Design and Security Challenges of Multi-Cloud Architectures for Large Enterprises
DOI:
https://doi.org/10.54536/ajsts.v5i1.6523Keywords:
Cloud Governance. CSPM, Enterprise cloud, IAM Federation, Multi-Cloud Architecture, Security Challenges, Zero TrustAbstract
Adoption of multi-cloud architectures has become a strategic transformation for large organizations that want to scale, achieve flexibility in operations and resilience in lean and heterogeneous clouds. Although there are benefits, the application of multi- clouds presents major design and security challenges, such as the distribution of workloads, interoperability, identity, protection of data, network vulnerabilities, and regulatory adherence. This conceptual review analyzes the design of a multi-cloud architecture and related security issues, summarizing findings from academic sources, industry reports, and cloud standards published between 2021 and 2025. The framework-based synthesis applied in the study is used to categorize architectural models such as vendor specific, broker based, federated and service mesh-based systems, such as compatibility of existing systems to adhere to the API, data synchronization, and governance strategies. The security challenges are examined along six important dimensions, which include identity and access management, data privacy, network security, compliance, visibility and incident response, and shared responsibility gaps. The solutions to consider include Cloud Security Posture Management (CSPM), Zero Trust Architecture, unified identity and policy management, centralized encryption, and advanced network security mechanisms evaluated in the review. The future research directions include monitoring with AI/ML enhancements, automated compliance checking, standardization of cross-cloud identities, single governance platforms, and multi-cloud resiliency architecture. This review offers valuable practical guidance to enterprises and places particular emphasis on future research needs by offering a synthesis of design principles, security issues, and mitigation strategies to help develop secure, scalable and interoperable multi-cloud environments in the future.
Downloads
References
Aldea, C. L., & Bocu, R. (2025). Authentication Challenges and Solutions in Microservice Architectures. Applied Sciences, 15(22), 12088.
Anh, N. H. (2024). Hybrid Cloud Migration Strategies: Balancing Flexibility, Security, and Cost in a Multi-Cloud Environment. Transactions on Machine Learning, Artificial Intelligence, and Advanced Intelligent Systems, 14(10), 14–26.
Austin, M. (2024). Multi-cloud Strategies and Interoperability Issues.
Bieger, V. (2023). A decision support framework for multi-cloud service composition
Chen, J., He, X., Ye, H., Jiang, F., Zhang, T., Chen, J., & Gao, X. (2025). Online Ensemble Transformer for Accurate Cloud Workload Forecasting in Predictive Auto-Scaling. arXiv preprint arXiv:2508.12773.
Deb, M., & Choudhury, A. (2021). Hybrid cloud: A new paradigm in cloud computing. Machine learning techniques and analytics for cloud security, 1–23.
Ediga, R. (2025). Enabling Unified Digital Experiences at Scale: The Strategic Role of Cloud Platforms in Modern Digital Experience Architecture. Journal Of Engineering And Computer Sciences, 4(6), 173–180.
Emma, O. (2024). An Analysis of Multi-Cloud Implementation Strategies and Their Impact on Disaster Recovery: Building Resilience and Excellence in Enterprise Computing.
Essien, I. A., Cadet, E., Ajayi, J. O., Erigha, E. D., & Obuse, E. (2021). Secure configuration baseline and vulnerability management protocol for multi-cloud environments in regulated sectors. International Journal of Multidisciplinary Research and Growth Evaluation, 2(3), 686–696.
Fernandez, E. B., & Brazhuk, A. (2024). A critical analysis of Zero Trust Architecture (ZTA). Computer Standards & Interfaces, 89, 103832.
Gajwani, G. A. (2025). Microservices Architecture for Loan Trading Platforms: A Digital Transformation Approach.
Gartner, G. (2025). A decade in scientific cartography: insights and future directions. International Journal of Cartography, 11(2), 166–172.
Ghadge, N. (2024). Enhancing Identity Management: Best Practices for Governance and Administration. Computer Science & Information Technology (CS & IT), 219–228.
Ghafouri, S. (2024). Machine Learning in Container Orchestration Systems: Applications and Deployment Queen Mary, University of London].
Hoque, S., Aydeger, A., Zeydan, E., & Liyanage, M. (2025). A Survey on Distributed Denial of Service Attack Mitigation for 5G and Beyond. IEEE Open Journal of the Communications Society.
Iannone, E., Guadagni, R., Ferrucci, F., De Lucia, A., & Palomba, F. (2022). The secret life of software vulnerabilities: A large-scale empirical study. IEEE Transactions on Software Engineering, 49(1), 44–63.
Imran, H. A., Latif, U., Ikram, A. A., Ehsan, M., Ikram, A. J., Khan, W. A., & Wazir, S. (2020). Multi-cloud: a comprehensive review. 2020 ieee 23rd international multitopic conference (inmic),
Jor, N. (2025). Evaluating the Effectiveness of Multi-Cloud Strategies in Enhancing Enterprise Agility and Scalability.
Kansara, M. (2021). Cloud migration strategies and challenges in highly regulated and data-intensive industries: A technical perspective. International Journal of Applied Machine Learning and Computational Intelligence, 11(12), 78–121.
