Security Experts:

Securing All Cloud Deployments With a Single Strategy

Many organizations eager to reap the benefits of cloud networking have adopted a cloud first strategy. As a result, their DevOps teams are actively developing applications that enable them to compete more effectively in today’s digital marketplace. Cost savings, agility, responsiveness and scalability are all drivers of this growing transition. Developing or subscribing to SaaS applications, such as Office 365 or Salesforce, enables organizations to extend productivity solutions to their WAN edge, such as branch offices or remote retail locations, without needing to pass traffic through their central data center. 

Providing customers and partners with immediate access to account information and the ability to conduct online transactions allow them to remain competitive. How this happens can be generally broken down into three major trends:

1. Consuming Cloud Services through SaaS. In this most common strategy, organizations either build or subscribe to cloud-based applications and then make them available to workers, partners, or consumers. In addition to infrastructure, this usually also involves moving related data to the cloud, where it has to be managed and secured.

In addition, because many organizations are still in flux as to which applications and data work best in the cloud, we are seeing a high rate (70% according to one IHS Markit survey) of applications moving from the cloud back to the internal data center, at least temporarily. Most experts predict that this back-and-forth will continue for the foreseeable future.

2. Migrating Architectures to the cloud. In this scenario, organizations take some or all of their existing networked architecture and rebuild it in the public cloud. Of course, few organizations make a complete transition. There are still critical resources, such as sensitive data, that many organizations prefer to keep on-premises, whether in a physical data center or private cloud, especially during events such as a merger or major acquisition.

3. Born in the cloud. Finally, many new organizations are opting to simply build their business in the cloud from the start. Others are starting fresh and building a new network architecture in a cloud-orientated way. 

The challenges of complexity and security

One thing each of these options has in common is that they almost always involve some sort of hybrid strategy. Data, applications, and infrastructure rarely live on a single cloud platform. Even cloud-only networks span multiple public cloud environments for a variety of reasons, such as cost, availability of necessary tools and other resources, or to segment critical data. And complicating things further, many organizations are adopting integrating some combination of these three deployment trends with multiple traditional physical and private cloud networks. 

The other thing all of these models have in common is the need for security. One of the biggest security-related challenges many traditional organizations face today is that they have a security strategy that has developed organically over time, resulting in solution and vendor sprawl that limits visibility and control. Unfortunately, while these organizations are opting for a more cohesive and integrated strategy for their infrastructure, they are reproducing this same security problem in the cloud.

Security in the cloud has four major problems, which include:

1. DevOps teams are not security-oriented. DevOps teams have one goal: deliver applications. They do not have the expertise or inclination to select security tools, properly configure them (Gartner predicts that the majority of cloud security breaches will be due to misconfigured devices), or provide the sort of maintenance and optimization that such tools require.

2. Overlay security tools can’t take full advantage of the cloud. Most cloud security tools are simply the result of porting the code from a security device to the cloud. As a result, they cannot take full advantage of the cloud features and powerful APIs that a cloud native security solution can, leaving critical resources exposed.

3. Different cloud environments do not always support the same security tools. Even more challenging is that not all security tools are even available on every cloud platform. Without careful preparation, organizations can be forced to select different tools for each cloud platform they adopt, complicating management, reducing visibility, and eliminating any hope for consistent controls.

4. Different clouds speak different languages. Even if you select tools from a single vendor to run on different clouds, there is no guarantee that they will be able to communicate effectively between those environments. Without some sort of proven translation service in place, there is a good chance that policies will not be consistently enforced, functions will not operate the same, and significant security gaps will develop over time that can and will be exploited by cyber criminals.

Take control of your cloud security strategy

Addressing these challenges will help organization confidently follow a cloud first strategy and aggressively on ramp their cloud resources.

1. Transition DevOps to DevSecOps. Adding security expertise to your DevOps team means that security will be more effectively and deeply integrated into your architecture and application development efforts. They will also receive the ongoing management, configuration, and monitoring they need, and that traditional DevOps teams generally do not have the expertise or resources to provide.

2. Use cloud native solutions. For effective and consistent security, you need security solutions that are fully integrated into the cloud environments by fully supporting cloud APIs and using native controls to manage and secure data and transactions.

3. Look for solutions that work seamlessly between cloud environments. The most effective security involves a single, integrated view across the distributed network, single click provisioning, seamless distribution of policies and configurations, dynamic threat intelligence correlation, and the ability to consistently enforce policy everywhere data, applications, and workflows exist. That requires connectors that can dynamically translate policies and threat intelligence and ensure consistent functionality and enforcement anywhere a security device is deployed.

Effective cloud security requires a single, seamless strategy

The ability to connect, protect, detect are the primary security pillars that need to be considered to properly secure any of these deployments. A single, cross-platform security strategy is not only the most effective way to secure a cloud first strategy, but it is the only way to ensure that your cloud security deployment doesn’t replicate the challenges of complexity, siloed solutions, and solution sprawl faced in many traditional network security environments.

view counter
John Maddison is Sr. Vice President, Products and Solutions at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.