The Growing Adoption of Multi-Cloud in Malaysia: Mitigation Strategies for Enterprises
By Robin Schmitt, General Manager APAC Neustar
The unprecedented growth of the cloud computing industry in Malaysia has had the business community rejoice. IDC predicts that by 2021, Malaysian enterprise spending on cloud services and cloud-enabling hardware, software and services will reach USD$621 million. Notably, out of which 50% of the cloud environment will be multi-cloud. There is no denying the increasing popularity of multi-cloud amongst all the cloud-related services. Taking advantage of the competitive cloud market, enterprises have gradually abandoned all-in-one solution suites and begun opting for best-of-breed offerings. Exclusivity is a story of the past; enterprises now work with multiple vendors to meet their cloud computing needs, giving rise to the strategy known as multi-cloud.
While different functions within the same company blithely turn to their vendors-of-choice to cater solutions tailored to their needs, the CIOs are tasked with the challenging job of managing the multi-cloud environment – especially when it comes to security.
What is multi-cloud?
Multi-cloud, a strategy when companies deploy cloud services from two or more vendors, is becoming a preferred choice for a host of reasons, most notably the flexibility to mix and match offerings. For instance, a company might rely on Amazon Web Services for computing capacity and Google for machine learning. Tapping into the resources of multiple vendors also grants enterprises more negotiating power and the flexibility to migrate their business operations based on shifting dynamics such as new offerings and pricing, resulting in enhancement of productivity and lower cost.
However, some business leaders might consider multi-cloud as a strategy that will expose their organisation to the cyberstorm that has been gathering strength recently. The 2017 Worldwide DDoS Attacks and Cyber Insights Research Report by Neustar revealed an 11 percent increase in the number of organisations targeted by DDoS attack.
In fact, in recent years, Malaysia has become a prime target for such attacks with highly coordinated DDoS attacks being launched against four Malaysian financial institutions just last July. Despite having various forms of security measures in place, businesses still suffered from sluggish detection and response to malicious activities, with 33 percent of organisations in APAC reporting an average revenue loss of at least $250,000. Multi-cloud has proven to be a vital disaster prevention/recovery strategy: enterprises can avoid outages by relying on failover architecture on unaffected clouds. However, securing a multi-cloud environment can be seen as highly problematic and challenging.
DDoS in Multi-Cloud
Multi-cloud is commonly considered the superior strategy when it comes to overcoming a wide variety of problems within an enterprise. Ideally, multi-cloud’s abilities as a problem-solver should offload some computing resources otherwise required for business operations and lead to the simplification of the IT infrastructure. After all, profound benefits such as business continuity, flexibility and cost-savings are the main factors driving this trend of deployment. But with these payoffs come a few multi-cloud management headaches, particularly with regards to securing a multi-cloud environment against DDoS attacks.
As more organisational data floods to the cloud, businesses are increasingly relying on Application Programming Interfaces (APIs) to smoothen the process and optimise the use of all services available. In a cloud environment, however, APIs can be a fickle friend. On one hand, APIs enable users to access, interact with, and manage cloud resources, resulting the ease of integration, infrastructural expansion, or in the case of multi-cloud, cross-cloud compatibility. On the other hand, exposed APIs can leave enterprises vulnerable to breaches as they open the floodgate to DoS/DDoS attacks. Consequently, poor management of multiple API networks on multiple clouds exponentially increases the risk of cyberattacks for businesses.
Multi-layered Security Approach
With the relentless wave of DDoS attacks showing no sign of slowing down, it is clear that organisations need a robust yet manageable network security scheme, with solutions that extend the protection of resources to all cloud networks to manage all potential risk factors. Vital components of this security scheme include vulnerability testing, API assets consolidation and rigorous authentication mechanisms.
But ultimately, the only way to secure a multi-cloud environment is to apply a multi-layered security approach. Understandably, managing multiple cloud networks can strain in-house IT resources, prompting companies to seek external support from third-party security vendors. Dedicated cybersecurity partners with extensive knowledge of the underlying infrastructures of different cloud platforms can assist businesses in constantly monitoring and implementing sophisticated mitigation strategies. This allows innovative enterprises to continue to leverage on the latest computing technologies while seeking to remain vigilant and agile in an ever-shifting cyberthreat landscape.
Migrating in-house business operations to the cloud is a vital step in helping businesses redefine their digital readiness. With just a few clicks, they can enjoy the flexibility and computing prowess powered by vendors’ superior computing infrastructure while significantly reducing the expenditure that would otherwise be spent on in-house IT resources. However, as vibrant as the cloud computing market currently appears, enterprises need to be mindful that in some cases vendors might not have rigorous data security standards and sophisticated protection tools. For this reason, in addition to relying on the cloud vendors for security measures, enterprises must play an active role in monitoring their information resources, devise a layered security plan, and work with trusted cybersecurity partners to remain vigilant against future threats.