The networking-security approach to cloud adoption: Complexity and convergence

Jonathan Nguyen-Duy is a Vice President and part of Fortinet’s global field CISO team. He has unique global government and commercial experience with a deep understanding of threats, technology, compliance and business issues. Jonathan holds a bachelor’s degree in international economics and a Master of Business Administration in IT marketing and international business from the George Washington University.

The cloud offers tremendous opportunities for better agility, performance, cost savings, accelerated time to market – all driving better outcomes and experiences. The first wave of cloud migrations often generated these types of results. But the adoption of multiple clouds and the rise of increasingly complex hybrid networks means these goals are harder to achieve.

Today, many cloud implementations are characterised by non-integrated, disparate technologies, deployed across multiple facilities and clouds – lacking visibility and control.

Complexity is increasing as infrastructures diversify and new technologies and tools arrive on the network, expanding the attack surface and the number of edges – from the LAN, across WAN and into multiple clouds. However, cloud adoption doesn’t mean everything should move to the cloud. The cloud comes with its own set of security and networking challenges, and this is where the convergence of security and networking is becoming increasingly essential.

Multi-cloud strategies can lead to more complexity

Organisations can avoid vendor lock-in and choose the best cloud services that meet the requirements of a particular application or workload by implementing a multi-cloud strategy. This also allows organisations to choose cost-optimised services and use geographically dispersed clouds to meet data sovereignty requirements, for disaster recovery, or to improve overall user experience. In addition, a multi-cloud model also provides redundancy to lower the risk of downtime.

However, though this model offers many advantages, multi-cloud adoption also adds additional layers of management complexity—particularly if adding cloud services happens in an ad hoc manner rather than being planned from the ground up. The difficulty is that each cloud environment is unique; tools that span multiple cloud environments need to be able to connect seamlessly, function consistently and work between different cloud environments without losing functionalities, fragmenting policies or lowering enforcement standards. These tools need to achieve all that while bridging protocols and standards on the fly between environments.

From deployment to network performance to operational costs, this complexity creates management and operational challenges. Few IT teams have the expertise to manage a mixed deployment of multiple public cloud, private cloud and on-premises environments. The ongoing lack of skilled talent, especially cloud and security architects, alone makes this scenario unlikely. Resource-constrained organisations, especially mid-size companies, will have difficulty keeping up.

Integrated security and networking technologies must be in place to maximise the benefits and flexibility of a multi-cloud strategy. The compute element cannot be considered in isolation. How users access cloud resources from multiple remote locations and branch offices must be considered. And both the business outcome and end user experience are dependent on optimised network performance. Without the need to back haul traffic back to a data center and then out to the internet, SD-WAN is now critical to the success of any multi-cloud strategy.

But as with all offerings, not all SD-WAN solutions are interchangeable or equal. They vary widely in terms of capabilities, and not all are able to adequately support a multi-cloud deployment. Integrated security and SD-WAN is critically important in ensuring security and network performance, which is foundational to hybrid cloud solutions. Enterprises should carefully consider how well the cloud, network and security components are integrated from the outset to ensure that functionality, management, performance, and especially, security requirements, as well as capital expenses (CapEx) and operating expenses (OpEx) requirements are met.

Cloud is not the final word

Reports of the demise of hardware are greatly exaggerated. The practical limitations of multi-cloud management and cost-savings is leading many organisations, especially large enterprises to maintain a hybrid infrastructure. Indeed, some applications and large data lakes will always be better supported and secured in private clouds. In addition, hyperscale operations requires equipment that can support huge payloads and compute requirements. Thus, even with the cloud, hardware still matters.

While organisations are migrating to the cloud, there’s still data and sensitive information that they will keep on-prem. As a result, organisations need security that spans anywhere and everywhere – on-prem, data centers, multi-cloud, public cloud, etc. This is where the convergence of security and networking is key.

The convergence of security and networking

The core idea behind security-driven networking is that security and networking must be two sides of the same coin. That way, whenever the networking infrastructure evolves or expands, security automatically adapts as an integrated part of that environment.

In SD-WAN environments, security is woven together with connectivity functions such as application steering, bandwidth management and dynamic failover to ensure that when connections adjust to maintain quality of experience, security is an integrated part of that process. This integrated approach can then be extended to secure access points, switches and even 5G connectivity.

Bringing it all together

Cloud adoption was already increasing rapidly; the massive shift to remote work kicked it into high gear. The cloud has a great deal to offer, and organisations would be foolish to eschew its advantages whole cloth. That doesn’t mean it comes without caveats. The cloud adds management complexity, requiring special tools and the expertise of IT pros who are hard to come by. In this way we clearly see that success in the cloud is dependent on networking and security operating in a converged manner to ensure users can securely and seamlessly access cloud resources. Maximising the benefits and flexibility of a multi-cloud strategy requires integrated security and networking technologies, and SD-WAN fills this bill nicely.

But all this talk of cloud doesn’t mean enterprise data centers will disappear. There will always be sensitive data that organisations want to keep close to home. This multiplicity of data environments necessitates the convergence of security and networking. Organisations need to take stock of their own needs and devise a security and networking strategy that covers all the bases, whatever combination of cloud and on-prem that may look like.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Posted by Editor