A desire to reap the rewards of scale effects is driving companies to standardize their processes. Now, thanks to the ever-increasing prevalence of cloud technology, businesses are embarking on a new wave of standardization. During the pandemic, many companies have realized that IT decision-making often takes place in silos – with the ‘bigger picture’ frequently getting lost in the process. Cloud technology promises to bring greater agility and flexibility to the world of corporate IT, and yet multi-cloud infrastructures can become incredibly complex, to the point where they eventually have the opposite effect. To combat this problem, businesses are increasingly calling for standardized security solutions for cloud infrastructures – and zero trust architectures can help to realize this vision.
In the past, IT departments were used to making decisions independently, based on their own requirements and assessment of the situation. During the last major wave of standardization in IT infrastructures in the first decade of the new millennium, scale effects were the number-one priority – especially for large businesses. In global companies, the primary goal was to introduce and implement internationally consistent standards for the purchase of hardware to simplify procurement and administration. As a result of this desire to simplify processes, companies began to ensure their internet gateway proxies, remote access solutions, and workplace equipment were in line with uniform global standards.
However, in the age of the cloud, IT decision-making is no longer the sole preserve of the IT department; decisions now involve several stakeholders. Often, specialist departments make decisions centered around the needs of their users, which leads to the creation of silos of wildly divergent technologies within the company – all of which come with their own specific set of requirements, making administration more complex. This means that companies are increasingly building multi-cloud infrastructures comprised of different providers, as reflected in the recent Zscaler EMEA State of Digital Transformation Report 2020. On average, almost half (49 percent) of the 600 EMEA IT decision-makers surveyed stated that they already used two cloud providers, and a third of companies had already outsourced applications with three providers. The survey suggests that these kinds of multi-cloud scenarios create a few challenges. The most frequently cited were difficulties securing access to multi-cloud networks (36 percent) and setting up multi-cloud networks (35 percent).
Instead of continuing to make IT decisions in isolated silos, companies should ensure that they maintain a bird’s-eye view of their overall cloud strategy – both to tame the complexity of these modern infrastructures and to make it easier to tackle the challenges they bring. The cloudification of individual business areas should be secondary to a holistic digitalization strategy that not only encompasses the application level, but also takes the network and connectivity and security requirements into account.
- Here are the best cloud storage providers of today
Complexity is increasing – and so is risk
For some companies, the pandemic has highlighted the complexity of their cloud infrastructure landscape and its potential pitfalls. Different cloud environments require different approaches to implementation. Security incidents also tend to arise because of the complexity of migrating static, outdated security architectures to highly dynamic cloud environments. These untamed infrastructures are not only at risk of growing beyond all control; they also present a security risk if ports are intentionally left unsecured to facilitate smoother access.
When companies were forced to relocate their employees to home offices, they were faced with the challenge of checking who could access the applications they needed securely and from which devices. Because companies had often designed their infrastructures in towers, the end-user services team was only responsible for the client; the network team was responsible for connectivity, and the department took care of access to office applications in the cloud, and none of these parties worked together closely when these infrastructures were built. All the infrastructures needed to satisfy security requirements, which made it difficult for the IT team to set up each employee with high-performance and secure access to the applications they needed. To compound the problem, end users were often using different devices and setups to gain remote access.
- Here's our rundown of the best cloud storage for photos and pictures
Using simplification to combat the complexity problem
In many cases, complexity is the product of infrastructures that were not cloud-ready when applications were migrated to the cloud. The combination of traditional network concepts with perimeter security – delivered via stacks of hardware at data centers – conflicts with the demand for cloud agility and user-friendly and high-performance access to applications.
Faced with the need to provide fast and secure access rights, companies are starting to question the untamed growth of their infrastructure of multi-cloud environments and the use of on-premises hardware to secure their network. They are looking to return to standardized processes that encompass the entire holistic construct of applications and networking and connectivity needs, as well as security. They need to find an alternative that doesn’t simply force them from one complex infrastructure scenario into another, leaving behind their traditional architecture only to enter a new landscape with divergent cloud requirements.
If we view the cloud as pivotal to the simplification of infrastructures, then companies must switch to an approach that covers all the required business cases and brings all departments together at the same table. As short-term budgeting cycles for individual projects in departments have created an unwieldy and inflexible infrastructural juggernaut, leaders must now consider what form an alternative could take.
In many cases, problems arise due to a lack of expert knowledge of cloud infrastructures. Employees who trained as network architects in the world of traditional, hardware-focused infrastructure must leave their old patterns behind to explore a new way of thinking. Traditional hub and spoke architectures are not capable of high-performance data traffic handling in multi-cloud environments. It is not enough to simply deploy the same strategy used to secure data centers in the cloud; these old methods must be replaced with a completely new approach.
Standardized access rights for users and workloads
These frameworks enable a direct and secure connection between the user and the application – regardless of the environment in which the application is hosted or which device the user is accessing the application from, and without diverting to the traditional data center. The security solution shifts from the perimeter to the edge, toward the individual user or the end point. Based on the principle of least privilege, each user is granted access only to the applications they need, rather than the entire network.
These access rights are monitored via the user identity and authentication. Through the direct internet connection between the user and the app, costly MPLS network data traffic is reduced and the scope for malware attacks is minimized. With this approach, the traditional network-centered security model shifts to user-based security, in effect turning the conventional procedure on its head.
While reviewing their approach to security, companies should also be thinking about standardizing their cloud environments. Incorrect configurations in complex environments account for 95 percent of security risks. A cloud security posture management solution can help to ensure that the configuration is secure, eliminating the largest attack vector while also ensuring continuous compliance. As incorrect configurations are automatically detected, security risks can be avoided. Implementing global guidelines across multiple clouds in a consistent and automated way allows companies not only to achieve the degree of standardization that they are looking for, but also to reduce complexity.
In addition to allowing organizations to implement a standardized process for user access to applications hosted in the cloud or in a data center, cloud technology can be deployed to standardize access between apps or cloud environments and to assist with secure segmentation.
- These are the best cloud hosting services out there
A holistic vision is key
The Gartner framework combines connectivity and network and application access to form a new, holistic approach, paving the way for the next wave of standardization. Regardless of the location of the application – whether it is hosted in a multi-cloud environment, on the internet, or in a data center – the user is guaranteed direct and secure access. The days of complex, hardware-based security is gone; the new wave of consistent access management via a cloud-based service will provide the level of transparency and standardization that modern companies need.
Here, the security solution adjusts to the user’s need for simplicity. We can leave the complexity of the past behind us for good if we use cloud technology not only to host applications, but also as a holistic security and connectivity solution. The Covid-19 crisis has shown CIOs that they must leave the well-trodden routes of the past behind and venture down new paths to deliver both performance and security.
Kevin Schwarz, Principal, Transformation Strategy EMEA, Zscaler