Denys Rudyi - Fotolia

Rackspace: Multi-cloud poses security challenges

The conclusion of a recent Rackspace roundtable was that multi-cloud does pose security risks and is exposing skills shortages

Customers are struggling to move to a multi-cloud world with skills shortages being one of the major concerns they are wrestling with.

That provides the channel with an opportunity, given they are transparent and work closely with the customer, to bridge the gap. That was the consensus at a recent Rackspace roundtable looking at the security implications of a multi-cloud world.

A majority of those present at the event agreed that there were problems with finding the right skills to implement multi-cloud, which is a situation most customers find themselves in.

Multi-cloud refers to those customers, an increasing number, that use more than a single public cloud platform and have data stored on AWS, Azure and Google

Brian Kelly, chief security officer at Rackspace, said that the vendor had a responsibility to make it clear what its responsibilities were to ensure that there were not gaps between the service being delivered and the customer expectations.

“We’ve got to change the relationship from that cloud vendor to a cloud partner, and start to have deeper conversations, and take on things.  I think we’ve got to work more closely with consumers about what their options are.  It’s not just about point solutions, which have their limitations.  We’ve got to drive better conversations about what they’re trying to accomplish and how we can work together to do that.  We may have visibility they themselves don’t have, so how do we share that information in a responsible way?” he asked.

But the experience of some of those at the coal face was rather disappointing when it came to their experience of support from vendors.

“How do you find the technology to innovate at the speed attackers innovate?  You have to have tools, people and intelligence.  It’s only now with legislation that organisations can actually plan to fail.  You find the fallout with places like Yahoo! is absolutely terrible.  It seems simple and obvious that you should know what an incident looks like, but if you don’t know who has access to your data, you can’t tell.  We’ve relied far too much on detection technologies that have let us down, and have let go of best practices because we’ve trusted the vendor to do the job properly, and they’ve let us down,” said Jason Steer, solutions architect, EMEA at Menlo Security.

Kelly said that one of the problems had been that the focus was too much on hard skills. managing a specific device, and there was a problem getting people to progress beyond a certain point in their careers as a result.

“If we’re not careful in exposing them, if they mature in the business, exposing them to the soft skills.  A techie needs soft skills.  They need exposure to the broader business basis.  As long as we let people spend all their time on the hard skills, they’re not going to advance in their career.  At some point, we need to rotate them from Security Operations into Architecture and Engineering.  A forced rotation to change their perspective,” he added.

Read more on Public Cloud Architecture