specialists, enterprise architects and platform specialists are best positioned to define and automate security baselines that are compatible with both, compliance requirements and real-world- application requirements.

Cloud Foundation teams should pay special attention to strategically leveraging automation opportunities. Very often this allows automating security controls with technical measures, instead of requiring application teams to implement individual solutions based on organizational measures.

Capabilities