Deconstructing Distributed Security

Put Security On The Edge When Expanding Into a New Market

Guido Coenders

In this segment of our Deconstructing Distributed Security series, we explain how advances in service deployment give data security professionals and network architects unprecedented ability to deliver security on the edge in support of market expansion.

Cloud Accelerates Market Expansion Without Significant Infrastructure Investments

A major benefit of evolving from legacy infrastructure to cloud-native solutions is the implementation speed for new applications and services. Cloud technologies allow enterprises to quickly establish a presence in new markets and drive additional revenue without significant infrastructure investments.

Evolution From Single to Multicloud Environments Is Not Unusual

When enterprises begin the journey to the cloud, a single cloud provider typically meets their needs. Later, with opportunities to expand into new markets, they often discover the limitations of a single cloud provider. As a result, they contract with additional cloud providers who support required software applications, offer an in-country presence to meet data privacy requirements such as GDPR or offer better SLAs for the new market.

You Likely Have More Cloud Environments Than You Think

When we ask clients to inventory the number of cloud environments they are using, it’s often many more than they had expected. It includes major platforms like AWS, Azure, Google and Oracle to support various geographies and different applications, enterprise software such as Salesforce, ERP and HRM, collaboration tools like Slack, and discipline-specific applications such as AutoCAD, resulting in any number of private, public or hybrid cloud environments.

Efficiently Deploy and Manage Security on the Edge

As the number of cloud providers grows, the operational and economic advantages of cloud technologies give way to the reality of managing multiple cloud environments and securely maintaining data across these environments. Fortunately, virtualization is helping enterprises address the complexity of securing data across multiple, widely distributed cloud environments. Virtualization replaces purpose-built security devices like HSMs and firewall and SD-WAN appliances with software that provides equivalent functionality.

 

Get Security Control for All Clouds

See how Equinix SmartKey, offered on cloud-neutral Platform Equinix™, simplifies data protection across any cloud architecture.

Start Your Free Trial
smartkey-key-lock-dark-1-300x200

Challenges of Encryption Key Management in Multicloud Environments

Encryption is the foundation for data security, but how you meet the need has a profound effect on the ease of deployment. An enterprise is likely to require several different HSM brands to manage encryption keys in different cloud environments. Key management services (KMS) are available from major cloud providers and can be deployed on-demand, but only for the specific environment. Learning and managing several different HSM or KMS products only adds to the demands of an already overburdened data security staff.

Encryption Key Management Deployed On-Demand

Encryption key management as a service can be deployed on-demand and works with major cloud environments. With a cloud-neutral, key management as a service solution such as SmartKey™ from Equinix, enterprises have a single, centralized solution to manage the entire encryption key lifecycle, regardless of where encryption keys are being used.

SmartKey delivers security at the edge, locating encryption services close to the data they protect to minimize latency and deliver optimum performance. SmartKey also offers the added advantage of maintaining encryption keys in a separate environment from the cloud provider. As a result, only the enterprise (not the cloud provider) has complete control and access to the keys, thereby providing a higher level of data security than can be offered by HSM or KMS key management solutions.

Virtual Functions Further Enhance Data and Network Security

Enterprises can further enhance network security with the strategic deployment of virtual network functions available via Network Edge from Equinix. Virtual firewalls and SD-WAN require no hardware procurement or provisioning and can be located to enhance security at the edge while simultaneously optimizing network performance. 

Virtual Firewalls Protect Corporate Data

Equinix offers firewall virtual network functions from market-leading vendors such as Palo Alto Networks, Juniper Networks and Fortinet. An enterprise can protect critical information in corporate data centers by placing a virtual firewall between any corporate apps and the public cloud. This is a best practice to prevent attacks via public-facing applications hosted on cloud environments.

Virtual SD-WAN Extends Network Security to Remote Locations With  

Equinix offers virtual SD-WAN from Cisco and Versa, enabling enterprises to deploy network security and policies to remote locations while maintaining centralized control. SD-WAN supports granular security control, providing end-to-end segmentation to protect critical enterprise IT resources by:

  •       Defining security policies based on applications in conjunction with packet-filtering provided by firewalls;
  •       Establishing independent security zones and policies based on workflows; and
  •       Incorporating intrusion prevention, DNS layer enforcement and URL filtering capabilities.

The clear advantage of the virtual network function strategy is the ability to quickly deploy and scale these functions in anticipation of (or in response to) changing business demands.

Platform Equinix Facilitates Security on the Edge

Enterprises planning expansion into new markets can accelerate time-to-market, significantly reduce CapEx required to establish a remote presence, and remotely maintain the required data and network security via virtualized services.

Equinix facilitates rapid deployment and centralized management of these services via Platform Equinix™, the world’s largest platform of interconnected data centers and business ecosystems. Platform Equinix provides secure, high-performance connections to more than 1,800 network and 2,900 cloud providers.

SmartKey is deployed on-demand on Platform Equinix, allowing key management services to be located close to data, applications and users. Network Edge from Equinix is a digital marketplace of virtual network functions that are pre-integrated with interconnection ecosystems on Platform Equinix.

Gain Hands-on Experience in Deploying Security on the Edge

Data security professionals can learn how easily key management services can be deployed by registering for the free SmartKey trial. Network architects can explore the wide range of virtual network functions available by registering for a free Network Edge trial.

Enterprises planning to expand their presence and applications into new markets will benefit from virtualized security capabilities available from Equinix and the global reach of Platform Equinix. Its deployment speed, centralized management, and a presence in more than 200 metros enables enterprises to deploy security on the edge to protect critical data and network infrastructure.