City leaders may know they need a smart city strategy to attract and grow business, and to connect and serve citizens. But often, achieving the desired outcomes is harder than it sounds. These initiatives vary widely, with some struggling to get off the ground, while others achieve significant successes, such as aligning disparate, siloed systems.

To help establish the kind of success that drives further investment, I often suggest focusing on the development of the smart city “nervous system” platforms — the place where humans and data intersect for the purpose of better decision-making.

Cybersecurity philosophies have changed significantly over time to adapt to the changing needs of the organizations they serve. In the early days of cybersecurity, we focused on building boundaries between the “inside” and the “outside.” Users and devices that we trusted were placed inside network perimeters and granted largely unfettered access to systems and data within that environment. Those on the outside were untrusted and blocked from accessing sensitive resources. While that approach served us well for decades, it fails to meet the needs of increasingly mobile and cloud-focused organizations as well as increasingly sophisticated and covert threats and malware. The evolution of the perimeter of the network has made it difficult to draw lines between “inside” and “outside” effectively.

Zero-trust architecture (ZTA) represents a philosophical shift in cybersecurity planning that seeks to address this limitation by making trust decisions based on the identity of a user or device, rather than the location.

It can be frustrating when you ask if an IT system is safe, and your expert resource responds, “It depends,” followed by a quip that the only secure system is one that’s powered off. Not so helpful.

Most IT teams are proficient in working with one cloud service provider (CSP) or on one facet of cloud computing, but increasingly, they are being asked to manage multiple cloud environments. The shift is substantial, especially because when it comes to security, the devil is in the details.

We know that risks are involved with multicloud Infrastructure as a Service implementations. It’s critical to know what they are and how to manage them. Let’s start by examining how we got here, and why there’s no turning back now.

Before your organization gets too far into a multicloud environment — using some combination of hyperscale providers such as Microsoft Azure, Amazon Web Services and Google Cloud Platform, along with private clouds — it’s wise to develop a management strategy. Proper multicloud management supports long-term optimization and amplifies a DevOps culture, which is complementary to this strategy. As we discuss on the CDW podcast Simplifying DevOps, when multicloud and DevOps are deployed together, the whole is greater than the sum of its parts.

In general, organizations should take existing IT best practices and extend them to cloud platforms, adapting as necessary. The same security and resiliency objectives that apply elsewhere also hold true for the cloud, particularly given the shared responsibility model that governs public cloud arrangements. Beyond that, organizations should focus on four key areas.

As organizations build multicloud environments, it’s important that they think strategically about guiding principles and capabilities. Multicloud may involve any combination of the major hyperscale public cloud platforms — Microsoft Azure, Amazon Web Services and Google Cloud Platform — or a hybrid that also includes private clouds.

For many organizations, multicloud works because it lets them use the provider that offers the best features, security, resilience or cost-effectiveness for a specific workload, without limiting them to a single option. Multicloud also facilitates the DevOps objective of providing rapid time to value for features or products. The ability to accelerate the frequency and quality of releases is a paramount goal of DevOps, and a well-maintained multicloud solution can help organizations achieve that objective.

Both multicloud and DevOps thrive on rapid-response flexibility, and that makes it essential to have a strategy that can guide important decisions.

When organizations first deploy a cloud security posture management tool, it’s often the first time IT staff members are seeing their cloud environment from a security perspective. When they learn that a certain port was unintentionally open, or that a misconfiguration has left data unprotected, one of the most common reactions I hear is, “I didn’t know that!”

That’s not a position anyone wants to be in with their cloud environments. Yet it happens frequently, especially as more organizations engage multiple cloud service providers. Luckily, CSPM tools provide the centralized visibility that IT staffers need to keep cloud environments secure. They can run automated audits to check configurations against security and compliance rule sets, identify critical vulnerabilities and even fix them, as directed, via auto-remediation.

The cloud is both powerful and potentially complex, so it’s difficult to perform a comprehensive, continuous check on a cloud environment manually. That’s where CSPM tools come in.