Protecting your clients in the clouds: Private, public and hybrid
Andrew Khan explains how Fortinet's FortiGate firewalls are designed to protect your client's data and applications regardless of where they reside: in the cloud, in-house or a combination of both.
More and more New Zealand enterprises are moving applications, web services and data into cloud environments. As a result, their security requirements need to be agile enough to keep pace.
Each cloud deployment has a different set of requirements. Yet there is commonality amongst them. Your client's cloud security profile has to be able to scale up or down with elastic workloads and they need to be able to segment traffic to and from the network at the gateway whilst segmenting and protecting applications and data behind the firewall. All of this requires a rethink on how they architect their network security.
Public, private and hybrid clouds
"It's a new world out there," says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand's largest distributor of Fortinet's cyber security solutions. "Public clouds, such as Amazon Web Services (AWS), Microsoft Azure and various NZ telcos and third-party data centers, offer IaaS (infrastructure as a service) hosting models for agility, ease of use and applications such as analytics, web services and archiving. Private clouds, self-contained networks based on virtualisation and software defined networking (SDN), offer centralised operations and economies of scale. And hybrid clouds encompass both internal and externally-hosted platforms to balance the loads and operational overheads. Each model has special requirements for security and Fortinet's Security Fabric caters to all.
Hybrid cloud strategies - where public clouds are used to host public-facing workloads with less sensitive data – rely on VPN connections that need to be secured. Conversely, some organisations may use the public cloud to host sensitive data, such as credit cards, in order to alleviate strict industry compliance and regulations on the private cloud. Segmentation between the public and private portions of the hybrid cloud are equally important in this approach.
"All of this means," continues Khan, "is that it is more critical than ever to isolate business units and applications and segment east-west traffic to minimise the impact of a hacker or advanced threat that manages to breach the cloud perimeter via a single weak or vulnerable application.
Internal segmentation
The antidote is internal segmentation that adds a virtual firewall to isolate and protect each virtualised instance running on your client's server.
"This approach is ideal for enterprises that operate in a virtualised environment," says Khan, "as it adds an extra layer of protection inside the machine itself so that if an intruder sneaks into the network via a 'zero-day' threat that hasn't yet been identified, the damage is limited to a single partition. If clients are running redundant instances of mission critical applications, another key benefit of virtualisation, they can keep up and running without missing a beat. Virtualisation and internal segmentation are ideal for business continuity.
Segmentation is equally important for hybrid cloud deployments.
"Fortinet gateways segment traffic to and from the data center, typically via a VPN (virtual private network,) in the same manner as they segment data and applications inside a virtualised network," Khan explains. "Using the same policies set out internally, the FortiGate firewall auto-provisions security rules to web and application instances as they flow to and from the network. This allows clients to isolate discrete applications and workloads and inspect for any data leakages or interruptions between their network and the service provider. Currently, Fortinet is the only security vendor to offer this level of protection.
Fortinet solutions for the clouds
Fortinet's Security Fabric offers security solutions for networks, endpoints, applications, data center, cloud and access – all designed to work together to provide true end-to-end protection.
Fortinet's purpose-built cloud security solutions collaborate with key Fortinet components - such as FortiSandbox to protect against zero-day threats - across a variety of cloud deployment models, whilst allowing for centralised management, open API integrations, cloud platform orchestration and automation.
And as malware is detected by a FortiGate firewall in the cloud, Fortinet's Security Fabric shares that threat intelligence dynamically with the rest of the interconnected security infrastructure. This reduces the need for multiple touch points and redundant policies across cloud premises, and ensures governance over multi-layered security boundaries.
For further information, please contact:Andrew Khan, Senior Business Manager Email: andrew.khan@ingrammicro.com M: 021 819 793
David Hills, Solutions Architect Email: david.hills@ingrammicro.com M: 021 245 0437
Hugo Hutchinson, Business Development Manager Email: hugo.hutchinson@ingrammicro.com P: 09 414 0261 | M: 021 245 8276