Moving to the cloud means rethinking network security

519 readers like this.
CIO Cloud Strategy

Many organizations are moving critical data and applications to the cloud, but securing them with systems built for an on-premise world. That approach comes with a warning from Paul Gampe, CTO of Console, a platform that allows organizations to connect to each other's networks without using the internet. In an interview with The Enterprisers Project, he explains the risks and how to address them.

CIO_Q and A

The Enterprisers Project (TEP): What is the biggest threat facing modern enterprise networks?

Gampe: The biggest risk facing current enterprise networks today is security. Data loss prevention systems that inspect outgoing packets to look for sensitive data, and intrusion detection systems that monitor incoming packets to identify potential threats, have both traditionally been placed at the edge of the enterprise network. However, as many line-of-business applications move from on-premise data centers to cloud services, there is no traditional network edge anymore, which renders the conventional methods of securing the enterprise network edge insufficient.

CIOs and CTOs today need to carefully plan for applications migrating to the cloud, or risk being caught off guard with edge-of-network infrastructure and systems unable to secure new traffic flows outside of the enterprise network.

TEP: What are the biggest mistakes you see CIOs and CTOs making around enterprise networks?

Gampe: The most common mistake I see is a failure to plan adequately for the impact of adopting cloud services on the enterprise network. CIOs and CTOs need to monitor and understand the internal traffic patterns of the on-premise data center to appropriately plan for the change in flows as traffic destined for line-of-business applications moves from those on-premise data centers to cloud-hosted services. There are serious risks to user productivity and application availability if CIOs and CTOs have not appropriately planned for or deployed the infrastructure required to support new traffic flows to the public cloud.

"If CIOs and CTOs want to ensure they have the network capacity, performance, and security to safely adopt cloud services, they need to bypass the public internet and directly connect enterprise networks."

The second important task is planning for the changes to line-of-business application security. Firewall rules based on address have been a standard first line of defense in the past. But as applications move to the cloud, source address-based firewalls are no longer valid. CIOs and CTOs today need to re-assess their information security management strategy to account for the fact that they can no longer rely on the assumption that applications are not internet-accessible.

TEP: What are some of the obstacles and restrictions enterprises encounter when dealing with the public internet?

Gampe: The clearest obstacle is instability, and the biggest risk is security when dealing with the public internet. It's no surprise that the public internet is not secure, but the internet's significant instability at times is not apparent until mission-critical applications are moved to the public cloud and the organization is suddenly exposed to a lack of application availability due to that instability.

A simple search for a major route leak gives a sense of how often and how significant some of these public internet outages are. Tier 1 network operators will typically off-load traffic to the lowest-cost path, often with little concern for performance. Using these public internet services for mission-critical application availability is inherently high-risk. The key to safely and securely adopting cloud services is to not use the public internet.

If CIOs and CTOs want to ensure they have the network capacity, performance, and security to safely adopt cloud services, they need to bypass the public internet and directly connect enterprise networks. Large public cloud service providers and new software defined interconnection companies now provide these direct connect services to ensure that enterprises remain in control of their network connectivity without relying on the public internet.

Minda Zetlin is a business technology writer and columnist for Inc.com. She is co-author of "The Geek Gap: Why Business and Technology Professionals Don't Understand Each Other and Why They Need Each Other to Survive," as well as several other books. She lives in Snohomish, Washington.

Contributors

Comments

Organizations need to do a much better job making sure their networks and connectivity is secure. According to a recent blog I read,

"For a network connection to be considered secure, it should adhere to at least three basic principles:

--Third parties should be barred from obtaining confidential data that was not meant to be sent to them.
--Identification of the person or persons wanting access to the data must be verified.
--Information being exchanged must be guarded against being seen, captured, or altered by unknown parties.

Connections that are not secure are more vulnerable to data breaches, identity theft, data leaks, eavesdropping, malicious cyberattacks, and a host of other cybercrimes, disruptions and, nuisances."

The blog is here, BTW: http://bit.ly/2bfTBPD