Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Multi-cloud security: is your secrets and identity model keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9773
Topic starter  

TL;DR: Multi-cloud shifts resilience and negotiating power, but it also multiplies credential sprawl, IAM inconsistency, and audit complexity across AWS, GCP, Azure, and on-premises environments, according to Infisical. The core issue is not whether multi-cloud is possible, but whether teams can standardise identity and secrets controls fast enough to make it governable.

NHIMG editorial — based on content published by Infisical: Multi-Cloud Benefits

By the numbers:

Questions worth separating out

Q: How should security teams manage secrets across multi-cloud environments?

A: They should treat secrets management as a shared control plane, not a per-cloud utility.

Q: Why does multi-cloud increase identity and access risk?

A: Because every added provider creates another IAM model, another audit format, and another set of credentials that can drift out of policy.

Q: What breaks when secrets are managed separately in each cloud?

A: Rotation, revocation, and auditability become inconsistent, which makes it hard to prove who can access what across environments.

Practitioner guidance

  • Build a unified secrets control plane Standardise how API keys, tokens, certificates, and service account credentials are issued and rotated across every cloud before adding more workloads.
  • Map workload identity to every deployment target Document which service identities each application uses in AWS, GCP, Azure, and on-premises systems, then tie ownership to lifecycle reviews and offboarding.
  • Reduce provider-specific dependency in application design Prefer portable runtime patterns such as containers, IaC, and abstracted secret retrieval so workloads are not pinned to a single vendor's identity model.

What's in the full article

Infisical's full blog post covers the operational detail this post intentionally leaves for the source:

  • Step-by-step guidance on building a unified secrets workflow across AWS, GCP, Azure, and on-premises environments.
  • Practical patterns for using infrastructure as code and Kubernetes without hard-coding provider-specific identity dependencies.
  • Implementation detail on rotation, audit logging, and how a central secrets layer supports multi-cloud operations.
  • A rollout sequence for moving from single-cloud dependence to deliberate multi-cloud adoption without breaking production systems.

👉 Read Infisical's analysis of multi-cloud security and secrets management →

Multi-cloud security: is your secrets and identity model keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9257
 

Multi-cloud only becomes resilient when identity becomes portable. The article is right to frame multi-cloud as a strategic capability, but the real governance boundary sits in workload identity and secrets lifecycle. If credentials are still managed as provider-specific artefacts, the organisation has not built multi-cloud resilience, only duplicated dependency. Practitioners should treat identity portability as the prerequisite control, not an afterthought.

A few things that frame the scale:

  • 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems, according to The 2026 Infrastructure Identity Survey.
  • Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption, which shows how quickly governance is lagging capability.

A question worth separating out:

Q: How do organisations decide whether multi-cloud is worth the complexity?

A: They should compare the cost of operating multiple providers with the business cost of lock-in, outage concentration, and limited negotiating leverage. Multi-cloud is justified when resilience, compliance, or workload-specific advantages outweigh the governance overhead, and when identity controls are mature enough to manage the added surface.

👉 Read our full editorial: Multi-cloud security depends on unified secrets and identity control



   
ReplyQuote
Share: