Securing distributed clouds with an integrated approach: A guide

Lior Cohen is Senior Director of Products and Solutions – Cloud Security at Fortinet. He has over 20 years of experience working in the information security, data center network and cloud computing spaces. Lior serves as Fortinet’s lead for cloud security solutions with a focus on securing enterprise public cloud-based deployments and private cloud build-outs. Lior previously held a variety of vendor and customer side positions in the cloud security space, including cloud solutions architect, information security consultant and subject matter expert for SDN, virtualization and cloud networking for leading industry vendors.

As digital innovation and resulting transformation increase, organisations also face the rise of traffic volumes from end user and IoT devices, SaaS applications and data from employees, consumers, and partners. As a result, many big data and large-scale applications simply outpace the centralised data centre infrastructure and the IT teams who have to manage and maintain distributed clouds.

New hybrid designs allow applications and compute to adjust to growth and sudden surges in traffic levels by extending storage and compute resources to the public cloud in order to scale on demand. Leveraging a hybrid approach can help DevOps teams through their rapid experimentation processes and enterprises can accelerate the prototyping of applications and services since critical resources can be provisioned on the fly.

A hybrid approach also provides greater agility for business-critical workflows that cross thousands of services, provides better support for advanced applications, and optimises communication patterns to shorten round trips between essential data and compute resources – all with a fraction of the manpower required for legacy data centre environments.

The challenge is that because today’s applications and data exist across on-premises, co-located, private, and multiple public clouds, organisations that own these applications and data are increasingly vulnerable to attacks that target their expanding attack surface. To address these risks, many IT leaders often try to bolt on individual point security solutions to patch the resulting defensive gaps while also trying to cover evolving regulatory compliance requirements.

Unfortunately, such a piecemeal approach simply cannot address the diversity of the compute infrastructure and full spectrum of vulnerabilities being introduced. Instead, IT leaders require an integrated security strategy that includes deeply integrated solutions with advanced capabilities designed to span and protect today’s hybrid IT environments. All without compromising the speed, scalability, or functionality that today’s applications require.

Three key elements of network and security integration

To address the expanding attack surface, network and security teams must integrate security across all parts of their hybrid IT environments. These tools not only need to function as native solutions on whatever platform they are deployed, but they also need to work seamlessly between different environments to ensure three critical functions:

Visibility: Hybrid IT environments render a mix of disparate tools each offering different level of visibility and different management systems causing major challenges to assess risks, trace security and performance issues, achieve compliance and more. This is why organisations need a consistent underlying security management platform interconnecting the distributed environments, enabling consistent visibility and management across the entire distributed cloud environment. This also better supports troubleshooting, consistent policy enforcement and other cloud operations.

Scalability: As workloads increasingly spread out across the hybrid IT infrastructure, security requirements should follow suit. In order to do so, security solutions must exhibit the same level of elasticity, scalability and resilience as the cloud so they can keep up with application demand. As hybrid IT environments expand and diversify, security solutions should be integrated into the underlying infrastructure operations in order to ensure continuous reliability and business continuity.

Automation and orchestration: An integrated security architecture must also leverage the power of automation across the hybrid cloud infrastructure. This requires individual network and security components to not only communicate with each other, but also support consistent operational attributes and APIs in order to support the provisioning of consistent policy enforcement as data and workflows move from one environment to the next. An integrated security architecture must also consist of real-time management and provisioning of application and workflow classifications and enforcement policies across multiple virtual, WAN, or cloud environments.

At the same time, intelligent networking protocols need to be combined with automated security responses and accelerated management features to shrink the windows of risk exposure and reduce staff workflow burdens, human errors, and operating expenses (OpEx). Where possible, the management and orchestration of these automated networking and security functions don’t just need to be centralised, but fully integrated into a single-pane-of-glass management to ensure that configurations and policies are consistent and reliable across the distributed environments.

Dynamic cloud security requires new standards for integration

As data and the delineation between private public and hybrid cloud blurs, organisations need to evolve towards a distributed cloud security strategy. An organisation’s attack surface will naturally expand, adding new risks and complexities that can often overwhelm limited resources and budgets.

Far too often, to meet the demand for increasing levels of compute performance, cloud security operators end up compromising security to meet user demands for performance. This is almost always the result of a security strategy that does not realise the dynamic nature of distributed cloud infrastructures. What is needed is a strategy and security solutions that are designed to operate at scale across a heterogenous environment.

In the face of increasingly sophisticated cyber threats and the growing cybersecurity skills gap, it’s time for organisations to revisit their plans for securing their distributed cloud infrastructure. To deliver both security and agility, especially across diverse computing environments, IT leaders must embrace an integrated security architecture strategy based around the principles of dynamic cloud security, combined with an integrated security platform designed to deliver agility, resiliency, scalability and automation.

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series-1.pngInterested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *