Organizations are increasingly moving sensitive data and critical processing to cloud environments in order to take advantage of their greater availability, accessibility, and flexibility. However, the move to the cloud also has a dramatic impact on organizational security since traditional security architectures often lack consistent visibility and security in the cloud. Software-defined wide area networks (SD-WAN) provide a solution to this problem, since SD WAN security can be extended to any environment, including mobile and the cloud.
The Growth of the Enterprise Cloud
Cloud computing provides several advantages to an organization. Outsourcing cloud infrastructure means that organizations can take advantage of the cost savings associated with shared hardware and do not need to manage their own infrastructure. Additionally, the cloud offers organizations the ability to take advantage of the flexibility and scalability of cloud environments to match the ebbs and flows of the organization’s computational and storage needs.
As a result, many organizations are making heavy use of cloud computing. In fact, 94% of organizations were using cloud computing in 2019. Of these organizations, the vast majority were using multiple different cloud environments, with 84% of organizations using a multicloud deployment. Different cloud service providers (CSPs) design their environments for different use cases, and the desire to optimize the organization’s cloud investment drives organizations to use multiple clouds.
Multicloud Security Challenges
While the use of multicloud environments enables organizations to take advantage of cloud deployments optimized for certain use cases, cloud computing in general, and multicloud deployments in particular, creates security challenges. Among these are the fact that organizations are operating fragmented cloud architectures, experience a high volume of direct-to-cloud business traffic, and are operating in an entirely new deployment environment.
- Fragmented Architecture
The use of multiple cloud deployments means that organizations are likely using solutions developed by different vendors. Especially in the cloud, this fragmentation of the organization’s network creates visibility and security challenges. Unlike in on-premises deployments, in the cloud organizations do not have control over, or even access to, their entire infrastructure stack. In the cloud, an organization rents access to everything above a certain level (which depends on the type of service offering they are using) and has no control over the rest.
As a result, in many scenarios, an organization cannot deploy the same cybersecurity solutions that they use in the rest of their network environment. Instead, they are forced to rely upon CSP-provided applications and features that vary from provider to provider. This makes it difficult or impossible for an organization to maintain consistent visibility and security policy enforcement across their entire network infrastructure.
- Direct-to-Cloud Network Traffic
Many organizations have perimeter-focused cybersecurity architectures. In the past, all network traffic entering the organization’s systems passed through the enterprise network perimeter. By deploying cybersecurity monitoring and threat detection solutions at the network boundary, the organization could detect and block a high percentage of attacks against their systems and monitor traffic entering and leaving their “trusted” internal network.
With cloud computing, the perimeter-based security model no longer applies. An organization’s cloud deployment, which is part of their “trusted” internal network, is located on untrusted hardware outside of the organization’s network perimeter. While traffic flowing between the enterprise LAN and the cloud benefits from the perimeter-based security monitoring and protection, the same is not true of connections from devices on mobile networks and other external networks. As 5G makes the use of mobile networks for mobile and Internet of Things (IoT) devices more appealing, this lack of visibility and security monitoring for business traffic will only grow.
- A New Deployment Environment
Many organizations take advantage of the cloud because it is very different from on-premises deployments, which enables it to provide a number of potential advantages. However, these differences in operating environments also create several challenges for securing these environments. In the cloud, an organization does not own the infrastructure that it is using and often cannot deploy the same cybersecurity solutions used in the rest of their network infrastructure. However, they are still responsible for securing their portion of the infrastructure stack.
Many security professionals find it difficult to understand what is their responsibility in the cloud versus that of their CSP. In fact, only 27% of security professionals find the cloud shared responsibility model, which outlines these responsibilities, to be “very clear”. Despite this, they are responsible for understanding and properly configuring an array of CSP-provided security controls that vary from environment to environment. As a result, 84% of security professionals claim that it is difficult to secure their organization’s cloud deployments.
Achieving Integrated Visibility and Security with SD-WAN
One of the primary challenges of securing multicloud environments is the inability to deploy consistent security solutions across all environments. In many cloud deployments, it is difficult or impossible to deploy the same security solutions used to secure on-premises environments. However, achieving consistent visibility and policy enforcement across the entire enterprise network is vital to organizational cybersecurity.
SD-WAN provides a solution to this problem by moving security monitoring and policy enforcement from the endpoint to the network. SD-WAN appliances, with integrated next-generation firewalls (NGFWs) and secure web gateways (SWGs), can provide consistent visibility and security for all traffic flowing over them. With a cloud-based SD-WAN deployment, where users are incentivized to route traffic through geographically distributed points of presence (PoPs) by high-speed network connectivity provided by dedicated Tier-1 network links, this visibility and security can be extended to an organization’s entire network environment, including cloud and mobile devices.