Story image

Protecting your clients in the clouds: Private, public and hybrid

15 Nov 16

Andrew Khan explains how Fortinet’s FortiGate firewalls are designed to protect your client’s data and applications regardless of where they reside: in the cloud, in-house or a combination of both.

More and more New Zealand enterprises are moving applications, web services and data into cloud environments. As a result, their security requirements need to be agile enough to keep pace.

Each cloud deployment has a different set of requirements. Yet there is commonality amongst them. Your client’s cloud security profile has to be able to scale up or down with elastic workloads and they need to be able to segment traffic to and from the network at the gateway whilst segmenting and protecting applications and data behind the firewall. All of this requires a rethink on how they architect their network security.

Public, private and hybrid clouds

“It’s a new world out there,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand’s largest distributor of Fortinet’s cyber security solutions. “Public clouds, such as Amazon Web Services (AWS), Microsoft Azure and various NZ telcos and third-party data centres, offer IaaS (infrastructure as a service) hosting models for agility, ease of use and applications such as analytics, web services and archiving. Private clouds, self-contained networks based on virtualisation and software defined networking (SDN), offer centralised operations and economies of scale. And hybrid clouds encompass both internal and externally-hosted platforms to balance the loads and operational overheads. Each model has special requirements for security and Fortinet’s Security Fabric caters to all.”

Hybrid cloud strategies - where public clouds are used to host public-facing workloads with less sensitive data – rely on VPN connections that need to be secured. Conversely, some organisations may use the public cloud to host sensitive data, such as credit cards, in order to alleviate strict industry compliance and regulations on the private cloud. Segmentation between the public and private portions of the hybrid cloud are equally important in this approach.

“All of this means,” continues Khan, “is that it is more critical than ever to isolate business units and applications and segment east-west traffic to minimise the impact of a hacker or advanced threat that manages to breach the cloud perimeter via a single weak or vulnerable application.”

Internal segmentation

The antidote is internal segmentation that adds a virtual firewall to isolate and protect each virtualised instance running on your client’s server.

“This approach is ideal for enterprises that operate in a virtualised environment,” says Khan, “as it adds an extra layer of protection inside the machine itself so that if an intruder sneaks into the network via a ‘zero-day’ threat that hasn’t yet been identified, the damage is limited to a single partition. If clients are running redundant instances of mission critical applications, another key benefit of virtualisation, they can keep up and running without missing a beat. Virtualisation and internal segmentation are ideal for business continuity.”

Segmentation is equally important for hybrid cloud deployments.

“Fortinet gateways segment traffic to and from the data centre, typically via a VPN (virtual private network,) in the same manner as they segment data and applications inside a virtualised network,” Khan explains. “Using the same policies set out internally, the FortiGate firewall auto-provisions security rules to web and application instances as they flow to and from the network. This allows clients to isolate discrete applications and workloads and inspect for any data leakages or interruptions between their network and the service provider. Currently, Fortinet is the only security vendor to offer this level of protection.”

Fortinet solutions for the clouds

Fortinet’s Security Fabric offers security solutions for networks, endpoints, applications, data centre, cloud and access – all designed to work together to provide true end-to-end protection.

Fortinet’s purpose-built cloud security solutions collaborate with key Fortinet components - such as FortiSandbox to protect against zero-day threats - across a variety of cloud deployment models, whilst allowing for centralised management, open API integrations, cloud platform orchestration and automation.

And as malware is detected by a FortiGate firewall in the cloud, Fortinet’s Security Fabric shares that threat intelligence dynamically with the rest of the interconnected security infrastructure. This reduces the need for multiple touch points and redundant policies across cloud premises, and ensures governance over multi-layered security boundaries.

For further information, please contact:

Andrew Khan, Senior Business Manager
Email: andrew.khan@ingrammicro.com
M: 021 819 793

David Hills, Solutions Architect
Email: david.hills@ingrammicro.com
M: 021 245 0437

Hugo Hutchinson, Business Development Manager
Email: hugo.hutchinson@ingrammicro.com
P: 09 414 0261 | M: 021 245 8276

Company-X celebrates ranking on Deloitte's Fast 500 Asia Pacific
Hamilton-based software firm Company-X has landed a spot on Deloitte Technology’s Fast 500 Asia Pacific 2018 ranking - for the second year in a row.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Why the future of IT infrastructure is always on and always available
As more organisations embrace digital business, infrastructure and operations leaders will need to evolve their strategies and skills to keep up.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.
IDC: Tablets stay dead, notebooks keep head above water
An IDC report predicts a soft personal PC market, slipping into further decline with the exception of notebooks, gaming PCs, and business PC upgrades.
The 2018 Canalys APAC Channels Forum keynote
There was a lot to unpack at the Canalys APAC Channels Forum keynote. This long-form piece tries to cover all the most relevant points for A/NZ.