Securing the Unsecurable in Interconnected Digital Technology: Part I – Interconnection Oriented Architecture

Gregory Lebovitz

Let’s get this out of the way, because I know what you’re thinking: What is digital technology? Apart from being a marketing term, what does it really mean, especially for those in applied IT and InfoSec? Sure, digital is a base two process operating on information in binary code of zeros and ones. From a business perspective, however, the term refers to the digital representation of anything we can view, access or interact with. Most of the information we sense is analog in nature-the hardness of a surface, the brightness of a light, the smell of a flower. In business, most companies have traditionally sold products and interacted with their customers in predominantly analog ways. Digital technology is the massive market transformation that occurs when companies race to sell digital products-in other words, products that can be used by digital devices such as mobile handsets, tablets, laptops and wearables-or to allow for digital experiences of otherwise analog offerings. As an example of the latter, consider the sale of a home: The product-the home-is 100% analog and physical, but one might take a tour through it by way of a virtual-reality 3D headset without ever leaving one’s own living room.

Digital technology benefits suppliers and consumers

Advances in the use of digital technology have improved customer experiences in most industries. Look around-there isn’t a day that we’re not benefitting, as individuals and as a society, from recent advances in digital technology, whether by using an innovative application or by discovering a disruptive digital service capable of transforming some aspect of our daily routine. Amazon’s business model is a great example: What started with the simple concept of buying a physical book from an online storefront has since transformed into a global digital marketplace for millions of digital and non-digital products alike. Amazon now sells more digital books-ebooks-than physical books. Amazon brings the global economy to anyone with an internet connection: You can find an item, order it and have it delivered to your door with less effort than it would take to drive to the nearest retailer. That’s a boon to customers who want to minimize car trips, and a game-changer for those who live in remote parts of the country.

Amazon’s innovative culture developed Echo, a smart speaker used in conjunction with Alexa, a virtual voice assistant, to make it easier to manage your home. This means greater home efficiency for you, but did you know Amazon Echo owners increase their usual spending on Amazon products by an average of 29% percent in the year following the purchase of an Echo? Echo offers greater convenience for the customer-and greater profitability for Amazon. Innovations in digital technology greatly benefit both the supplier and the consumer.

Innovations like these are enabled by continuous improvements in digital technology, such as faster processors, the development of on-board solid-state storage, 100 Gbps Ethernet, 5G cellular and ubiquitous WiFi coverage for mobile devices, massive storage arrays to hold big data, and AI-assisted analytics. All of these are available by the second with cloud elasticity.

Cloud changes everything

Cloud technology is powerful because it frees a business to focus on their products and on the digital transformation that will enhance the experience of their customers. The app, the code, the service, the content and the creative methods for digitally bringing products to customers are what will increase revenue and decrease costs-in other words, improve profitability-while reducing competitiveness in their core business. That core business is what they want to-indeed, what they need to-focus on. By leveraging the cloud, a business unit is freed from concerns about space, racks, physical devices, power, cooling, cabling, hardware upgrades, failures and capacity planning; it’s also freed from concerns about all the people, processes and tools associated with managing all that. With the cloud, all those elements are immediately available and elastically scalable. The time and resources that would have been spent on all those physical things-those analog things-can be repurposed to their core value. The cloud is a huge game-changer in digital technology.

Migration of the processing workloads of applications, and their storage, into cloud environments, whether private, public or hybrid, is a massive undertaking: Virtustream’s 2017 Cloud Migration: Critical Drivers for Success report warns, “While many businesses associate the cloud with cost savings, underestimating the resources involved in cloud migration can quickly cause costs to spiral out of control.” Much of this cloud-ization is occurring in public Infrastructure as a Service (IaaS) and Software as a Service (SaaS) providers. On average, an enterprise employs more than four cloud service providers. The more providers an enterprise uses, the more complex the architecture becomes, with more and more elements and objects needing to be managed.

Interconnection Oriented Architecture emerges necessarily

As applications, processing and storage get peppered across the public IaaS and SaaS providers, the traditional data center turns inside out. The heart of the private data center-traditionally the core of the application and data infrastructure-becomes just one of many appendages of the overall architecture. The emerging core is the interconnection hub sitting in colocation data centers that acts as a transfer point between campuses, private data centers, public IaaS and SaaS clouds, Internet-bound users and remote offices.

