Industry Trends

Auto Scaling Cloud Security

By Chad Whalen | May 23, 2016

The Fortinet Security Fabric spans the entire distributed network, from IoT to the cloud, to provide an integrated and collaborative approach to securing the next generation of networks and threats. It weaves together a variety of security components, from clients and firewalls to content security and access control, in a range of form factors, in order to share threat intelligence and coordinate threat response.

Securing the cloud is a critical and complicated challenge. It requires the blending of physical, virtual, and software-based solutions that can track and enforce policy on traffic that moves between corporate and third party domains.  In the software defined security framework, the key pillars are designed to support one another – starting with broad set of virtualized instances and pre-configured cloud templates, platform integrated orchestration and automation, flexibility for metering and on-demand licensing, single pane of management for all instances across premises, and a deep set of product APIs (REST and JSON) for next level cloud-based integration. 

Such flexibility creates complexity and can possibly become a double-edged sword if you don’t know what you are doing. Within virtual subnets, for example, you might have multiple, different types of instances each with different security requirements. By hand-creating creating rules to keep multiple instances in multiple subnets across multiple zones available in case one of them drops out, folks tend to create complexity when all they’re trying to achieve is availability. 

Auto scaling, or Scale-on-Demand, is probably one of the single-most valuable benefits of cloud computing, regardless of whether it is a private or hybrid deployment.  Businesses can define their own provisioning rules and tie them to dynamic security policies that engage whenever an instance of a virtual server spins up or down. For example, you can set a rule that says to increment compute when you hit 60 percent CPU pool load, and decommission those instances when cloud workload drops, and assign or decommission security at the same time. With the integrated FortiGate Auto Scaling CloudFormation templates available through AWS Auto Scaling web services in AWS Marketplace, the FortiGate Enterprise Firewall can be triggered to provide on-demand security based on defined CPU and memory consumption thresholds. 

This enables cloud elasticity with security assurance, since firewall instances can automatically adapt on demand, instead of deploying security designed for maximum loads and then leaving unused cycles running all the time. It also enables true pay as you go, so you only pay for the actual firewall units consumed, and not the maximum threshold that may be required. Lastly, it addresses the dynamic and tedious change management challenges created during things like distributed cloud bursting that often require the constant manual adjustment of security policies.

Traditionally, these cloud challenges introduced additional overhead for existing IT OPEX and error prone manual configuration, which presented a barrier to entry for many organizations. With the automation inherent in Fortinet’s auto scaling functionality, cloud utility consumption automatically aligns with demand, rather than in traditional architectures, which necessarily leave a lot of instances sitting around, unused, until demand is high enough. 

Dynamic auto scaling security to software-defined instances is central to effectively and efficiently securing any cloud deployment. Not just the public cloud, but also private and hybrid deployments as well.