D_043019_MulticloudScale_Blog_1500x679
Rick Conklin

The Multiplier Effect: With New Applications and Dramatic Growth of Data Stored in Different Clouds, Managing Security at Scale is the New Imperative

There are multiple benefits to using multiple clouds, delivering everything from better costs to better performance. As network service providers continue to virtualize their networks, with the advancement of Network Function Virtualization (NFV) and enterprises likewise move away from on-prem to managed network services, leveraging Software Defined Networking (SDN) technologies, every aspect of computing and communicating is becoming more and more programmable.

While this trend will continue to accelerate, security has been lagging, as IT teams move swiftly to implement a mix of public infrastructure as a service (IaaS) across many applications, and increase their workloads and storage on Amazon Web Services, Microsoft Azure and dozens of other cloud service providers.

According to MarketsandMarkets, a B2B research company, more than 75% of businesses are planning to implement multi-cloud architectures this year for agility, flexibility and cost savings.

The challenge for Chief Information Security Officers (CISOs) is how to fit into this new world, and how to overcome unprecedented cloud security challenges including:

  1. Monitoring multiple clouds
  2. Monitoring private networks connecting to those clouds
  3. Establishing policy across all instances and enforcing policy including identity access management and privileged account management
  4. Protecting data stored in clouds
  5. Protecting data in motion as more and more apps talk to each other via APIs
  6. Detecting and Ameliorating threats across an expanded attack surface
  7. Scaling security to protect what they connect, supporting digital transformation initiatives and development groups, while ensuring any and every application is safe

Security leaders are weighing their options, and most are finding that the tools, on which they’ve relied for years and decades to secure IP networks and the assets connected on those networks, no longer scale and don’t lend themselves to the automation imperative.

Failure to automate and streamline provisioning across multiple clouds is a perilous path, as lack of automation inevitably complicates the IT team’s ability to deliver secure, agile services at the scale that the business units demand to stay innovative and competitive.

And while individual private networks are at risk, the greater risk to enterprises, governments and other organizations is threat containment across multi-cloud.

Pivot attacks are on the rise, and if gone undetected in-application traffic can result in outages or breaches. Networks, as the lifeblood of every digital system, can no longer treat security as an afterthought; in fact, with the right approach to connectivity, security can scale inside the network – which has tremendous advantages to those responsible for ensuring availability and defense against attacks, while also making compliance stronger and audits less painful.

In the new world of programmable networking, security leaders are opting for tools that elastically scale up and down, supporting development of new applications (from prototypes to testing to general availability), while investing in automated orchestration to simplify deployment and management.

When they design their “this generation” IP networks this way, they also make it easy to integrate with each cloud-specific architecture.

They are looking for unified tools and views, with visibility into a multitude of clouds, applications and devices, going well beyond coordination of threat management between the corporate network and one or two private clouds and one or two public clouds.

With applications running-in and accessed-through multiple clouds, the challenges multiply.

Multi-cloud & Micro-Segmentation: Application Awareness Is Essential  

Micro-Segmentation ensures application-aware access control, which helps detect and prevent lateral threats, and includes many functions, from anti-malware, Data Loss Prevention (DLP), Transport Layer Security (TLS) decryption to Deep Packet Inspection (DPI) through Layer 7. That’s a lot, but is it enough?

Cyber threats are dynamic, and attackers can quickly infiltrate cloud infrastructures causing major data loss, outage and reputational risk. Perimeter security is not enough and cannot offer the scalability and agility required by today’s multi-cloud infrastructures.

Additional layers of protection are essential but need to be thought through carefully, to ensure the scale works operationally and financially.

Dispersive’s platform and services manage identity and microsegment the network, making it easy to deploy any number of ultra-secure private networks. When it comes to even more massive networks with a greater variety of endpoints and devices – all which need to be secured – we have to think differently today than we did a few years ago.

Within the network, we split traffic differently, which allows us to utilize all the available bandwidth if there are multiple sources available to a local gateway or device, or multiple paths through a mesh network architecture if there’s only one physical connection – which also is of huge value in a multi-cloud IT environment.

Other technologies load balance across multiple paths and devices through a mesh network; what we do is fundamentally split up the traffic on an individual flow basis and then steer that traffic across all the bandwidth available to us, at the local device and through multiple paths through the core of the network.

Because of the way we’ve engineered the product, we talk about steering traffic versus routing it. Dispersive’s DVN is an overlay network, it is bandwidth and network agnostic, so we can influence steering and the path that an individual packet will take through the network without having to interop with the specific routing protocols. The carriers don’t want you to change their provisioning or routing, so we’re ideal in that our software dynamically steers and optimizes flows and monitors traffic in real time for performance and security reasons. We have a configuration plane, control plane and data plane and all three of those are authenticating in real time, which means we can respond in real time.

Soon, the number of devices will outnumber the number of people on the planet by an order of magnitude.

The growth of endpoints is a major part of the reason why our customers are opting in to a new way of securing their networks, applications, and data – regardless of which cloud compute may be happening on. There are increasing demands for a more secure system, easy to operate, supporting a high availability architecture, that is massively scalable and easy to provision monitor and troubleshoot in real time.

To learn more about DVN, download our white paper here.