Author: Lior Cohen, Senior Director of Products & Solutions, Cloud Security, Fortinet
Cloud adoption is increasing at a rapid pace as organizations look for new ways to process, store, and distribute information. For many organizations, deploying new cloud services is much easier than requesting a dedicated set of hardware from IT teams. Decentralized cloud adoption means different departments have the ability to source new cloud software or compute resources, or adopt new applications without burdening IT with requests. And because of the heterogeneous nature of this implementation, the use of various cloud providers in one organization is not uncommon.
While each of these use cases provides flexibility for organizations, they also come with risk. Highly distributed resources can be difficult to manage, and the risk of Shadow IT – online resources that store corporate data, but that IT is unaware of – can actually violate data privacy laws. In addition, individual cloud infrastructures and one-off applications expand the organization’s attack surface, introducing the risk of cyberattacks which can affect an entire organization. In other words, when an organization uses multiple applications, the potential for a serious breach is stronger than if a single application was deployed across the entire network.
This risk was the primary focus of a webinar conducted by Fortinet’s Lior Cohen, “Consistent Multi-Cloud Security: Bridging the Gap of Inconsistent Cloud Platforms.” Cohen breaks down strategies to help secure organizations adopting new cloud applications into three main concepts. This three-pillar approach is comprised of:
1. A unified set of security capabilities that can be applied consistently across all cloud platforms, resulting in a single, holistic security framework.
2. Native integration of each security solution into each cloud platform for maximum flexibility and the assurance of consistent behavior across each environment.
3. A single layer of consistent management and automation that spans the distributed network, ensuring that policy can be orchestrated across the entire decentralized and heterogeneous cloud environment.
Addressing the Challenges of Inconsistent Cloud Platforms
The constantly evolving threat landscape has resulted in the need for purpose-built tools designed to address a full range of risks across all network environments, including the cloud. In order to utilize these environments as effectively as possible, IT teams must be confident that there is the same level of security across all cloud platforms, otherwise the entire environment is exposed to the weakest link in the system. Achieving this level of effective cloud security, however, requires organizations to first establish and achieve a standard of visibility and control that enables operational efficiency while streamlining management.
In the webinar, Cohen breaks down seven common cloud security strategies to illustrate how organizations overcome these challenges:
1. Inside-Out IaaS Security
The benefit of Infrastructure-as-a-Service is that it includes a full suite resources, including hardware, network devices, and connectivity tools, that can all be accessed and managed from the cloud. While the components of this infrastructure are provided and maintained by cloud service providers, it’s up to organizations to protect their own cloud assets. Cohen explains that many customers overcome this challenge by implementing a consistent security policy which applies to IaaS deployments from the inside out – managed at the workload level, the network level, and the API level.
2. Cloud Services Hub
Organizations usually experience a lack of centralized security management, and therefore, reduced visibility and control – along with an inability to respond in a comprehensive fashion to a security breach – as a result of deploying multiple cloud solutions. By utilizing a shared services hub, however, IT teams are able to leverage the benefits of the cloud, such as elasticity, availability, and scalability, while enabling consistent security across all platforms. Additionally, as Cohen explains, this hub enables combining security capabilities in one location, making it easy to attach different VPC networks by using a VPN connection.
3. Remote Access VPN
Many organizations make the move to the cloud to enable access to information from anywhere in the world as securely as possible. Unfortunately, traditional remote access VPNs are not always able to meet these demands. By deploying solutions pre-configured with templates designed to enable secure remote access in the cloud, including things like dynamically adjusting the level of encryption used based on context – location of the enduser or IoT device, the data being accessed, etc. – organizations can more effectively leverage the global presence of a cloud infrastructure.
4. Hybrid Cloud
Leveraging public clouds as a supplementary infrastructure for on-premises data centers enables new ways of developing and delivering IT solutions across an organization. These hybrid cloud environments can present challenges, though, such as poor network visibility and complex security management. Securing hybrid cloud environments requires organizations to deploy consistent security policies across all infrastructures to ensure data is protected as it is transferred to and from the cloud, or as it is processed and stored in either environment.
5. Advanced Application Protection
Introducing new applications to the cloud not only presents additional security risks, but also forces organizations to continually ensure they are meeting compliance requirements. Using previously tested security applications and applying them to the cloud enables organizations to make this move with confidence. Before migrating, organizations should also consider solutions that secure web application APIs, enforce security policies, and detect various types of malware, both old and new.
6. Security Management from the Cloud
Organizations that employ legacy management tools will inevitably experience incompatibilities, especially when looking to deploy and manage them from the cloud. Leveraging the global availability of global cloud providers to deploy security management across multiple cloud regions will ensure scalability and improve operational efficiency, ultimately reducing cost and risk.
7. Public Cloud Usage Monitoring and Control
The public cloud has been widely adopted across the globe, yet misconfiguration continues to be a major cause of disruptions and unexpected costs. Overcoming this challenge calls for complete visibility over configuration changes – especially across multiple public cloud infrastructures – through a unified platform that simplifies compliance violation reporting.
Cloud adoption is continuing to rise in popularity due to the benefits this technology provides in terms of elasticity, scalability, and availability. Despite these benefits, organizations must be aware of the risks that can arise as a result of deploying disparate cloud environments. By understanding the challenges associated with the cloud, organizations can properly manage and make the most out of these infrastructures.
Steelcase, Inc. is one of Fortinet’s customer reference cases. Steelcase is a world-renowned manufacturer of office furniture and related equipment. Based in Grand Rapids, Michigan and founded in 1912, the company markets its furniture and equipment under three primary brands: Steelcase, Turnstone and Coalesse. Steelcase uses a network of independent and company-owned dealers for distribution, as well as selling directly to end customers.
As one of the earlier adopters of virtualization and cloud-based solutions, the company has repeatedly utilized new capabilities to drive its business forward. “We use the Microsoft Azure platform for our web infrastructure but we’re not simply just a customer: We entered into a strategic relationship to partner on initiatives that have to do with understanding the nature of the workplace and how to help people interact with it more effectively.”
The company has deployed many Fortinet’s solutions including FortiGate next-generation firewalls, FortiMail secure email gateway. Developers at Steelcase gain access to Azure environment by using VPN tunnels established between on-premise FortiGate and combination of the FortiGate-VM for Azure and cloud-based FortiWeb VM web application firewalls.
Stuart Berman, global security architect, Steelcase reveals, “Our strategy is to use Fortinet to supplement gaps in the Microsoft and Amazon products, such as the lack of loggin or analytics for outbound traffic, and the presence of rudimentary firewalling or inbound data. It makes sense to use a common Fortinet platform for both the Microsoft and Amazon cloud service platforms: doing so gives us the protection we require and economies of scales as we don’t have to learn and maintain two different systems.
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network – today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 400,000 customers trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.