Industry Trends

Byline: Meeting The Challenge of Securing the Cloud

By Michael Xie | December 27, 2016

The cloud has been a powerfully disruptive technology, transforming traditional network architectures that have been in place for decades, allowing businesses to be more agile, responsive and available than ever before. In fact, networking experts predict that by 2020 cloud data centers will house as much as 92 percent of all workloads. The challenge is that while cloud service providers certainly offer compelling new services, they also create isolated data silos that have to be managed separately, and impose unique security requirements on organizations.

Unfortunately, many traditional security solutions were not designed to protect the agile and highly distributed cloud environments being adopted today – or the expanding attack surface they create. When corporate data no longer sits in isolated data centers, and users, devices, and applications can access virtually any information from any device or location, traditional security models and technologies simply can’t keep up.

And as we see every day, cybercriminals are ready to exploit these security gaps and weaknesses.

So, while organizations are re-engineering their networks, they have also begun to retool their security model and solutions.

For example, some organizations have begun to move many of their traditional enterprise edge security tools into the cloud to protect critical workloads there, and load up on on-demand public cloud security, virtualized security tools designed for private clouds, and cloud-based tools like cloud access security brokers (CASB) designed to protect hosted SaaS applications and corporate data.

Meanwhile, security budgets for existing traditional networks are being reassigned to the adoption of specialized security tools, such as data center protection, web application firewalls, security for mobile devices, thin clients, secure email gateways, advanced threat protection, and sandboxes.

The result, in many cases, is that today’s hybrid cloud environments are recreating the same data center security sprawl that organizations have spent years trying to streamline and consolidate.

Implementing dozens of isolated security tools and platforms, regardless of how relevant they are to new cloud-based networks, creates their own problem.

IT teams are already overburdened with managing their network transformation.

The lack of additional resources, combined with the growing security skills gap, means that security technicians now need to learn how to deploy, configure, monitor, and manage dozens of additional cloud security tools, with no good way to establish consistent policy enforcement or correlate the threat intelligence each of these devices produces.

But what if the data and security elements across an organization’s various cloud environments were well integrated, cohesive and coherent, like a seamlessly woven fabric? Such an approach would allow companies to see, control, integrate and manage the security of their data across the hybrid cloud, thereby enabling them to take better advantage of the economics and elasticity provided by a highly distributed cloud environment.

This type of approach would also allow security to dynamically expand and adapt as more and more workloads and data move into the cloud, and seamlessly follow and protect data, users, and applications as they move back and forth from IoT and smart devices, across borderless networks, and into cloud-based environments.

An approach like that addresses the three fundamental requirements necessary to meet today’s advanced networking and security requirements:


  • Security, network and cloud-based tools need to work together as a single system to enhance visibility and correlate and share threat intelligence


  • Security solutions need to work as a unified system for simplified single-pane-of-glass management and analysis, and to enable a coordinated respond to threats through such methods as isolating affected devices, dynamically partitioning network segments, updating rules, and removing malware


  • For security solutions to adapt to dynamically changing network configurations and respond in real time to detected threats, security measures and countermeasures need to be applied automatically, regardless of where a threat originates, from remote devices to the cloud

Unfortunately, for many organizations their cloud-based infrastructure and services have become a blind spot in their security strategy. And cybercriminals are prepared to take advantage of that. As we all know, a critical lapse in visibility or control in any part of the distributed network, especially in the cloud, can spell disaster for a digital business and have repercussions across the emerging global digital economy.

To securely meet today’s digital business requirements, organizations need to be able to cut through the cloud security hype and intentionally select security solutions designed to be part of an interconnected, end-to-security framework that can solve evolving physical and virtual IT challenges regardless of the deployment option.

Security needs to be designed to meet this new challenge not only now, but into tomorrow as organizations continue to evolve towards a fully digital business model. 

Michael Xie is Founder, President and CTO, Fortinet

This byline originally appeared in American Security Today