Day by day, technology keeps evolving with new tools, models, processes being developed. Worthy of mention is the advances made in cloud and distributed systems which are aimed at building applications with components distributed over heterogeneous cloud, a concept known as multi-cloud. This provides cloud consumers with the opportunity to maximize the benefits of individual cloud providers through the selection and the best mix of cloud service providers (CSP) offerings based on performance, cost, availability etc. Multi-clouds approach helps to find and determine the right cloud provider based on the requirements and needs of the customer. However, the development of this concept has further exploded multi-cloud security beyond that which traditional IT security tools can handle. This has brought about the need for the development of tools, methods and models tailored for the multi-cloud environment.
Technological developments have also greatly affected and transformed the way of doing business. Businesses are continually being refined and redefined in order to utilize the modern technological tools and processes. One important mention about emerging and constantly developing business models is that of Startups. Startups are small scaled business models with focus on key expertise and know-how. Several startups may also come together to integrate their solutions and build bigger solutions. However, the small scale nature of the business also means that they may have to manage and handle several other functions outside their core expertise so as to cut costs and manage their funds effectively.
Startups involved in applications development which utilizes cloud resources particularly as it regards multi-clouds are not left out in this regard as they also have to deal with the security of their applications running in the cloud amongst other functions. Security management of multi-cloud applications can be an arduous task for Startups to perform as it involves identifying and selecting the right security controls needed to ensure adequate protection of their applications. This process is very complex and can give a lot of headaches to Startups. However, this complexity can be simplified by following an approach tailored for selecting security controls in multi-cloud application such as that presented by MUSA. The MUSA approach involves application decomposition, threat identification & risk analysis, business requirements capture, identification of cloud security requirements and selection of security controls.
Furthermore, multi-cloud security demands an approach which extends beyond traditional firewalls as new threats are being discovered regularly and as such the multi-cloud environment should be security-aware by having capabilities to detect and prevent attacks. This clearly is in line with the MUSA framework which is aimed at providing tools for ensuring security in multi-cloud environments through security-by-design approach by fostering applications development in such a way that they are integrated with threat identification mechanisms as well as self-protecting mechanisms thereby ensuring the protection of the multi-cloud applications. This definitely is a very huge and challenging task for Startups. The tools that would be provided by MUSA will take away the cumbersome tasks of security management by Startups through the integration of multi-cloud security tools into their application and thereby providing the needed security controls required. This will also allow Startups to focus more on their core expertise.
Author: Samuel Olaiya Afolaranmi, Research Assistant at Tampere University of Technology (firstname.lastname@example.org)