It goes without saying that the cloud has changed the way businesses build, deploy, manage, and collect data. The shift toward the cloud means enterprises need to put resources closer to users and clouds to address latency issues and address security requirements without compromising performance.
As IT services are located closer to clouds, enterprises are increasingly considering multicloud architectures to deploy their workloads. According to a recent report from Flexera, 92% of enterprises have a multicloud strategy. These strategies are turning into real-world deployments, as more businesses are adopting this architecture and interconnecting to multiple clouds to better migrate and manage hybrid multicloud workloads. In fact, on average, organizations are currently using 2.6 public and 2.7 private clouds, in addition to experimenting with 1.1 public and 2.2 private cloud platforms.[i]
The simple truth is that the more complicated and interconnected things are in a system, the more difficult they are to secure. Therefore, I want to take a moment to discuss some of the security challenges of protecting a multicloud environment and the tools and solutions available to secure data, applications and cloud services.
Modernize your network, deploy digital ready infrastructure at the edge virtually, in minutes
Network Edge provides virtual network services that run on a modular infrastructure platform, optimized for instant deployment and interconnection of network services. See how you can select, deploy and connect virtual network services at the edge in minutes, with no additional hardware requirements.Learn More
In a nutshell, enterprises need to implement similar controls that have previously existed onsite or in an enterprise’s private domain — but do so in a multicloud-oriented approach to establish a strong security posture at all levels of the architecture. A new set of security guardrails and a “trust nothing” (i.e., zero-trust) model are required to protect enterprises as this transformation takes place. These new security guardrails must be implemented in a neutral location, proximate to users, data and content, with high availability and reliability.
To accomplish these objectives, a security strategy that safeguards the multicloud enterprise must include:
- Visibility into traffic that traverses the clouds, networks and the enterprise environment
- Integrated control and management of that traffic via consistent security policies across all cloud environments
- Access controls that enable and track user access to corporate resources and workloads
Each of these aspects is discussed in more depth below:
Application components distributed across multiple cloud environments can be quite complex. As a result, they require dynamic and adaptable approaches to traffic monitoring, along with algorithms that yield security insights, detect intrusion and automate effective responses when threats are detected. This leads to the need to monitor, log and evaluate all traffic across multiple cloud environments, applications and services.
By deploying distributed monitoring capabilities and automated event processing at the edge of the clouds, enterprises will be able to meet this requirement. They will see all traffic traveling across network segments, cloud services and applications, and within the enterprise. This will enable them to identify security threats that can then be acted on in real time.
Converting visibility into relevant action is critical. This takes place through consistent policies for all clouds across an organization’s systems. It is important to point out that, while an unlimited number of new security policies can be created, consistently enforcing them throughout the organization is not so easy. Much of the data and user activity to which organizations need to apply those policies is outside of their security perimeter and is not visible. It may be known that incidents are occurring, but there is no broad enforcement capability (other than manual processes) to identify and stop them.
As a result, a clear set of security policies that take into account the individual constraints of each cloud environment, with procedures in place to remedy security issues and safely process data, is a must.
These policies need to be located adjacent to the clouds, as enforcement must take place in real time and at the closest point to where most attacks are likely to be initiated. Along with improved performance and scalability when applying these controls, security policies can then be adjusted, also in real time, for the constantly changing nature of enterprise applications.
When it comes to controlling user access to applications and services, it’s easy to make a mistake in a multicloud environment because there are many interdependencies between individual clouds, user groups, and processes. This begs the question of who should have access to what resources and workloads? In a typical zero trust model, each user or process should only have access to those resources that are actually needed, and no more. Enterprises must also ensure that permissions are continually updated as users and data are constantly changing.
How Equinix and Check Point help enterprises take control
To increase the level of security in a multicloud environment, enterprises need to implement tools that include unified threat prevention to detect activity anomalies across any cloud and workload, automation including auto-provisioning and auto-scaling with automatic policy updates as well as high fidelity posture management to help comply with regulatory and industry standards.
Today we’re excited to announce that Equinix helps deliver these security capabilities for multicloud architectures by adding Check Point CloudGuard Network Security to our Network Edge services. With Check Point CloudGuard Network Security running on top of Network Edge, organizations are able to extend Check Point’s threat protection technologies to and from their public cloud on-ramps and on-premise infrastructure. This can be accomplished in a single-solution implementation across all these environments, deployed in minutes (rather than weeks or months), with no additional hardware. Network Edge can be leveraged for new CloudGuard deployments or as a way to quickly extend existing CloudGuard implementations.
Check Point CloudGuard Network Security’s multilayered security architecture protects against even the most sophisticated attacks, effectively preventing the lateral spread of threats within virtualized environments and private cloud data centers. Their unified management console delivers security consistency along with complete threat visibility and control to dramatically simplify policy management across both virtual(public/private/hybrid) and physical networks.
Even organizations with on-premises security that are starting their migration to a multicloud architecture, receive unified and consistent security management of all their on-prem and cloud environments. And as they move through their digital transformation, companies will experience the easiest, quickest and most secure cloud migration with lowest total cost of ownership.
Learn how Network Edge can modernize your network.
You may also want to read more about the benefits of CloudGuard Network Security.