Three keys to stronger cloud connectivity and security in distributed networks
The continued expansion of organizations into new branch locations, particularly as they focus on digital transformation, creates new challenges for connectivity and security.
Data is driving the new economy—and the availability of data anywhere people need it is what keeps the wheels turning. The ability to secure your entire distributed enterprise, while still enabling access to the data your people need to do their jobs, is more important than ever. So, how do you transform cloud connectivity and security across your expanding enterprise?
1: Restructure distributed network connectivity to handle high cloud loads
Make sure your networks are ready before rolling out access to cloud-based applications.
Augment or replace MPLS with local internet breakouts
Simply tweaking the existing infrastructure isn’t worth the added complexity and cost, and as transformation and innovation continue, sticking with the same approach isn’t the answer. Many organizations are replacing old MPLS technology, known for its difficult and expensive upgrades, with lower-priced, higher-performance commodity broadband links such as cable, fiber, commercial DSL, and even mobile carrier technologies. Finally, utilizing multiple ISPs can boost availability, reducing the risk of outages due to link failures.
Connect direct-to-cloud and site-to-site dynamically
Sending traffic directly to the cloud to access applications like Salesforce and O365 eliminates the need to first backhaul traffic through central headquarters. Site-to-site connectivity ensures legacy and other internal applications, like VoIP, can be automatically sent over internal links or external ones protected by VPNs as appropriate. Ultimately, a dynamic approach is much more efficient than hard-coding connections.
2: Ensure each branch office is protected by these three types of security
Gartner* advises that every branch office be protected by the same level of security as a primary internet gateway.
Access control and intrusion prevention
With a strong firewall, you can control access to resources from branch locations and prevent cyber attackers from breaking into the enterprise through your branch “back doors.” Look for distributed enforcement that is deployed, monitored, and managed from a central location.
Web threats and content security
Cloud web gateways prevent access to content that might violate your acceptable use policies and provide visibility into the use and potential risks of unsanctioned SaaS cloud apps. There are also operational advantages such as enforcing policies consistently across all locations, and offloading of SSL/TLS inspection from firewalls. As more and more traffic becomes encrypted, moving inspection to the cloud removes the risk of overloading core infrastructure.
You may be wondering whether your firewall is sufficient for web security. All NGFWs provide URL filtering and content security—including Forcepoint NGFW, which is built for that kind of deep inspection—but with varying levels of effectiveness and control. But, putting security in the cloud makes it possible to control access uniformly across all locations, adds options for allowing usage of material that would normally be blocked, and enables more seamless use of additional security like DLP and CASB.
Cloud application data protection
Using a cloud access security broker, you can protect data stored in cloud applications, watch for possibly compromised accounts, control sharing of sensitive files, and enforce consistent policies everywhere.
3: Move toward an integrated connectivity and security solution
Two common themes you’ll see throughout these recommendations are consistency and centralized management. The industry is moving toward converged solutions instead of patchwork point products is motivated by the need to reduce IT complexity while removing gaps and redundancies.
Check out our Guide to Cloud Connectivity and Security in Distributed Networks for a deeper dive.
*2017 Gartner Magic Quadrant for Enterprise Network Firewalls