This post was originally published to The New Stack here.

TLDR:

  • Multicloud and hybrid cloud infrastructure differ in three main ways: control plane, consistency, and vendor control
  • Hybrid cloud security can be seen as easier to manage because you’re focused on one public cloud service provider instead of many
  • When searching for cloud security solutions, make sure you consider what the vendor(s) can do to support your hybrid or multicloud strategy

Multicloud and hybrid cloud architectures both involve connecting disparate infrastructures. You might think, then, that multicloud security tools and strategies should also work for hybrid cloud security.

But you’d be wrong – at least partly. Although multicloud and hybrid cloud architectures do share much in common, the way the hybrid cloud market has evolved over the past several years means that multicloud security often requires a different approach from hybrid cloud security.

Multicloud vs. Hybrid Cloud Security: The Basics

To understand why multicloud and hybrid cloud security are distinct, let’s first look at what multicloud and hybrid cloud have in common, starting with a definition of each term:

  • Multicloud is a type of cloud computing strategy in which businesses use multiple clouds (such as AWS and Azure, or AWS and a private cloud) at once.
  • Hybrid is the use of public cloud infrastructure and private infrastructure as part of a single, unified cloud environment that is managed through a central control plane.

What multicloud and hybrid cloud share in common, then, is that they both involve using disparate infrastructures at once. Whether you use a multicloud or a hybrid cloud strategy, you’re relying on multiple groups of servers located in different places.

That said, multicloud and hybrid cloud architectures are fundamentally different in other key respects:

  • Control plane: With hybrid cloud, there is a central control plane that manages workloads across all of your infrastructures. That’s not usually the case with multicloud. Multicloud just means using more than one cloud at once, with different control planes for each cloud.
  • Consistency: The fact that hybrid clouds are managed using a central control plane also means that hybrid cloud workloads are configured and administered in a consistent way. In other words, you can use the same identity and access management (IAM) framework, the same monitoring tools and so on for all of your hybrid cloud workloads. That’s not the case with multicloud, where you typically need to juggle different types of cloud services, given that each cloud implements its services in different ways. AWS IAM is quite different from Azure IAM, for example, and you’d need to master both frameworks if you use a multicloud architecture that involves AWS and Azure.
  • Vendor control: Today, the hybrid cloud platforms that dominate the market are sold by public cloud providers. AWS offers Outposts. Azure offers Azure Stack and Azure Arc. Google provides Anthos. This means that if you run a hybrid cloud today, you’re probably managing it using a service and a set of tools provided by a public cloud.

Why Hybrid Cloud Security Requires a Different Approach

The multicloud and hybrid cloud differences described above are the reasons why multicloud security requires a different approach than hybrid cloud security.

In a hybrid environment, workloads are configured and managed in a consistent, central way – usually via tooling that is native to a particular public cloud platform. That means that you can use any security tools that support a particular public cloud to secure your hybrid cloud workloads. Most security solutions that support AWS will work for an AWS Outposts-based hybrid cloud, for example. Ditto for Azure and Azure Stack-based hybrid clouds, or GCP and Anthos-based hybrid clouds. From the perspective of your security tools, hybrid cloud environments built using these frameworks look basically the same as standard public cloud environments.

But with multicloud, you have two or more fundamentally distinct cloud environments. You therefore need security solutions that are capable of supporting all of those environments. If you want to secure an AWS-Azure multicloud environment, for instance, you need security tools that work for both AWS and Azure.

Why It Matters: Choosing Between Hybrid and Multicloud Security Solutions

From a security platform market perspective, the differences between multicloud and hybrid cloud security are not huge, because many cloud security platforms support all major public clouds. Thus, no matter which hybrid cloud framework you use, or which set of public clouds you use for a multicloud architecture, you can secure it with a security platform that supports all major clouds.

But not all security platforms can do this. Some only cater to AWS or only to Azure, for example. They may work for hybrid clouds that run using only AWS or Azure technology, but not for multicloud environments that require the ability to secure both types of clouds.

In addition, there are some nuances to consider with regard to hybrid cloud security in particular. Although hybrid cloud workloads look like public cloud workloads in most respects, the ability to understand the unique networking configurations of hybrid cloud environments may be important for security solutions that need to detect threats at the network level. Support for “air-gapped” hybrid cloud workloads – meaning ones that are disconnected completely from the internet – could also be a consideration for businesses that practice air-gapping. And the ability to detect compliance issues that are unique to hybrid cloud environments, such as the storage of data on public cloud infrastructure when it’s supposed to remain on-premises, may affect the effectiveness of hybrid cloud security solutions.

Conclusion: Selecting the Right Cloud Security Architecture 

The bottom line: Don’t assume that multicloud security solutions are also capable of hybrid cloud security or vice versa. You need to evaluate which specific cloud platforms and frameworks are behind the environment you need to secure, then find security platforms that support all of them. And remember as well to pay attention to nuances like complex hybrid cloud networking configurations or data storage requirements if they apply to your workloads.

Further Reading