How is security in multicloud environments different than security in on-premises environments?
Securing a multicloud environment is considerably different than securing an on-premises environment. On-premises security is essentially built around control over known resources: The organization has a data center and various endpoints, and the security operations center creates end-to-end protection for each device, its operating system and the applications running on them. Since the cloud is abstracted away from its hardware, security is focused entirely on software components — virtual servers, applications (likely held in containers), and databases among others. Naturally, in a multicloud environment this means managing this type of security on multiple cloud platforms.
Because major cloud providers offer security services as part of their offerings, it can often be easier to manage cloud security as compared to on-premises security. Cloud security is often highly automated, with at least some of the burden handled by the cloud provider, removing some of the load from the end user. And since the user no longer has to worry about physical security issues, the overall effort in securing a cloud environment can be even less. However, in a multicloud environment, these security efforts are compounded in complexity, not just from the raw effort of having to manage multiple platforms but also in managing data flows as they move from one cloud platform to another.
On-premises security is fundamentally very isolating: The enterprise is fully responsible for its own security, without the safety net that a cloud provider may provide. Numerous security tools must be mastered, and they must be continually updated and patched. While cloud environments require the same level of vigilance, many believe that cloud-based tools are easier to master, and that there is more room for error since the cloud provider carries some of the security burden.
Alternately, adherents of on-premises solutions believe that having data closer to home is inherently more secure, and point out rightfully that breaches of cloud services are a regular occurrence. It’s perhaps understandable that some users desire a single point of failure — their own data center — rather than the opacity inherent in a cloud environment (or multiple cloud environments).