The corporate world seems to have warmed up to the idea of cloud applications quite nicely. We trust them with nearly every facet of company operations - they handle employee information, financial data, program code, and our most sensitive IP and business strategy. It’s really no wonder why they are so popular - these cloud services are collaborative, lightweight, and convenient, able to be reached from any device no matter your location. Compare this to dealing with laggy VPNs, temperamental Remote Desktop Connections, and the like. There’s just no contest. Our internet security doesn’t have to be any more complicated than your favourite cloud-based productivity application.
In 2019, we will surely see the continuation of a trend many years in the making: companies and organisations outgrowing their own networks and the security measures that defend them. The accelerating shift of business applications and services to the cloud increases bandwidth consumption exponentially. Meanwhile, a rise in employee mobility and device diversity has made securing user internet connectivity a more intensive process than ever - with centralised network security, any time a remote employee accesses a company resource or uses a company device, that traffic will need to be backhauled to headquarters for inspection. Every day, we ask more and more of the gateway appliances and backhaul channels that have traditionally done this job, and they are being pushed to their limits, all the while costing businesses a fortune to scale and maintain.
“Hub-and-Spoke,” “Castle-and-Moat” - this familiar centralised model goes by different names, but the simple fact is that businesses need to shift the focus of their security from defending perimeters to following users. The only practical way to accomplish this is by adopting a cloud security solution, although this is certainly not to say that they are all are interchangeable.
Not all clouds are created equal
Making the right choice when transitioning from an on-premises, appliance-based approach to a cloud solution is critical to ensure that no security capabilities are sacrificed - only the appliances themselves, and the headaches that come with them. Next-generation containerised cloud architectures are available today and can provide all the benefits of the cloud without the compromises of dated shared-proxy architectures. Following are several factors that technical decision-makers should bear in mind when evaluating cloud-based security options:
- Cloud Sacrifice Does migrating from appliances to this solution require sacrificing functionality, significant changes in architecture or impacting business process? Will it leave you tied down to a single cloud provider?
- Adaptability Does this solution align with other organisational cloud strategies? Can it operate efficiently and provide a smooth end user experience?
- Extendibility Can it extend into and operate within private clouds?
- Compliance Does it uphold industry regulation and geographic restrictions?
There are different architectures on the cloud security market, some more readily equipped than others to ease the transition away from hardware. An advantage of containerised cloud architecture is streamlined migration to the cloud without sacrificing your network architecture or security posture. Some less sophisticated solutions may compromise on critical capabilities provided by legacy appliances.
Consider, for instance, your company’s IP presence and how important it is to operations: an IP address associated with your organisation is used to identify your users to third-party vendors for whitelisting, and for preventing non-authorised users from accessing SAML authentication. Your traffic’s all-important IP identity is lost, however, when traversing typical shared-proxy security architectures. Think too of GDPR - cloud solutions that don’t offer a strong data centre presence, or the controls to keep data in the right place, can be little more than a liability.
Adaptability and efficiency
With an abundance of cloud-based application and service brokers on the market, buyers will want to make sure that their security solution’s goals and capabilities align with and adapt to other organisational cloud strategies that may be useful to them. For example, a company that is heavily integrated into Office 365 might choose a cloud security platform that has established a partnership with Microsoft and designed their feature set to enable customers to take full advantage of the advanced and proprietary MS Azure infrastructure. Such partnerships and integrations can create a whole experience greater than the sum of its parts, boosting value and productivity.
And this point is not simply a matter of product features. If the cloud strategy of an organisation is AWS- or Azure-focused, for example, it makes sense that that the organisation look for solutions that can live or be hosted in AWS or Azure, as combining multiple services in the same cloud will provide long-term cost savings and user experience advantages. The very best cloud security solutions hold this type of efficiency as a top priority. Inefficiencies such as “cloud bounce”, repeated back-and-forth data transmission between separate clouds, ought to be strictly avoided.
Extendibility into private clouds
A public cloud has several advantages: relatively low cost, high availability, a large global footprint, and the elimination of the need for IT departments to purchase, maintain, and upgrade expensive hardware. This model may not be ideal for all organisations, however. Businesses that are very large or public-cloud-averse (typical examples include healthcare or finance) often choose to process and house their data in private clouds, which convey increased control and security, as they do not share any resources with other organisations. If this is the case, a company will likely want to host its latest security solution in that existing private cloud infrastructure. This is an attractive option for organisations that have already invested in their own data centres, but not all cloud gateway solutions offer the ability to extend into private clouds. When shopping for a solution, awareness of this potential limitation and of your organisation’s desired deployment model could save you some trouble. In addition, the ability for a solution to support private cloud while still leveraging public cloud for orchestration and administration brings flexibility and cost savings.
Compliance and geographic regulations
Yet another important consideration in selecting a cybersecurity solution is compliance and geographic regulations. Companies must carefully assess whether their current or prospective cybersecurity solution is capable of upholding industry standards, local regulations, and sweeping international legislation regarding information security, such as GDPR. While one of the key benefits of cloud solutions is that companies do not need to keep servers on-premises, users and administrators don’t necessarily know where those servers are. This presents a problem when regulations dictate, for example, that an employee’s personal data may not leave their home country.
When choosing a cloud gateway solution, a company needs to be sure that its selection has a data centre presence that is developed enough to handle its needs while offering enough control to define where certain data should and should not go. Failure to consider these rules could result in sunk costs, poor public relations, and massive fines and legal fees.
Craig Talbot, VP EMEA, iboss
Image Credit: Melpomene / Shutterstock