Multiple Cloud Providers, One Security Posture

AppSec Program Governance

Publish Date

Oct 8, 2018

Written by

Ernesto DiGiambattista

Tagged with

  • Cyberattacks
  • Cybersecurity
  • AWS
  • Azure
  • Cloud Security
  • Get-Started Program

As organizations continue to implement cloud-first strategies, the provider of choice has been Amazon Web Services (AWS). According to a CRN article summarizing Gartner’s Magic Quadrant for Infrastructure-as-a-Service 2018, AWS is still ahead in Gartner’s Leaders quadrant. And a recent report also shows AWS leading the field in terms of global market share with 33%. But both reports also show Microsoft Azure still a strong second, with Google rounding out the top three. Alibaba, IBM and Oracle are the other three players in Gartner’s report, with Larry Ellison still issuing challenges to Amazon.

What does this mean for enterprise infrastructure?
Competition is good—it keeps all the cloud players sharp and forces them to provide increasingly robust options that address barriers to enterprise adoption, with security concerns still at or near the top of that list. And it also gives enterprise buyers choice when deciding which cloud provider, or providers, best fits their needs. But with choice comes complexity.

The companies who “grew up” with AWS from a cloud-strategy perspective have essentially built their cloud security policies around what AWS offers. But as these companies decide to either migrate away from AWS, or spin up other clouds to address the needs of different departments, the issue of security now comes back to the forefront. Having multiple cloud providers adds complexity because now, for each provider, IT has to implement multiple versions of the security controls across the different clouds. This can become a manual, one-off, hodgepodge process that also introduces the possibility of human error, and requires separate monitoring of each environment.

A Centralized Cloud Security Posture
A more effective and efficient alternative to this manual process would be to create a security posture that is centralized to the organization and is platform- and provider-agnostic. Instead of pushing multiple version of the same security requirements out across individual clouds, this posture is “transferrable” from one platform to another or interoperable across multiple platforms. And instead of monitoring each environment separately, monitor your posture through a single dashboard.

Moving to the cloud, or expanding enterprise footprint, is an undertaking already full of complexity. Why exacerbate this by creating extra work that doesn’t necessarily address the issue. Consider a centralized security platform that can continuously monitor your cloud environment, no matter the provider.

eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now


Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles

Application Security

What Is An Application Security Vulnerability and How Can It Hurt You?

By ZeroNorth Jul 21, 2021

A software bug, system flaw, security gap—these are all terms you may have heard in the world of application security (AppSec). Yes, they all mean slightly ...

Read More


What is AppSec? The Challenges and Rewards

By ZeroNorth May 14, 2021

The definition of application security (AppSec) is found in the name itself. It consists of the process and tools used for securing the application software that ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.