Securing the Cloud
In the emerging digital economy, organizations are connecting users, devices, data, goods, and services to drive business value. Organizations that want to compete successfully in this new economy are having to adopt new architectures, such as virtualization and cloud, to make them more agile, more responsive to customer needs and market demands, and more relevant to their customers.
Cloud services provide the sort of on-demand resources digital businesses demand. The device that data resides on is less important than that it is available whenever it is needed, regardless of where the user, device, or application requesting it is located.
Securing such highly dynamic environments requires tightly integrated security and network technologies that share intelligence, and collaborate to detect, isolate, and respond to threats in real time. Security solutions need to meet extreme performance requirements and be available on-demand.
Of course, the problem becomes more complicated when you consider that the cloud is not just a virtualized traditional network. It is a collection of networks working in a synchronistic fashion. Data needs to moves between data centers in order to be delivered to highly mobile users and customers. Some of these data centers are local, some are geographically dispersed, and some are owned and maintained by third-party service providers.
Public cloud services are being adopted by organizations for everything from the on-demand offloading of high-volume traffic, a process known as cloud bursting, to moving some or all of their infrastructure into the cloud with some sort Software, Platform, or Infrastructure as a Service (XaaS) architecture.
This can range from simply utilizing public cloud application services such as Dropbox and Salesforce.com, to leveraging cloud-based infrastructures such as Amazon AWS and Microsoft Azure, to adopting complete turn-key cloud infrastructures provided by service providers to simplify the storage, transfer and management of data and move the overhead costs of maintaining infrastructure to a pay as you go service.
From a security perspective, the primary challenge is how to establish and maintain consistent security policy and policy enforcement as data moves back and forth between locally and third-party cloud environments. This is the single most critical gating factor preventing organizations from adopting an XaaS network strategy.
For this to work, two things need to happen.
First, organizations need to find and work with a service provider who can assign to the remote cloud environment the same security technology being used in-house. Ensuring that policies protecting data follow that data as it moves between different environments is essential to ensuring its integrity. Visibility and control are more critical than ever when critical resources become highly mobile. Especially when the loss of data, such as financial information, customer data, or intellectual property, might represent a serious corporate liability. Looked at from another perspective, this also means that organizations looking to implement a cloud strategy may want to design and deploy a new in-house security solution that has been widely adopted by the service provider community.
And second, organizations need to adopt a cloud-based security management and orchestration tool that can pass policy and security intelligence seamlessly between security devices deployed across distributed environments. While networks need to be dynamically segmented vertically to separate discrete functions, it is becoming increasingly more importantly to segment data horizontally as different types of users, transactions, and applications flow across the network from remote devices through to the cloud.
The Security Fabric
Fortinet’s Security Fabric has been designed to provide a tightly integrated set of market-leading security solutions for cloud environments. It is also based on the most widely adopted service provider security solutions in the market. Using a cloud-based management tool (FortiManager), a common operating system (FortiOS), and a single threat intelligence source for consistent enforcement (FortiGuard), organizations can weave together a single, integrated security fabric for complete visibility and control across their entire distributed network environment.
Read more about Fortinet cloud solutions here: www.fortinet.com/sites/default/files/whitepapers/WP-Cloud-Security-Overview.pdf