Red Hat: Cloud consolidation creates security issues, demands for architects

  • Cloud companies and cloud security players are scooping up smaller vendors to flesh out their product suites

  • Cloud architects are pulling "double duty," trying to bridge multi-cloud environments while also providing sufficient observability for security tools

  • Data sovereignty issues and AI further complicate the picture

The clouds just keep getting bigger, and to manage the increasingly complicated security environments that come with a growing hybrid-cloud world, the market is moving towards consolidation, according to Michael Foster, Red Hat's Principal Product Manager working on Kubernetes security. That creates a downstream impact on cloud architects.

Indeed, cloud security clocks in at number five in Forbes’ “most critical cybersecurity trends of 2023." Foster is finding that growing clouds are now consolidating — that includes security vendor consolidation as well as consolidation of the packages and components that are being used by different customers.

While somewhat forced by evolving technologies, this cloud consolidation is largely propelled by the market, Foster told Silverlinings. “There isn't enough money for a big company to buy [another] big security company. So then what's left is the big security companies buying up the smaller little pieces to consolidate. There's always a bigger fish.”

Foster’s current role is a product of that process. IBM dropped $34 billion to add Red Hat to its cloud cap collection in 2019 as part of a deeper move to shift IBM into the hybrid cloud world. Further down the acquisition totem poll in 2021, Red Hat bought StackRox — a software company specializing in container and Kubernetes-native security — which brought Foster on board.  

In the cloud world, the bigger fish are on a feeding frenzy so they can say: “We secure all of the clouds and everything at once — IAMs, VAMs, Kubernetes — and then we can cast the broadest net to collect the most money,” he said.

“Because the cloud environments have gotten so big, the only way to manage it from a security perspective is to have visualization [of] all of your assets. Your IM controls, your VMs your Kubernetes clusters — security operations need to see all that,' Foster added.

Providing consolidated oversight tools while also safely bridging multi-cloud tasks creates a “double duty” for cloud architects, and it further opens up issues of data sovereignty and how to work across clouds internationally. And this becomes even more complicated with artificial intelligence (AI) in the mix.

“Because there isn't enough legislation around what can and can't be shared, what can be synthetic, what can be funneled into AI, I think you're seeing a lot of countries clamp down to say: If you want to run any of these AI boxes, like LLMs, it has to be done local, it has to be done in the area where the data is, which is a huge security threat,” Foster noted.

Cloud providers are going to push to have a region of service in as many countries as possible to address data sovereignty issues as well as security issues in multi-cloud environments, he concluded. “That's going to allow them to capture the market more thoroughly.”

Read more about cloud security in our security topic hub here.