To simplify the inherent complexity of operating multicloud environments, enterprises must employ an architecture that both supports the services provided by digital technology and meets enterprise performance requirements without sacrificing security. The needed level of performance for real-time interactions can be achieved via Equinix’s Interconnection Oriented Architecture®, also known as IOA. IOA provides segmented, direct, private, secure connections between the applications, data, IaaS/SaaS providers, suppliers, sites, customers and employees of an enterprise, regardless of location-on-premises, remote, or public or private cloud. It allows you to integrate hybrid and multicloud infrastructures that service internally-facing and publicly-facing users, regardless of their geographic location. With IOA, enterprises bypass the public Internet and instead exchange all traffic directly between the on-premises network, the cloud providers, remote sites and customer-focused eyeball networks-networks in which users view and consume content-via ultra low-latency interconnections local to their co-location footprint. Using IOA, enterprises enjoy ten times the bandwidth with one-tenth of the latency at two-thirds of the cost of the legacy, campus-centric architecture. It’s no wonder IOA adoption is one of the fastest-growing trends in the digital-technology transformations of enterprises.

Rapid migration to cloud environments and the growing digital economy-IDC predicts 50% of global GDP will be digitized by 2021-is creating ever-greater demands on bandwidth, connectivity, data storage and cybersecurity. The Equinix Global Interconnection Index Volume 2 explores the impact of each of these factors and explains how global enterprises can effectively address these challenges.

A new architecture demands new security controls

The new digital business models and services described above have greatly enriched the digital economy’s bottom line-which means they’re now targets of fierce cyberattacks. Along with the new architectures inherent in cloud adoption comes a need for security controls that effectively fit those new architectures. Just as you can’t refill an electric vehicle the same way you refilled the gas tank of a petroleum-based car, you can’t enforce your required security controls in a cloud architecture using legacy mechanisms and tools that you employed in a physical private datacenter.

Enterprises are struggling to learn how to implement security controls against their hybrid, multi-cloud designs. The various applications that combine to deliver cloud-based digital services-some of which are homegrown, some of which are off-the-shelf, and many of which are cloud-delivered services themselves-create complexity in a way that legacy security tools don’t quite fit. The question of how to apply a basic framework of security controls, such as National Institute of Standards and Technology (NIST) controls, to a hybrid, multicloud architecture is still emerging. The more providers an enterprise uses, the more complex the environment becomes, and the more security risks it accumulates.

In multiple analyst reports, enterprises cite security as the primary hindrance to production cloud adoption. App and server teams are often eager to proceed with production cloud deployments, but security and risk management teams put on the brakes until they see clear evidence that their security controls requirements-and often regulatory compliance-can be met.

Bypassing the public Internet and instead exchanging all traffic directly between the on-premise network and the cloud makes it easier to implement a set of cloud security controls to examine, segment, inspect, filter, direct and encrypt all incoming and outbound traffic in real-time. Cloud interconnection control points in IOA interconnection hubs become the only place where many controls can be implemented effectively. More than that, an enterprise needs an architectural construct-a network place-that is neutral and distinct from any one cloud provider in order to place the control mechanisms that enable it to safely practice cloud agility. These are called IOA control points; they reside in your interconnection hubs, which are often geographically dispersed as you bring data and apps closer to user populations. This is known as the IOA Controls Framework-the most important control mechanisms enterprises are employing in their migration to hybrid multicloud, and the best practices they’ve learned along the way. These may be found in Equinix’s IOA Knowledge Base.

Protect Your Interconnected Digital Technology

There’s no doubt that rapid advances in interconnected digital technology are making lives easier by providing individuals and businesses with convenient and accurate sources of up-to-the-second information and giving them access to time- and money-saving services. But in order to reliably provide these services and avoid the potential hazards inherent in delivering them via multicloud environments, enterprises need to take advantage of the capabilities and benefits of cloud-neutral key management services.

Equinix, a leader in global interconnection, has state-of-the-art data centers to help you integrate and control your IT infrastructures at the digital edge. Encryption keys are fundamental to the security of volumes of data managed in multicloud environments; SmartKey, offered by Equinix, efficiently manages encryption keys and provides cloud scalability, secure key generation, storage, life-cycle management, encryption and tokenization services. SmartKey simplifies encryption key management from the very start. Register for a free trial to see how simple it can be.

Advances in digital technology have greatly improved myriad aspects of daily life, but the services and data that enable these advances are under constant threat. Together, Platform Equinix and SmartKey help global enterprises avoid the potential hazards of interconnected digital technology.

Part II of this blog will discuss the fundamental technological building blocks in the IOA Controls Framework: cryptography and, more specifically, the critical role of generating, sharing, storing and refreshing the keys and secrets that are the very seeds of healthy cryptographic operations, such as authentication and encryption. We’ll also explore how to position and deploy secret/key generation and life-cycle management specifically in support of delivering a hybrid multicloud architecture.