Rethinking security must be an integral part of any network transformation to a multi-cloud world from the very first.
It’s the most effective way to make sure an organisation’s defences are ready to keep pace with the expanding landscapes and multi-faceted defence challenges that come with the shift to multi-cloud working.
But, with a traditional security perimeter, it’s more complex to integrate the right security controls into today’s multi-cloud considerations. This is the reality for many organisations, so the question is: what’s the best security approach to take when moving from a perimeter-based architecture to a multi-cloud one?
To be prepared, it’s time to re-examine the security that organisations need for a multi-cloud future.
Cloud-centric operating is a security earthquake
Any reassessment of security must centre around how the organisation can transfer the level of control and risk management it is used to across to the new multi-cloud environment. It’s vital that security teams are open to considering new and adapting existing security methods to preserve the control they want.
Where once their security perimeter sat firmly within their network, meaning they could vigilantly oversee it, it now lies within cloud providers’ locations, reducing their visibility significantly.
This shift in control is compounded by confusion over who does what under the shared security responsibility model. Limited visibility into hyperscaler clouds means organisations have to rely on providers’ vigilance and prompt action to tackle emerging issues and keep them safe. However, security teams are deeply unsettled by high-profile incidences of hyperscalers only fixing serious bugs when users with top tier licensing raise the alert and push the issue. And, working with multiple cloud providers using multiple security models, it can be easy to misunderstand these models, leading to gaps in an organisation’s overall security.
Alongside this, security teams must manage a hugely increased attack surface, fuelled by the growth of flexible working, and the impact of supporting widespread third party access to their systems. This demands niche expertise in architecting cloud security that’s in scarce supply.
The result is organisations feeling their way in a relatively unknown environment, where rapid evolution makes it difficult to stay current. Their visibility is compromised, complexity is rising, and there’s an overwhelming choice of security tools - with little surety about which are the best, most future-proofed options.
Six critical issues cloud-centric security must address
Security is designed to be an enabler, and this must continue in the multi-cloud world, both now and into the future. As a starting point, let’s define what organisations want to achieve in this environment from a security viewpoint:
1 Comprehensive visibility
Security teams need uninterrupted and consistent visibility to be able to monitor data as it moves through their network and deliver effective threat management. But often, when data enters a hyperscaler environment, the shutters go down on visibility.
2 Routes through complexity
Multiple, diverse environments with unique architectures, management tools and security controls breed complexity. And this complexity makes it easy to make mistakes in configurations, and can allow threats to squeeze through the gaps between the security responsibilities of provider and organisation.
3 Consistent security policies
One architecture with one uniform security policy, managed centrally is the ideal. But, when organisations operate across a patchwork of different clouds, they face a variety of security standards and configurations. This creates confusion, complexity and potential security weak spots – particularly across public internet.
4 New levels of security flexibility
Security teams want increased proactivity so they can adapt and scale at the speeds necessary to protect dynamic cloud environments. They want to leave inflexible legacy security architectures behind. A significant part of this is their ambition to implement Zero Trust security principles. They want to move from blocking and securing a traditional perimeter, to limiting data’s exposure to risks generated by new ways of working via controlling access and requiring frequent reauthentication. Their vision is to bring automation into this as well, to apply Zero Trust rules consistently with little team input.
5 Light-touch management and interoperability
Managing multiple vendor relationships and provisions to stitch together a security solution for continually evolving cloud architectures is time-consuming and requires significant expertise. Today’s hard-pressed security teams don’t have the capacity for this, and cloud skills shortages make expanding teams difficult. Easy options for interoperability and cloud integration will be essential to ease this burden.
6 Water-tight data governance and compliance
Cloud security increasingly involves complying with countries’ regulations about where data is held, with some stipulating that data must be held within their borders. However, hyperscalers routinely hold data in zones that are regional, and not necessarily country specific. And even if a security team takes out a sovereign cloud option, there are still concerns that data could be routed through a prohibited area, particularly when failover routes come into play. As regulations tighten and fines spiral upwards, organisations want more control over where their data sits and greater certainty over its defence.
The answer is a network designed to enable security in a cloud-centric environment
We used these six essential areas as important considerations to our innovation, and the result is our new global network, Global Fabric. It’s an end-to-end programmable platform, delivering networking services to the cloud and between the clouds, whether public or private. Security-by-design was a fundamental part of our development process, to create a network that can support a holistic security approach.
In practice, Global Fabric will transform what security teams can achieve in a cloud-centric architecture – and its watch words are ‘easy’, ‘comprehensive’ and ‘control’.
Adding new security solutions is straightforward - it will be quick and simple to deploy consistent, unified, end-to-end overlay security functions on top of Global Fabric. With one network stitching everything together, visibility will really improve. We'll pull your expanding pool of data into our Eagle-i threat management services and our trusted security partner ecosystem to expand your insight and deliver rapid, defensive responses. This easy overlay approach means Global Fabric will also support the full range of emerging security needs, from Zero Trust and Secure Access Service Edge (SASE) to endpoint and identity security.
One network and consolidated security minimises the chances of threats entering through gaps between tools and differing cloud policies. What’s more, Global Fabric will have Distributed Denial of Service (DDoS) detection and mitigation embedded as standard, to stop any DDoS attack before it hits the network, limiting or eliminating the impact without compromising performance. And if you’d like to add overlay DDoS protection services, that’s possible too.
With Global Fabric, you will have real-time specification and control of your data’s end-to-end path through the network – even failover routes - which simplifies compliance with data sovereignty requirements. And, should countries’ regulations change, it will be simple to adapt your routing to stay compliant.
Why not further explore the potential of Global Fabric today?
Visit our dedicated webpage for more information, including our expert blog posts exploring the five transformative benefits of Global Fabric.