NC1801
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
TECHNOLOGYUPDATE<br />
THE CLOUD GENERATION FIREWALL<br />
A MOVE TO THE CLOUD CAN PROVIDE A RANGE<br />
OF BENEFITS - BUT WHAT ABOUT SECURITY?<br />
CHRIS HILL DIRECTOR OF BARRACUDA<br />
NETWORKS EXPLAINS WHY ACTION IS NEEDED<br />
Traditionally, the daily operation of<br />
securing an organisation's network was<br />
orchestrated by a firewall located<br />
exclusively on premise. However, in the<br />
cloud era, these rigid, monolithic and<br />
hardware-centric firewall architectures,<br />
designed for centralised networks can't keep<br />
up with the increasingly sophisticated<br />
threat landscape.<br />
In the last year breaches have continued to<br />
become more rampant. Deloitte and Equifax<br />
suffered and WannaCry highlighted that<br />
large scale attacks can happen any time.<br />
According to a recent survey we conducted,<br />
50 per cent of respondents confirmed they<br />
had suffered a cyber-attack.<br />
The same survey revealed that more than<br />
40 per cent of respondents organisations<br />
are operating some of their infrastructure in<br />
the public cloud. But as we inch closer to<br />
the cloud era, it's concerning that many<br />
making that move are still using traditional<br />
legacy firewalls to secure their cloud<br />
workloads and applications. They're simply<br />
not engineered with the cloud's elasticity,<br />
scalability or the consumption model that<br />
businesses want and they won't defend<br />
against modern cyber-attacks.<br />
To protect and manage cloud data a more<br />
robust cloud-scale security platform is<br />
required. It must provide a capability that<br />
satisfies the most demanding cloud specific<br />
use-cases without the overhead of legacy on<br />
premise architectures.<br />
This being said the cloud doesn't<br />
necessarily require a totally different tool<br />
set, as long as you understand the cloud<br />
environment applications are deployed in<br />
and the native services the IaaS provider<br />
offers to build security control coverage.<br />
From here controls can be implemented<br />
to leverage chosen best practice.<br />
In terms of application development, it's no<br />
secret that security is one of the most<br />
challenging aspects. However we're seeing a<br />
demand from the DevOps community in<br />
particular to automate security controls into the<br />
Continuous Integration/Continuous Delivery<br />
(CI/CD) process. This allows security controls to<br />
be pushed deeper into the deployment process.<br />
Cloud security platforms also need to include<br />
the REST API framework used by developers to<br />
automate application tests and integrate<br />
security directly into the code building process.<br />
Arguably, deploying a firewall in the cloud<br />
comes down to having the right tools. Any<br />
security controls need to cover and leverage<br />
the agility and elasticity of the cloud<br />
infrastructure.<br />
Organisations need a cloud generation<br />
firewall but how does this differ from legacy<br />
firewalls? It helps users to leverage cloud native<br />
management and monitoring tools, allowing<br />
businesses to take advantage of cloud-native<br />
architectures for the automated deployment<br />
and scaling needed in the cloud era. It also<br />
offers businesses that all important API<br />
integration, allowing the use of traditional agile<br />
development tools within the cloud<br />
environment while providing consumption<br />
based pricing to support business flexibility.<br />
With this flexibility organisations can costeffectively<br />
deploy security at critical points in the<br />
cloud in addition to hybrid or multi-cloud<br />
environments and importantly throughout the<br />
development lifecycle. Cloud generation<br />
firewalls fulfil these needs by protecting an<br />
organisation's entire infrastructure, whether it be<br />
on premise, in the public cloud or distributed<br />
across both.<br />
As a result, there's no chance for any security<br />
gaps due to horizontal functionality, so whether<br />
you're migrating workflows or moving data<br />
storage, the firewall will rise wherever it's<br />
needed. Ultimately, migrating to the cloud<br />
means shifting how you think about security<br />
and it's important to review the security<br />
technology stack before migrating.<br />
Instead of struggling to control all network<br />
traffic, organisations should focus on protecting<br />
each application and workload with an<br />
appropriate level of security. This means<br />
deploying security in alignment with your<br />
current cloud consumption model and<br />
leveraging tools that allow you to build security<br />
controls into the development and deployment<br />
process.<br />
When these requirements are met,<br />
organisations can migrate to the cloud<br />
successfully and without compromising their<br />
security posture. NC<br />
26 NETWORKcomputing JANUARY/FEBRUARY 2018 @NCMagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK