When I speak to security architects who are in the midst of a cloud migration, they often relay the challenges they have when writing firewall rules to connect servers their internal data center to servers in the public cloud. This becomes even bigger problem when there is more than one public cloud provider. This is primarily due to the fact that many organizations still look to secure their applications by using conventional methods such as ACL's and firewalls.
Data and applications need to be secured where they live and in order to do that, security needs to be decoupled from the network and access must move from implicit allow to default deny. By decoupling enforcement from the actual network infrastructure, fine-grained policy is achieved within the compute without requiring access to anything except the workload itself – something that is available across all cloud providers.
Despite the many benefits of taking a multicloud approach, challenges do remain. Complexity was cited as the biggest challenge by the majority of survey respondents (72%). Migrating apps and security followed as a challenge for 48 percent of respondents, while managing costs was an issue for 43 percent.