4 Ways to Mitigate Risk with Multicloud Networking

Cloud services can support resilience and business continuity, but only if you can connect to the right services in the right places

David Tairych
4 Ways to Mitigate Risk with Multicloud Networking

Recent events have highlighted the importance of resilient digital infrastructure. Many companies have learned the hard way that they must be proactive about remediating risk and ensuring continuity. Working with the right partners can help, but it’s ultimately up to them to ensure their own systems will be ready when and where they need them.

Public cloud services may not be perfect, but they can play an important role in reducing risk and improving resilience. They offer built-in scalability and geo-redundancy by default, and they make it easy for enterprises to diversify their infrastructure. But again, it’s up to cloud customers to ensure they’re connected to the right services in the right places.

That’s why effective multicloud networking is an essential part of resilient digital infrastructure. The ability to move data freely between clouds and on-premises environments can help ensure you’re not over-relying on one cloud in any one location.

Just as my Equinix colleague recently explored four ways multicloud networking can optimize application performance, this post will look at four ways multicloud networking can limit risk in your digital infrastructure. At Equinix, we offer infrastructure solutions that make it easier for our customers to capitalize on these use cases.

1.    Develop backbones for business continuity and resiliency

Distributing services across multiple environments is key to mitigating risk, as it reduces your dependence on any one environment. However, to realize the value that distributed infrastructure promises, you need a robust multicloud networking strategy. You need strong global connectivity across different locations and clouds, so that you can easily shift workloads and data whenever the need arises. In short, you need a global multicloud networking backbone.

The challenge is that cloud workloads need to move quickly, especially if you’re responding to a disaster or unplanned outage. Building a network backbone with traditional telco services is very time-consuming. You’d have to start building the network well before you need to use it, which of course isn’t always possible. To enable multicloud disaster recovery, you need the flexibility to set connections after an unexpected event occurs.

Virtual networking enables this flexibility. For example, Equinix Fabric® Cloud Router makes it easy to build a global IP-WAN network at cloud speed. You can spin up a virtual router in any of our 55+ locations, and then attach it to the Equinix Fabric backbone for global connectivity in a matter of minutes. If you need to adjust your network infrastructure in the aftermath of a disaster or service outage, Fabric Cloud Router makes it easy.

2.    Take control of your data

Legislation governing data privacy and sovereignty is proliferating in jurisdictions throughout the world. Enterprises need a proactive strategy to avoid placing themselves at risk of non-compliance penalties and reputational damage. In addition, they need to maintain the control to move data between providers cost-efficiently, avoiding high egress fees that can result in vendor lock-in.

To execute your data management strategy, you need to evaluate your data real estate and understand the unique requirements of all your different workloads. You may find that keeping some workloads in cloud adjacent infrastructure can help you maintain the control you need. Using cloud native storage for every workload could mean giving up control over your data in a way that puts your organization at risk, especially if you need that data accessible elsewhere.

However, there are still advantages to cloud storage when used for the right workloads. For instance, the cloud provider might replicate your data across regions to help ensure resiliency. This is great for some applications, but not for those that require knowing the exact location of the data. It is also an important consideration for the mobility of your data, where it might need to be accessed by multiple resources across many environments and locations.

To maintain control over your mission-critical data, the solution is to put it near the cloud, but not in the cloud. By placing compute and storage infrastructure in proximity to multiple cloud providers—and deploying dedicated network connectivity to those clouds—you can use the cloud on your own terms. You’ll be able to take advantage of best-of-breed cloud services from multiple providers without having to give up control over your data.

As the global market leader in low-latency cloud on-ramps, Equinix makes it easy to get close to cloud providers in the right places. You can use Equinix colocation services or Equinix Metal® to deploy cloud adjacent infrastructure where you need it, and then use Equinix Fabric and Equinix Network Edge for dedicated, flexible multicloud networking.

