[ad_1]
On this five-part collection, I’m taking a tough have a look at the frequent – and expensive – errors organizations usually make whereas constructing a cloud structure. Half one defined how organizations can rapidly lose visibility and management over their knowledge processing, and detailed keep away from that mistake. Half two checked out why a DIY method usually goes incorrect, and the way an unbiased cloud networking platform solves that downside. Half three examined how simply prices can mount when organizations don’t have a cloud networking platform that allows clever costing and billing. Partially 4, I clarify why an on-premise angle towards safety within the cloud weakens an enterprise’s defenses whereas additionally contributing to mounting prices.
Safety is a very pricey line merchandise within the cloud invoice. Enterprises are paying an enormous value as a consequence of an on-premise mindset, treating safety individually from networking and bolt-on safety. For example:
- Organizations deploying a bodily on-premise next-generation firewall (NGFW) for workloads sitting within the cloud are nonetheless sending cloud site visitors to knowledge facilities or colocation services. That is pricey not solely from an egress fees perspective but in addition unacceptable by latency-sensitive business-critical purposes akin to SAP S4/HANA or Epic well being care.
- Deployment of pricey NGFW VM/EC2 in each VPC/VNET.
- Reliance on a CSP “Shared Safety” mannequin. Particulars might be discovered right here.
- Reliance on uncontrolled and international NaaS, SASE, or SaaS-type instruments to offer safety requires delicate knowledge (HIPAA, PCI, Belongings Stock, and so forth.) to be shipped exterior your management or community jurisdiction, growing the general value and including latency.
Safety can’t be handled individually from networking. It should be a part of the info aircraft. It should be a part of the distributed cloud networking design. The bolt-on safety designs are flawed and fractured. Perimeter firewalls is not going to work for cloud workloads.
A layered safety design is finest, the place the info aircraft supplies the “firewalling” while not having any NGFW. It signifies that as quickly because the packet leaves the EC2/VM, it’s being “firewalled” with out sending the site visitors to some NGFW EC2/VM. This zero-trust method improves the safety posture and saves prices by decreasing the info switch fees, decreasing the costly NGFW, and eliminating undesirable or dangerous site visitors touring throughout the community.
Suggestions
Spend money on an answer the place safety is embedded within the knowledge aircraft. The answer should permit you to create intent-based safety insurance policies. These insurance policies ought to seamlessly be utilized to single and a number of clouds with none refactoring. A number of issues to search for:
- Spend money on a multi-cloud networking answer that intelligently supplies distributed firewalling as a part of the info aircraft. It should present options akin to community and micro-segmentation utilizing a wealthy set of standards and attributes akin to CSP tags.
- Community habits analytics should be a part of the safety structure. Your knowledge aircraft mustn’t solely be capable of detect threats, malware, ransomware, and anomalies but in addition routinely block them as a part of the self-healing capabilities.
- A geofencing or geo-blocking characteristic is essential for knowledge sovereignty and GDPR necessities. Absence of those out of your structure might incur fines or heavy penalties. That would tarnish the model and shall be pricey in the long term.
Conclusion
The cloud doesn’t function on-premises, and cybersecurity can’t both. Utilizing on-premise instruments, akin to NGFW, for knowledge residing within the cloud, for instance, will increase each latency and prices. Safety should be built-in as a part of the info aircraft, with a layered method that may deal with multi-cloud environments, allow community habits analytics, and geofencing or geo-blocking. Solely then can a cloud networking platform present the muse for a full protection.
Within the closing half 5 of this collection, I’ll have a look at how relying solely on a CSP for restoration from an assault prolongs the imply time to restoration (MTTR), tremendously escalating the prices.
[ad_2]