Business & Technology

Accelerating the Cloud On-Ramp with Security-Driven Networking

By John Maddison | August 01, 2019

Until recently, data moving between different data centers represented barely more than 5 percent of total data center traffic, and even that did not require the sort of speed and adaptability that modern distributed networks require. As a result, the vast majority of existing data center firewalls were simply not designed for the unique volume, performance, or translation efforts required to interconnect live data centers.

To put things in perspective, say you are healthcare provider with a cloud first strategy, have a growing subscriber base, and want to provide access to patient records from a centralized location as well utilize cloud-based SaaS services. To achieve this, you would select multiple clouds to optimize your operational costs. And if you were already operating your own data centers, you would need to connect them to those cloud providers. Your network would then become hybrid, complex, and geographically dispersed.

This is not a hypothetical situation.

Enterprises with legacy data center architectures are currently struggling with this very problem. Security has emerged as one of the primary roadblocks to full cloud adoption, making it difficult to achieve end-to-end visibility and consistent security for today’s distributed and shape-shifting environment.

The Need for Security-Driven Networking

Security-Driven Networking is an innovative new strategy that enables organizations to accelerate their on-ramp to the cloud. It starts long before a single device or service is deployed in the cloud.

  • You need to start by seeing security as an integral component to the network – and not as an add-on.
  • Next, you need to map out all data flows, identify all the resources they touch, especially those that move between different environments, whether physical or cloud, and baseline performance requirements.
  • You then need to define the unique security requirements for each environment, device, and data type.
  • Finally, you need to identify all potential issues related to the orchestration and management of security between these different environments, including where translation issues may result in security gaps related to solution functionality or policy enforcement.

This strategy allows enterprises to architect and deploy business critical applications and services faster than ever before. Networks and services built on seamlessly integrated, end-to-end visibility, and consistent security policy across all locations can be implemented, managed, and expanded from day one with much higher speed and efficiency. And they can achieve that without ever sacrificing an iota of protection or performance. 

Of course, achieving this also requires deploying security solutions designed to function natively in whatever environment they are placed. This can include one of the many clouds in use, at branch offices, with mobile workers, or inside traditional data centers that struggle to keep up with the elasticity and scalability of the ever-expanding extended network. Additionally, those tools need to function consistently. This eliminates security gaps and ensures that applications receive the same level of policy enforcement regardless of where their data path takes them. And to do that, they also need to be able to share and correlate intelligence in real-time. This can be achieved using a joint management and orchestration language and interface. And at the same time, it enables a system-wide coordinated response to any and every threat detected.

Today’s Expanding Data Centers Require Expanded Security

To support this security-driven networking strategy and accelerate the cloud on-ramp, Fortinet is introducing a new E-Series of FortiGate Next-Generation Firewalls, which includes the FortiGate 1100E, FortiGate 2200E, and FortiGate 3300E. This lineup has been specifically designed to support a security-driven networking strategy. Once in place, they solve the most common bottlenecks enterprises face when trying to securely connect their data center resources to the cloud:

  • Securing high-speed connections to multiple clouds. One of the most daunting challenges organizations with a multi-cloud strategy face is ensuring consistent performance and protection for data moving back and forth to different cloud environments. FortiGate’s Next-Generation Firewalls secure data in motion at the speed of business. They do this by using high-performance crypto VPNs combined with access control, data confidentiality, privacy, and breach prevention. This ensures that every device is accounted for and monitored, every workflow and application is understood and secured, and every transaction happens at digital speeds.
  • Providing perimeter defense and DDoS prevention: Data centers include a number of perimeters that need to be secured. There’s North-South traffic between the data center and the rest of the extended network, including SD-WAN and SD-Branch deployments. East-West traffic, especially between internal data center segments, makes up well over half of all data center traffic, and needs to be protected at exceptionally high speeds. And the fastest-growing data traffic segment – data flowing between data centers, is the toughest of all to secure because different cloud environments speak different languages. So, data center NGFW also require cloud connectors that can establish and translate those connections at business speeds. And at the end of the day, in spite of having every one of these perimeters secured, a single successful denial of service attack can bring the whole thing down. To address these issues, FortiGate solutions designed for data centers, especially this new E-Series of devices, include high-capacity data center firewall and DDoS prevention capabilities to protect business-critical e-commerce services.
  • Gaining full visibility into encrypted flows. Inspecting encrypted traffic is the Achilles heel of most security devices. Even the largest and most expensive firewalls can be driven to their knees when trying to decrypt, inspect, and re-encrypt secured traffic. FortiGate NGFWs – including the new E-Series – include purpose-built, security ASIC hardware called Security Processing Units (the only ones of their kind in the entire industry) to offload and inspect encrypted traffic without crippling security performance or impeding digital business transactions at the fastest speeds in the industry.
  • Intent-based Segmentation. More and more CISOs and security teams understand that the best way to secure increasingly complex environments is to break them down into digestible segments that help reduce the attack surface. Organizations can then leverage advanced layer 7 security to perform content inspection, analyze data, and monitor behaviors to protect these segments, as well as to achieve business objectives such as implementing a zero-trust framework.
  • Protecting business-critical applications and servers. Maintaining consistent security hygiene can be challenging for even the most disciplined security teams. As a result, patches and updates can often go days, weeks, or longer before being implemented. FortiGate NGFW solutions address this reality through a virtual patching strategy enabled by high-performance data center IPS to wrap mission-critical servers and workloads in a protective shield. This strategy fills the security gap that exists between the time a patch or update is released and when it is loaded onto a device.

Accelerate Your Cloud On-Ramp Strategy with Purpose-Built Security

The only thing certain in this new digital economy is change. Embracing that change requires organizations to continually expand and modify their data center environments to meet changing business and digital marketplace requirements. And that can quickly overwhelm most security deployments. Traditional data center security devices, including the massive legacy firewalls in place at most organizations, were never designed for the complexity, connectivity, and performance requirements of today's digital economy. Don't let security concerns be the gating factor for your cloud on-ramp strategy.    

FortiGate Next-Generation Firewalls can accelerate the cloud on-ramp with high-speed secure connections, protect your geographically dispersed assets and deliver business critical services. To learn more, please refer to the Fortinet FortiGate NGFW page.