Khan, M. H., Habaebi, M. H., & Islam, M. R. (2024). A systematic literature review of cloud brokers for autonomic service distribution. IEEE Access.
Mathur, P. (2024). Cloud computing infrastructure, platforms, and software for scientific research. High Performance Computing in Biomimetics: Modeling, Architecture and Applications, 89–127.
Mehfuz, A. J. K. S. (2022). CLOUD USAGE AUTHENTICATION SCENARIOS BASED API ACCESS. Advance and Innovative Research, 368.
Mei, L. (2023). Cost Optimization in cloud costs with FinOps and multi-cloud billing monitoring tool.
Memis, F. E. (2023). Identity Lifecycle Management in Cloud Service Providers.
Merseedi, K. J., & Zeebaree, S. R. (2024). The cloud architectures for distributed multi-cloud computing: a review of hybrid and federated cloud environment. The Indonesian Journal of Computer Science, 13(2).
Ogbuefi, E., Ogeawuchi, J. C., Ubamadu, B. C., Agboola, O. A., & Akpe, O. (2023). Systematic review of integration techniques in hybrid cloud infrastructure projects. International Journal of Advanced Multidisciplinary Research and Studies, 3(6), 1634–1643.
Oladosu, S. A., Ike, C. C., Adepoju, P. A., Afolabi, A. I., Ige, A. B., & Amoo, O. O. (2021). Advancing cloud networking security models: Conceptualizing a unified framework for hybrid cloud and on-premises integrations. Magna Scientia Advanced Research and Reviews, 2(1).
Oloruntoba, O. (2025). Architecting Resilient Multi-Cloud Database Systems: Distributed Ledger Technology, Fault Tolerance, and Cross-Platform Synchronization. International Journal of Research Publication and Reviews, 6(2), 2358–2376.
Ospina Herrera, J. P. (2024). Architecture for distributed systems that facilitates a cloud-native AIOps implementations.
Peiris, C., Pillai, B., & Kudrati, A. (2021). Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks. John Wiley & Sons.
Phiayura, P., & Teerakanok, S. (2023). A comprehensive framework for migrating to zero trust architecture. Ieee Access, 11, 19487–19511.
Ponnusamy, A., & Spanner, A. (2023). Technology Operating Models for Cloud and Edge: Create your purpose-built distributed operating model for public, hybrid, multicloud, and edge. Packt Publishing Ltd.
Quadri, S. (2017). Cloud computing: migrating to the cloud, Amazon Web Services and Google Cloud Platform S. Quadri].
Rahaman, M. M. (2025). The Role Of AI-Enabled Information Security Frameworks in Preventing Fraud In US Healthcare Billing Systems. ASRC Procedia: Global Perspectives in Science and Scholarship, 1(01), 1160–1201.
Rahman, R. (2025). Enhanced Security with Microsoft Defender for Cloud. In Pro Azure Governance and Security: A Comprehensive Guide to Safeguarding Your Cloud Computing (pp. 125–211). Springer.
Raut, K. R. (2022). The Concept of Cloud Computing and Its Security Issues.
Rittinghouse, J. W., & Ransome, J. F. (2015). Cloud Computing: History and Evolution. Encyclopedia of Information Systems and Technology-Two Volume Set, 1, 178–192.
Shrivastava, S., & Agrawal, Y. (2024). Multi-Cloud Deployments and Hybrid Cloud Architecture. In: Resmilitaris.
Sivaseelan, S. (2024). Enhancing Cyber Resilience in Multi-Cloud Environments. In.
Talwar, S. (2024). Unified Framework for Securing Cloud-Native Storage: Approach for Detecting and Mitigating Multi-Cloud Bucket Misconfigurations. In.
Thallam, N. S. T. (2023). Comparative Analysis of Public Cloud Providers for Big Data Analytics: AWS, Azure, and Google Cloud. International Journal of AI, BigData, Computational and Management Studies, 4(3), 18–29.
Tricomi, G. (2021). Study and evaluation of service-oriented approaches and techniques to manage and federate Cyber-Physical Systems.
Vallabhaneni, G. N. (2021). Comparison and Contrast of OpenStack and OpenShift.
Wijaya, G., & Avian, A. (2022). Analysis of cloud computing infrastructure system with nist standard cloud computing standards roadmap. CoMBInES-Conference on Management, Business, Innovation, Education and Social Sciences,
William, E., & Richard, T. (2025). Cross-Cloud Networking and Service Discovery Mechanisms.
Xu, J., Stokes, J. W., McDonald, G., Bai, X., Marshall, D., Wang, S., Swaminathan, A., & Li, Z. (2024). Autoattacker: A large language model guided system to implement automatic cyber-attacks. arXiv preprint arXiv:2403.01038.
Yun, H. (2025). China’s data sovereignty and security: Implications for global digital borders and governance. Chinese Political Science Review, 10(2), 178–203.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Abdullah Mehboob, Omer Mehboob, Gul Rauf, Ali Mehboob
This work is licensed under a Creative Commons Attribution 4.0 International License.
