Extending the Security Fabric into Cloud IaaS

Credit to Author: John Maddison| Date: Mon, 17 Apr 2017 09:03:17 -0700

The volume of data that organizations now need to consume and process is growing exponentially. As a result, nearly all organizations have moved some part of their infrastructure, data, or applications to the cloud, seeing it as essential to their long-term success. This ranges from simply adopting public cloud SaaS tools such as Dropbox and Salesforce.com, to extending their network through cloud-based IaaS solutions such as Amazon AWS and Microsoft Azure. IaaS services provide on-demand resources, including management applications and services, without the attendant overhead associated with building and maintaining infrastructure.

All of these options have a common goal: to simplify, accommodate, and accelerate the storage, transfer and management of increasing volumes of data. Unlike anything before it, the cloud provides organizations with dynamic resource allocation and on-demand services while only requiring that they pay for the resources that are used.

The challenge is that networks and data are becoming increasingly distributed and complex. 82% of organizations with a cloud strategy have adopted a hybrid architecture of both private and public cloud ecosystems. Which is part of the reason why so many cite integration between these networks, a growing cloud networking skills gap, and managing security across different environments as their top concerns.

The truth is, most IaaS providers don’t include anything beyond native Layer-2 access security by default with their solutions. Other security needs to be obtained through a variety of third-party vendors who provide cloud-based security services on some sort of payment schedule. Just as with traditional security, the selection is broad and growing, and many organizations struggle to determine which options are best for them.

Decisions about cloud-based security cannot be made in isolation. When considering IaaS security, it is critical to not only determine whether the solutions being considered can provide adequate cloud security services, but also whether they are compatible with the security that has been deployed throughout the rest of the infrastructure.

From a security perspective, the primary challenge is how to establish and maintain consistent security policy and policy enforcement as data moves back and forth between traditional, private cloud, and public cloud environments without overcomplicating the security infrastructure. What organizations need is a single risk management framework that provides visibility and control from remote users and the Internet of Things, across traditional and software-defined networks, and out to the most disparate cloud services.

To solve this problem, two things need to happen.

First, building out an entirely separate security framework for a public cloud environment introduces unnecessary complexity and management overhead. To keep things manageable, organizations need to find and work with a service provider who can provide the same security technology being used in-house to the remote cloud environment. Which also means that organizations need to deploy an in-house security solution that has been widely adopted by the service provider community.

And second, they need to adopt a cloud-based security management and orchestration strategy that allows them to pass policy and security intelligence seamlessly between security devices deployed across distributed environments, whether local or remote, physical or virtual, or owned or in the cloud.

The recent release of FortiOS 5.6 extends the Fortinet Security Fabric into the IaaS infrastructure, enabling organizations to not only simplify and expand their visibility and control deep into the cloud, but also enhance and integrate their total security profile through the automated, rapid sharing of threat intelligence. The correlation of IoCs and networking logs, for example, help pinpoint new threats, and enhanced automation accelerates and improves the mitigation of those threats across the expanded threat landscape.

Fortinet provides a wide array of fabric-enabled security solutions custom-built for both Amazon AWS and Microsoft Azure environments, including Next-Gen Firewalls, WAFs, email security, and sandbox technology. The latest release of FortiOS 5.6 not only extends orchestration and automated across these tools to more quickly identify and resolve security issues, it also allows them to be integrated into a single pane of glass management infrastructure that can extend granular visibility across your entire ecosystem of distributed networks.

In addition to integration, Fortinet solutions also provide up to 32X greater performance over similar individual technologies. Breadth of integrated deployment, record-setting performance, and automatic scaling, orchestration, and response ensure that your cloud infrastructure is every bit as secure as any other element of your network.

By driving the Security Fabric deeper into the cloud, Fortinet has extended visibility and control across the breadth of your organization’s entire attack surface, and helps ensure that regardless of where you take your network, you will never have to choose between growing your critical business operations and protecting them.

https://blog.fortinet.com/feed