Strategy and security in the multicloud
Published on 04/07/2025 in Expert talks
Companies are increasingly choosing a multicloud approach: a combination of various public clouds, either alone or alongside private cloud or on-premise infrastructure. But that raises significant maintenance and security management challenges.
It’s no surprise that companies operate in different public clouds. “Hyperscalers provide various solutions and services,” says Thierry Van Nuffelen, Product Manager Cloud at Proximus NXT. “If you are looking for very specific applications, you may only find them with a specific provider.”
Adopting a multicloud approach also can help to keep costs under control through the principle of diversification. “If one cloud provider increases its prices for certain services, and those services are also available from a competitor, such as IaaS, then it makes sense to switch to another provider,” says Thierry. In practice, most medium-sized and large companies opt for a multicloud solution. “You need a certain volume in order to justify the investment and costs involved with migrating from one public cloud to another.”
Medium and large companies may have compelling reasons for choosing a multicloud approach but integrating different public clouds can also present challenges. Most importantly, companies need to find a solution that will enable them to secure their cloud architecture consistently and efficiently.
Choosing a strategy
Everything starts with the strategy that an organization follows. Thierry: “If a company chooses a hyperscaler-centric cloud infrastructure, it will focus on a single provider. The organization then uses one public cloud as the primary hub, connecting it to the stacks of the other clouds. This improves operational efficiency.” But there are also limitations. “If you use tools from one public cloud in other environments, you can't tweak them as easily as in the tool's own native cloud.”
Thierry Van Nuffelen
Product Manager Cloud at Proximus NXT
Other organizations opt for a distributed cloud infrastructure. Here, the company does not choose a single tool stack within a single public cloud but instead opts for tools that work with all the public clouds used – and often private clouds too. “With the hyperscaler-centric strategy, you go for depth in one cloud,” explains Thierry. “With the distributed strategy, you use the best of each individual public cloud.”
If an organization has built up expertise in a single public cloud over many years, it will find it easier to choose that as its central cloud hub.
Thierry Van Nuffelen, Product Manager Cloud at Proximus NXT
The right security
“The tool stack that a company typically uses to secure the public cloud looks different from the classic tools for on-premise security,” says Bart Callens, Product Manager Cybersecurity at Proximus NXT. “For applications and operating systems running in your own data center, you are responsible for handling the patching yourself. In a SaaS or PaaS environment in the public cloud, this is mainly the responsibility of the provider. The focus there is more on secure configuration.”
The question remains: how do you secure the various combined public clouds? “By definition, you can arrange cybersecurity separately for each public cloud, using the native stack in each case,” Bart continues. “But then you need a separate security specialist for each cloud.” However, there is an alternative approach. “With Azure Cloud Security Posture Management (CSPM), for example, you can detect and correct incorrect configurations not only in Azure, but also in AWS and on the Google Cloud Platform. However, this cannot be done as comprehensively as it can be in Azure itself.”
Comprehensive security
“You can also add a layer of security middleware that covers all the clouds used,” Bart continues. “Such solutions include Prisma Cloud from Palo Alto Networks. The company then develops central policies that the solution implements across the different clouds. Compliance reporting is also easier when the security is comprehensive.”
Bart Callens
Product Manager Cybersecurity at Proximus NXT
If a company already has experience with one of these security solutions, rolling it out to other public clouds requires relatively little effort. “Suppliers are consolidating more and more protection functionalities into their comprehensive solutions,” says Bart. “These are also available in the hyperscalers' own stack. That makes it easy to set up a virtual firewall across different clouds. We are also seeing how a company like Palo Alto is incorporating advanced security features into Azure's own firewall in a cloud-native way, which may ultimately persuade customers to choose the hyperscaler-centric approach again.”
What about management and maintenance?
These are the decisions companies can make based on their cloud infrastructure and the related security for the multicloud environment. But each choice also has an impact on the overall monitoring and management, and, importantly, the necessary expertise. Thierry: “In practice, an organization may be focused on a single public cloud, such as Azure, but the business may request specific applications within another cloud, such as Google or Amazon.”
If the organization wants – or needs – to respond to this demand, it faces an additional challenge. It must develop expertise in that other cloud domain, not just in functional terms, but also in terms of the additional security required.
What can a company do if the management and maintenance of the multicloud environment proves too complex?
Thierry: “If the company has sufficient expertise and available staff, one solution could be to implement a cloud management platform across the various clouds and then use it to manage the multicloud environment.” What if a company wants to use a specific service from a hyperscaler but doesn't have the right skills in-house? “In that case, the company can come to us for a managed service for that cloud,” says Thierry. Proximus NXT has specialized expertise in-house. “A company can also outsource the management and maintenance of its multicloud entirely to us.”
For the security of your multicloud, you can add a layer of security middleware that covers all clouds used.
Bart Callens, Product Manager Cybersecurity at Proximus NXT
Modular approach
“The same applies to security,” Bart concludes. Due to the ongoing shortage of specialized security profiles and the rapid pace at which security requirements are evolving, companies are increasingly opting for support from a partner. “We not only provide the security licenses that run in the cloud, but also manage the security controls for the company, on-site and in the various clouds, regardless of the multicloud strategy the company follows.”
The services offered are modular and cover operational, tactical and strategic levels. “This ranges from keeping security controls available to providing Security Operations Center (SOC) services to a full range of Governance, Risk & Compliance (GRC) services.”
Secure and efficient management of your multicloud environment.
How do you maintain control and consistent security across all your cloud environments without compromising flexibility? Our specialists are happy to help.
Thierry Van Nuffelen is Product Manager Cloud at Proximus NXT. He has a degree in Marketing from Group T and has achieved certifications in ITIL and Agile methodologies. Thierry joined Proximus in 2010, initially working in IT roles within the Sales department before specializing in cloud solutions.
Bart Callens is Product Manager Cybersecurity at Proximus NXT. He has a degree in Civil Engineering Telecommunications from KU Leuven and has achieved certifications in ITIL, ISO 27001 and several cybersecurity technology certifications. Bart joined the Proximus Group in 1998, working in various roles including IT Engineering and Operations, Solution Sales and Product Management, mostly focused on cybersecurity.