Since the modern network security era begin in late 2001 with NIMDA and Code Red, I’ve been observing how to protect against threats and vulnerabilities to the enterprise across my professional experiences with dedicated security appliance vendors such as Fortinet and ServGate, and more recently in my strategic marketing role within Cisco’s enterprise services customer segment. Clearly, protecting the network at the edge and devices internal to the network has been challenging enough. Now, with the movement to virtual or cloud-based computing, this trend even further complicates the need for multi-layers of defenses at all access points into the cloud, both egress and ingress.
The legacy architecture of today’s information and communications technology (ICT) infrastructure unnecessarily increases overall management costs and complexity. Accordingly, ICT infrastructure is now moving toward a service-based consumption model often referred to as enterprise cloud services. This new model requires a fresh, contemporary way of thinking about both the underlying technology and the way ICT is delivered to ensure customer success.
The realities of rigid topologies, overly deliberative incremental approaches, and the absence of a compelling, secure end-state architecture are impeding broad-scale cloud services adoption by enterprise customers. Thus it is imperative that enterprises rigorously assess how best to automate ICT functions appropriately so that on-demand services, such as Unified Communications, can be provisioned and delivered on the fly while demonstrably reducing overall costs.
BARRIERS TO ADOPTION
Migration to faster data transmission technologies and efficiency gains from virtualization and cloud computing solutions, however, hinge on higher performance of networking infrastructure, which in turn increases output capacity. Yet without the proper network-centric enterprise architecture, those benefits are at risk. Security, privacy and data loss protections are prime enterprise architecture elements that require a robust, integrated cloud infrastructure.
Fortifying risk and compliance measures along with properly orchestrated security policies are especially key in cloud topologies as in many cases processes and data move off client premises. A key challenge is to achieve such an outcome while not adding to the complexity of the deployment and management of enterprise cloud solutions, and without suffering degradation of throughput to real time applications.
HYBRID SECURITY ARCHITECTURE REQUIRED
Today many organizations are embracing a hybrid approach to Web and messaging security that leverages the benefits of an in-the-cloud SaaS offering with on-premise software and/or appliance-based solutions, especially in multi-tenant environments.
A hybrid architecture built from the ground up with a secure infrastructure foundation, allows global enterprises to leverage on-premises solutions to handle the bulk of data loss prevention (DLP) and encryption responsibilities required to prevent data loss closest to the source. For this reason, many enterprises prefer to deploy DLP and encryption technologies primarily on premises, along with layered defenses throughout the cloud infrastructure.
This is especially relevant to a growing trend in enterprise architecture, particularly among firms that conduct business over the web direct to consumers, to construct their corporate network with the same architectural design principles as the public Internet. Additionally, many of the applications that would be virtualized as cloud services are highly customized so-called homegrown applications that risk slowing down cloud services delivery and exposing the enterprise to recurring security threats.
CLOUD INCREASES NETWORK ARCHITECTURE DEPENDENCE
Global enterprises are starting to make greater use of cloud computing and software as a service (SaaS), giving them greater flexibility when it comes to accessing computing and storage capacity. The flipside of cloud and SaaS computing, however, is that ICT enterprise systems become more geographically distributed. As a result, the cloud computing trend reinforces the organization’s dependence on a reliable network infrastructure.
The underlying network infrastructure, correspondingly, is the most important aspect to an effective cloud delivery model. Beyond product procurement and implementation, however, the real challenge of effectively leveraging the network to make service delivery more agile lies with developing new ICT processes and aligning the structure of the ICT department to best service end user communities across the widest set of organization boundaries and operating units.
ONLY THE NETWORK . . . RELIABLE CLOUD DELIVERY
In a number of ways, only the network can help bridge conventional silos to deliver a dynamic and service-oriented infrastructure that allocates compute supply to business demand as needed, just like a power utility. A progressively architected network can play an important role in workload management within a virtualized environment.
Further, a converged infrastructure with consolidated network services greatly reduces complexity and time-to-resolution of potential incident and problem management issues, especially with respect to business continuity and recovery concerns.
Adoption of a virtualization strategy should not be based solely on IT optimization but also on enabling business agility. For example, virtualization increases the availability of both hardware and applications for improved business continuity as entire virtual environments can be securely backed up and migrated without interrupting service.
The virtualization of network services creates another layer of abstraction within the ICT infrastructure stack, but from a holistic point of view the network is the single element that connects everything in the virtualized environment. This is the primary reason why a network-centric enterprise architecture is the essential foundation for developing an effective virtualization strategy.