Collaboration between cloud providers and the unification of cross-environment data will be critical to cybersecurity in the multi-cloud world, according to AWS CISO Chris Betz.
Responding to a question on how the hyperscaler approaches multi-cloud and hybrid cloud security, Betz told ITPro that he thinks about it in two key ways, the first being collaboration.
“One of the things that I love about the security community is how small a community it is,” Betz said.
Among fellow CISOs, there is a clear sense of being on the same side, he added. Security execs from different companies or providers are not adversaries, rather, their adversaries are threat actors.
“I frequently have conversations with my peers. I pick up the phone and talk to them on a regular basis. We share information about current threats,” Betz said.
“Because we're all focused on a common enemy, that collaboration is incredibly important,” he added.
This appears to feed into the firm’s ethos on multi-cloud. Betz noted that “the partnership between the clouds remains incredibly important because we recognize that customers operate in that space - we recognize that adversaries are outside.”
AWS has invested heavily in multi-cloud security capabilities in recent years. A key factor in this sharpened focus has been driven by the fact many customers are ramping up multi-cloud adoption as part of their cloud modernization strategies.
AWS offers solutions that automatically go multi-cloud, Betz said, as well as environments that allow customers to bring data together from multiple clouds to bolster visibility and ensure consistent observation of environments.
Released in 2023, Amazon’s Security Lake centralizes organizational security from across AWS providers, SaaS providers, on-prem systems, and clouds into a data lake. This allows users to act more quickly and simply across hybrid and multi-cloud environments.
“We continue to build systems that allow for bringing the data together to have a consistent view of what happened,” Betz said. “And I think that's something that we're going to continue to see the industry do at large, and remain important for us and for our customers.
The multi-cloud era
Betz’s comments come just weeks after AWS and Oracle announced a partnership focused on supporting multi-cloud environments. The offering allows for the use of Oracle database services within AWS.
Multi-cloud was the focus point at Oracle CloudWorld 2024, the event where this partnership was unveiled, and customers across the board are operating on increasingly larger cloud environments that bring together different vendors.
For example, research from OVHcloud earlier this year found that 64% of IT decision-makers (ITDMs) in the UK see their use of multi-cloud increasing over the next two years.
But while multi-cloud is growing in appeal for enterprises globally, this approach can have its pitfalls, especially with regard to complexity. Research from PwC earlier this year revealed IT leaders have grown concerned with the levels of complexity associated with multi-cloud security, for example.
“Many leaders of large organizations assume security is taken care of by cloud providers. Even if they recognize that’s not enough, many struggle to pinpoint where to invest resources to strengthen their cloud security. This is often because of the sheer complexity of their multi-cloud hybrid environments,” PwC said.