3.    Address cybersecurity concerns

One reason digital infrastructure is so difficult to protect is that cyber-criminals see it as the valuable asset that it is, and are targeting it accordingly. Just as attackers are stepping up their efforts, you need to step up your efforts to protect against those attacks. An effective strategy to achieve this is to make workloads and data available across multiple locations, removing any given instance as a single point of failure should cyber-criminals choose to target it.

Taking advantage of multicloud networking to back up and replicate data in many different environments can help. Building a global IP-WAN with Fabric Cloud Router is one way to do this. Since it allows data to move directly between cloud providers and across the globe, it’s easy to get the reliable data backups you need. Spreading out your data backups can help make you less vulnerable to attacks in any one location or cloud.

You can also use Equinix Fabric to enable air-gapping that protects against distributed denial-of-service (DDoS) and ransomware attacks. You can set a virtual connection that acts like a “digital drawbridge.” The VC stays active for long enough to complete batch uploads from your primary cloud site to your data backup environment. After the upload is complete, the connection is deleted. This ensures you’ll always have current data backups available to help you recover from a cyberattack, and that there’s no risk of the attack spilling over from your primary site to your backup environment.

4.    Protect your most valuable data

Many enterprises see public cloud as the logical place to start their AI journeys. It allows them to easily acquire the scalable compute capacity needed for model training without having to worry about implementing high power density and advanced cooling techniques in their on-premises data centers.

However, there’s risk involved with putting this data in the public cloud. The compliance and mobility concerns mentioned earlier would certainly apply to AI datasets, but there’s also the risk that data trained into models running on public infrastructure could then be exposed by those models. In fact, the risk comes not just from using internal data for training, but also from employees leveraging public AI tools with sensitive data. For example, Samsung banned its employees from using ChatGPT after it discovered an accidental leak of sensitive internal source code.[1]

To keep sensitive data safe, many enterprises are turning to private AI. This means building proprietary models, hosting them on private infrastructure and training them with internal datasets only. While public AI requires moving data to the models, private AI is about moving models to the data. This allows companies to use their data for training purposes while still keeping it within their security domain.

This doesn’t mean that organizations need to forgo public cloud for AI altogether. In fact, a hybrid approach of both private AI and public AI could deliver the best results across diverse workloads. For instance, running a generic chatbot on public cloud would allow you to take advantage of flexible, scalable cloud infrastructure without adding excessive risk. However, a ChatGPT-style LLM that can reference sensitive internal content needs to live on private infrastructure. Once again, placing infrastructure adjacent to the cloud with strong multicloud connectivity can enable the free flow of data, ensuring the right datasets can securely reach the right environments—public or private—to meet the needs of different AI services.

Learn more about how flexible multicloud networking can help limit risk

When you’re trying to navigate a complex threat landscape, the last thing you want is to learn an entirely new way of doing things. That’s why Equinix partners with leading vendors, allowing customers to access tools they know and trust on Equinix infrastructure. They can manage these tools the same way they would in their own on-premises environments, so there’s no lengthy start-up period or new learning required.

For example, VMware Cloud Foundation on Equinix Metal allows customers to build a complete infrastructure solution—with flexible storage, VMs and multicloud networking—that they can manage in an architecturally consistent way. It gives enterprises the control they need to manage certain workloads and data on private infrastructure, while also connecting to multiple public clouds when it makes sense to do so.

One way that Equinix customers have used this kind of cloud-like solution is to enable continuity while they migrate away from their on-premises data centers. They can build a complete digital twin of their data center, and then use it as a tertiary backup until the migration is complete. This allows them to navigate the complexity of a data center migration without having to interrupt their ongoing operations.

To learn more about what effective multicloud networking looks like, read our guide: 7 Key Questions to Ask when Architecting a Multicloud Network.

 

[1] Siladitya Ray, Samsung Bans ChatGPT Among Employees After Sensitive Code Leak, Forbes, May 2, 2023.

Avatar photo
David Tairych Principal Solutions Architect
Subscribe to the Equinix Blog