SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Successful cloud transformation requires collaboration on network strategy
Fri, 13th Dec 2019
FYI, this story is more than a year old

With organisations increasingly embracing cloud-based computing platforms, having an effective network strategy that addresses performance and security is becoming ever more important.

Unfortunately, this doesn't often happen.

In many cases, attention is given to implementing a particular application without considering the effect on the network and its security.

Such an approach can lead to poor performance and spiralling operational costs.

The problem is that legacy corporate networks were not designed to meet the needs of the cloud.

A traditional hub-and-spoke designed network does not allow users to directly connect to cloud-based applications.

Whether working in the main office, at a branch location or remotely, users must rely on links that always take a detour via the corporate data center.

This results in network latency because connecting to the internet (and the cloud) is never made using the shortest or most time-saving path.

Such convoluted paths can also result in higher-than-anticipated costs.

Traffic from remote users may go through MPLS connections several times on its way to and from the cloud-based application.

Also, the resulting increase in internet-bound traffic can increase network costs.

Many organisations find that deploying platforms, such as Microsoft Office 365, can significantly increase their network traffic.

This increase can degrade network performance and lead to user frustration when the application does not perform as well as expected.

That's why Microsoft recommends direct internet connections at each location, providing employees with the shortest possible path to the cloud.

Security by design

To successfully deploy cloud-based applications, organisations must first design and build a cloud-ready network – and an important element to this process includes making changes to the existing security infrastructure.

Current security measures, designed to provide protection to centrally located applications and data, can't provide the level of protection needed in the world of the cloud.

An organisation's security team must be invited to the table when a transformation project is in the early planning stages.

This will allow the specific security requirements of the cloud to be carefully considered and implemented.

Along with increasing data traffic, there will also be new requirements for an organisation's security infrastructure as applications move to the cloud.

For example, if an organisation decides to provide local internet connections, security must also be maintained locally because the traditional approach will be insufficient.

It simply wouldn't be possible to install stacks of security appliances at each site, as the cost and administrative overheads of such a move would be prohibitive.

A better approach to securing these local internet connections is to employ a security stack in the cloud.

This stack would provide all the necessary security modules, from next-generation firewalls to cloud sandboxing and data loss prevention capabilities.

Security in the cloud

Taking advantage of cloud-delivered security as a service can significantly reduce an organisation's administrative burden.

Cloud-based security can also readily scale to cope with increases in data traffic while ensuring the most efficient path for business-critical applications is available at all times through bandwidth management.

It's important to take sufficient time at the start of a planned cloud migration project to consider the implications such a project will have for network design and security.

Focusing only on the application will lead to unforeseen problems, including lower performance, higher costs and frustrated users.

Having all parties involved in planning from the outset will ensure these problems are avoided and the true benefits of the cloud are achieved.