Current Filter: Network>>>>>Opinion>

   

The cloud promises a lot of benefits, including remote access to essential files, streamlined collaboration capabilities and a reduced burden on in-house IT teams. However, in the rush to migrate to the public cloud businesses can find themselves confronted with a void between their existing on premise security and the security that they need from the cloud.

THE CLOUD FRONTIER
Virtual security appliances have existed for a number of years, offering services including deep packet inspection in a portable, easily-deployed format for private cloud and virtualised data centres. But as public cloud solutions such as Microsoft Azure have advanced, protecting business-critical applications in these environments has become a significant challenge for corporate IT teams.

While Azure and its peers provide top-notch network hardware security, when it comes to workload-specific security such as protecting application traffic from exploits, implementing anti-malware solutions or defending against sophisticated targeted attacks, cloud vendors cannot serve up an appropriate solution. The dearth of application-layer support has left tenants exposed when they place data-driven applications within virtual machines hosted in the cloud.

DON'T LEAVE SECURITY BEHIND
While on premise security devices such as firewalls, VPNs and IPSs provide a robust security exterior, applications within cloud environments have only the basic protection afforded by the shared services, or those included in the server operating system. Cloud operators cannot distinguish between what constitutes a customer's normal operations or malicious traffic. In order to address the cloud security needs, IT teams must deploy new layers of protection through a virtual security device residing within the tenant environment.

A next generation firewall can leverage its application visibility and user awareness to manage traffic and bandwidth intelligently, and can help IT administrators to re-establish network control.

BRIDGING THE VOID
A cloud-based virtual firewall can offer a number of security requirements in the cloud. Some of the important ones include:

Secure data centre: A virtual firewall can filter and manage traffic flowing to or from the Internet, between virtual networks or between tenants, to secure the virtual data centre. It can also securely extend a physical data centre to the cloud - particularly relevant if you are migrating solutions to the cloud and therefore require secure connectivity between the cloud environment and local infrastructure.

Secure remote access: While the standard tunnels used to configure VPN gateways are secure from an encryption and privacy standpoint, they do not provide the level of control that many IT services have come to rely on through their hardware-based firewall. A virtual firewall can provide the advanced access policy, filtering and connection management that is necessary to provide client access to the cloud. As for encrypted content, the virtual firewall can ensure that all data, regardless of source or destination is subject to the same protective measures that would exist with an on premise hardware-based firewall.

Identity: Most cloud platforms are not designed to intercept malicious intent and so a virtual firewall is crucial in maintaining integrity and confidentiality of applications and data. It should integrate with most well-known access control providers and offer a broad range of granular policy-based filtering tools.

Management: Cloud vendors will typically provide tenant isolation and security but a cloud-based virtual firewall is needed for effective management of the tenant environment. It will manage performance, usage, visibility, reporting, configuration and the other capabilities that are normally associated with on premise management tools.

Securing applications and data in the cloud is far easier with specialist tools that are dedicated to the task. A cloud-based application firewall can provide security where the application and data reside and bridge the void between on-premises network protection and cloud security needs. NC