Get in Touch
Get in Touch


Cloud Assured, Cloud Secured: A fully secure multi-cloud strategy

October 19, 2020

Sridhar S   

Head of Managed Services

Hybrid multi-cloud environments can offer organisations compelling operational and cost advantages. In this blog post, Tata Communications’ Sridhar S, Head of Managed Services, explores how businesses can remain secure whilst adopting a successful multi-cloud strategy.

Cloud offers a host of benefits over traditional IT, whether by lower costs, option of scalability, better resiliency, reduced downtime, self-service or simply shifting budgets from capital expenditures to operational expenditures. Besides, the value of Cloud is not restricted to impacting IT alone, but also results in significant business benefits as faster time-to-market, better staff productivity, and the ability to grow revenue by better addressing opportunities. Whatever the reason to move to the cloud be, there is no doubt that cloud computing is fundamental to enterprise IT, and most enterprises have moved at least part of their workload to the cloud.

“But for many, the move to the cloud presents several unique security and management challenges because of which they are only marginally realising the value of cloud.”

Hence, enterprise CxOs are now looking to quickly establish the most appropriate cloud foundation and capabilities for their business, with consistent & complete control over their cloud architecture and security – all this with the right skills and talent. As enterprises use cloud services from multiple cloud providers, the complexity of managing and securing such an environment increases exponentially.

The importance of a cloud-centric security model

Putting a cloud-centric security model which follows a three-pronged approach in place can help enterprises enjoy a secured managed cloud environment. The three pillars of such an approach include:

  • Ensure understanding of shared responsibilities

While private clouds o­ffer greater control, the scale of public clouds is arguably more important for today’s enterprises. However, public cloud providers require customers to take responsibility for certain functions and layers in the cloud model, making it essential for businesses to understand where the cloud provider’s responsibility ends, and where theirs begins.

“A good practice here would be for organisations to partner with a managed detection and response (MDR) service provider who can help proactively identify, investigate, and eliminate cyber threats and vulnerabilities across an organisation’s entire digital estate.”

MDR service providers, by the very nature of their work, can help organisations better manage the risk on the cloud by allowing analysts to focus on strategic incident response rather than administration overheads and significantly improve the organisation’s threat detection and response efforts.

  • Design cloud model with security controls from scratch

The cloud has its own rules, and as such requires its own security controls – set policies, procedures and technologies all need to work together to protect cloud-based systems, meet compliance requirements and protect user data. Determining what these controls are, and who is responsible for them, is an essential part of any cloud venture.

  • Align applications to their risk tolerance

Rearchitecting applications for the cloud is not only an opportunity to modernise and improve efficiency, but it also allows companies to adjust the risk levels these applications open up to match their risk strategy.

The building blocks of a secure multi-cloud environment

For any enterprise, at any stage of their cloud journey, successful multi-cloud operation will rely on putting in place the right strategy that moves enterprises effectively from assessment, through migration, to day-to-day management;  all the while, keeping security requirements front of mind. This will require:

  • IT infrastructure and security posture assessment, plus design and security consultation – By using best practices, enterprises need to assess their existing IT infrastructure and conduct a thorough security gap analysis. These assessments will help uncover the technology constraints and dependencies of the enterprise data, infrastructure, and services. Enterprises can then use these assessment reports to design (with or without external security consultation) comprehensive security strategies and policies for hybrid or multi-cloud deployment. This will help organisations proactively plug any security gaps and migrate in a secure and cost-e­ffective manner.


  • Migration and security control deployment and conguration – Alongside enabling a seamless migration and deployment of workloads and ensuring uninterrupted multi-cloud integration, it is important to design and implement a security solution that covers the entire cloud architecture. Organisations should start by defining who (identity) has what access (role) for which resource. Security solutions such as CASB would then provide a unified and integrated platform to detect threats, discover cloud assets, manage user rights, govern data and data access, analyse activity, secure data, and ensure compliance. The migration should be sequenced so that the workloads that benefit the most from moving to the cloud are moved first, realising those benefits sooner. In addition, taking a sprint-based approach will allow these workloads to be moved quickly with minimum, thus avoiding any unexpected impact on day-to-day business operations. Throughout the process, stakeholders should be kept informed so that everyone can continue to carry out their business-as-usual activities without disruption.


  • Monitoring, management, and controls – Round the clock proactive monitoring is needed which will cover security incident management, system maintenance and BAU support. This is because managing new cloud environments comes with its own technical challenges including, ensuring proper visibility of available IT resources, continuous optimisation of the cloud environment and complying with cloud governance and regulations. Only with a complete understanding of cloud management and governance will organisations be able to effectively overcome these challenges and reap the full value of their cloud investments.

“Cloud computing is imperative both for today and for the future of enterprise growth.”

As per a survey conducted by IDC research, 56% of organisations in India have plans to increase significantly their spend on cloud services in the coming 12 months to improve their agility, to utilise resources better, and to optimise staff productivity. It is important to note that while adopting cloud, security is often the area in which businesses find their in-house skills are most lacking, since cloud security measures diff­er so greatly from those techniques employed to secure traditional perimeters and in-house systems.

With the help of a trusted partner who can help embed the right security and management controls, an organisation can surely reap the benefits of a secured and assured cloud.

Discover more about how businesses can survive and thrive securely in a post COVID world.