Today, 65% of organizations around the world use some form of Infrastructure-as-a-service (IaaS) and 52% for platform-as-a-service (PaaS). When we look at IaaS/PaaS usage worldwide, AWS absolutely leads the pack with 94% of all access events, leaving 3.7% for Azure, and 1.3% for Google Cloud Platform. However, 78% of organizations are currently using both AWS and Azure, typically as an official multi-cloud strategy—majority of organizations use both AWS and Microsoft Azure.
Source: McAfee Cloud Adoption and Risk Report 2019
Usage share for IaaS Multi-cloud vs single cloud
Multi-Cloud Cloud Challenges
As organizations migrate to public cloud infrastructure, they’re challenged with maintaining the same level of security control as their private environments. The biggest security challenges organizations face when attempting to secure a multi-cloud infrastructure is establishing consistent management and enforcement of security policies, maintaining security posture and compliance across their multi-cloud estate. Single security cloud management systems that control security policy across different cloud environments are needed in order to provide full visibility and consistent controls while managing incidents from multi-cloud platforms.
Reality – Security is a Shared Responsibility
The reality is, Security and Compliance is a shared responsibility between the cloud provider and the customer.
The Cloud provider is responsible for protecting the infrastructure that runs all the services offered in the Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run Cloud services. The Customer responsibility will be determined by the Cloud services that a customer is using. For example, Amazon services such as Amazon Elastic Compute Cloud (Amazon EC2), Amazon Virtual Private Cloud (Amazon VPC), and Amazon S3 are categorized as Infrastructure as a Service (IaaS) and, as such, require the customer to perform all the necessary security configuration and controls. The below shared responsibility model shows the customer and cloud provider responsibility per cloud service.
AWS Well-Architected Framework helps building secure cloud infrastructure
The AWS Well-Architected Framework helps customers understand the pros and cons of decisions they make while building systems on AWS. By using the Framework, customers will learn architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. It provides a way for customers to consistently measure architectures against best practices and identify areas for improvement. The five “pillars” of the entire AWS Well-Architected Framework are:
- Operational Excellence
- Performance Efficiency
- Cost Optimizations
For this blog I am focusing on the security pillar. A secure cloud architecture should deliver the capability to protect critical workloads and applications against advanced threats, protect sensitive data and ensure authorized access to systems and resources. Amazon defines a number of design principles that can help strengthen a multi-cloud architecture.
Implementing the Security Pillar with McAfee and Amazon Web Services
The Security Pillar outlines 5 capabilities that organizations should implement for resilience.
- Identity and Access Management
- Detective Controls
- Infrastructure Protection
- Data Protection
- Incident Response
McAfee helps customers adopt Amazon Web Services (AWS) and achieve
well-architected security. With end-to-end security designed for the modern enterprise architecture, McAfee MVISION cloud security solutions deliver security from device to cloud with simplified management, advanced threat protection, and data loss prevention, via a flexible platform that supports an open ecosystem to make the cloud the most secure environment for your business.
To fully understand how AWS and McAfee help enterprise achieve well-architected security read this full whitepaper