We welcome John Ayers, Global Managed Security Services, Level 3 to discuss MSSP and the cloud:
Managing network connections to hybrid cloud environments is a complex task- notwithstanding the sea of confusion over the hybrid cloud’s true definition. Paramount to the problem is securely optimizing transport and managing compute resources in geographically dispersed locations to ensure optimal application delivery and performance.
While the industry debates the definition of "hybrid cloud,” IT organizations live in a world of “grey space” between dedicated, private architectures and “cloud” promises. Mission critical applications now live in the public cloud, while others reside in private clouds. Interconnections between clouds, if needed, aren’t always working efficiently. Managing the security of cloud data and transport just adds another layer of complexity and confusion.
But, how did we get here? The problem starts with plain old physics - or the speed of light. Once you break up tiered applications and place them far away from each other in dispersed data centers or remote locations, latency becomes an issue. Throwing bandwidth at the problem is not only costly, but may not support the speed at which business needs to move, even with the capability of dynamic provisioning. In distributed environments, IT organizations struggle with stretching network services, such as firewalling and load balancing, across resources. Add to all this, the challenge of merging two separate sets of IP ranges to enable automated provisioning and migration across clouds and you can start to see the complexity.
Here is where we introduce what analysts call secure Internet gateways (SIGs). These gateways provide advanced threat defense against malware and other Internet threats through techniques such as content / URL filtering and application control.
Evaluating a secure Internet gateway solution can be a bit tricky. SIGs are delivered as on-premises appliances; cloud-based services; or in a hybrid model (combined on-premises appliances and cloud). Vendors and service providers differ greatly in the maturity of their feature set and ability to protect organizations from advanced threats. While the market offer for secure Internet gateways is still maturing, this protection approach is here to stay and is expected to grow into the billions.
And, per Fortinet’s Stephan Tallent: “Cloud-based security provides an upstream layer of protection that cannot be accomplished on the customer premise, especially in the event of a denial of service attack where the smaller circuits at the premise can easily be brought down by a relatively small volume attack. SIGs capitalize on massive pipe sizes to ‘clean’ traffic upstream so that desired traffic is unfettered.” While the market offer for secure Internet gateways is still maturing, this protection approach is here to stay, and is expected to grow into the billions.
Despite the various delivery models, the concept of a secure Internet gateway is most powerful as a cloud-based service. Why? Cloud applications, as well as employee web surfing and email, represent the most successful attack vectors for bad actors, and the most challenging vulnerabilities for IT security teams to defend. Robust security controls deployed in the cloud, if appropriately dispersed, can effectively protect company resources, solve for latency and meet the need for business agility.
The reality though, is that IT organizations have invested in premises-based equipment that may require integration into the cloud model. Ultimately, what’s needed to protect hybrid (public-private) cloud networks and applications, is consideration of the IT “grey space” between existing localized protections and the incorporation of cloud security.
Fortinet and Level 3 are working together to provide security for the “grey space”. To learn more about secure internet gateways, check out this infographic
To learn more about how Fortinet is working with Level 3, visit https://www.fortinet.com/solutions/enterprise-midsize-business/advanced-threat-protection.html