As organizations increasingly use cloud services to host their IT infrastructure, there is a need to share data among these cloud hosted services and systems. A majority of IT organizations have workloads spread across different cloud service providers, growing their multi-cloud environments. When an organization grows their multi-cloud environment, the threat vectors and vulnerabilities for their cloud systems and services grow as well. The increase in the number of attack vectors creates a challenge of how to prioritize mitigations and countermeasures to best defend a multi-cloud environment against attacks. Utilizing multiple industry standard risk analysis tools, we conducted an analysis of multi-cloud threat vectors enabling calculation and prioritization for the identified mitigations and countermeasures. The prioritizations from the analysis showed that authentication and architecture are the highest risk areas of threat vectors. Armed with this data, IT managers are able to more appropriately budget cybersecurity expenditure to implement the most impactful mitigations and countermeasures.

翻译：随着组织越来越多地使用云服务来托管其IT基础设施，这些云托管服务与系统之间需要共享数据。大多数IT组织的工作负载分布在不同的云服务提供商中，这使其多云环境不断扩展。当组织扩展其多云环境时，其云系统和服务的威胁向量与漏洞也随之增加。攻击向量数量的增长带来了一个挑战：如何优先处理缓解措施和对策，以最佳地防御多云环境免受攻击。利用多种行业标准风险分析工具，我们对多云威胁向量进行了分析，从而能够计算并优先确定已识别的缓解措施和对策。分析得出的优先级表明，身份认证和架构是威胁向量风险最高的领域。借助这些数据，IT管理人员能够更合理地分配网络安全支出，以实施最具影响力的缓解措施和对策。