Security as the foundation for a successful multicloud strategy – Part 3 of 3

In part one of this 3-part series, we shared some thoughts on how you can simplify your network for consistently deploying, managing and securing workloads across a multicloud environment. In part two we looked at how users and devices access these distributed applications and workloads with the performance they need. Part three is dedicated to what may be the most important element – securing user access to multicloud applications.

Challenges of securing multicloud access

Cloud infrastructure is a growing target for cyberattacks because of available computing resources as well as being a repository of valuable data. Attackers have unlimited attempts and resources to be effective, so defenders have to win every time. This requires a strategy with depth in defense, immense visibility, rapid intelligence, and the ability to respond quickly and effectively. 2019 has been a year of staggering security breaches in the cloud, a trend that will only continue unless organizations make significant advancements in their security architecture.

New network, new security challenges, new options

In today’s world we see a rapid growth in remote and roaming workforces, requiring secure access to the network along with the fast growing spread of applications and data highly distributed across multiple IaaS and SaaS vendors.  As a result, traditional security architectures and tools are falling behind, leaving businesses and users vulnerable.  With the major shift of distributed users and apps, IT teams need to develop their strategy for securing multicloud access. Your security approach will depend on your multicloud networking needs and strategy. Are you deploying SD-WAN for branch access? Are you using Colocation facilities to consolidate regional access? Are you using VPN access for your remote workers? Or quite likely are you using a mix of approaches?

It’s time to rethink how network security is delivered – and you have choices

Integrated Security: Securing SD-WAN with Fullstack security and DIA at the branch

1. Building a Digital Defense with SASE

Secure Access Service Edge (SASE) is an evolution of the Secure Internet Gateway (SIG) security framework which is gaining fast adoption. So much so that Gartner[1] believes that “by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.”

Cisco’s SASE offering joins together elements of our networking, security, and zero-trust product solutions. This includes elements of Cisco SD-WAN and Meraki SD-WAN platforms to address SASE’s WAN and routing requirements. For security, we bring in Cisco Umbrella for secure web gateway, domain name system (DNS), Next-Gen firewall, and cloud access security broker (CASB) functionality. Finally, we integrate core elements of our zero-trust networking portfolio — which includes Cisco Duo, Cisco SD-Access, and Cisco AnyConnect to verify identity and enhance the overall security of the offering.

2. Secure cloud connectivity with SD-WAN

This approach focuses on providing direct internet access (DIA) for branch offices to route certain traffic to public clouds or the internet.  The benefits of DIA are reduced bandwidth, overall latency, and cost savings on expensive private WAN links. A full security stack is built into Cisco’s SD-WAN appliance, and offers next generation firewall, IPS, AMP and URL Filtering. Analytics and Assurance deliver the visibility and insights to deliver the best possible user experience.

@Regional Hub: Security Services in the cloud, integrated Fullstack or a combination of the two3. Building a regional security perimeter at the Colo

What about those large or multinational corporations who are highly regulated or simply do not permit DIA and prefer to inspect all traffic?  To simplify deployments, they can use a hybrid approach by aggregating access to public cloud and internet from multiple branches to regional CoLocation facilities.  These facilities can run the integrated full security stack built into the SD-WAN appliance, they can use the SASE / SIG cloud approach, or they can use a combination of integrated and cloud security to meet the needs of their security compliancy.

Do you want to learn more about multicloud access and security?  Are you getting ready to transform your WAN into a multicloud architecture? Join us for a Network Insider Live Webinar on Tuesday, July 21 at 10 a.m. Pacific Daylight Time as Cisco experts provide insights into your networking and security options for optimizing your multicloud deployments.

Sign up for the Network Insider Live Webinar

Can’t wait for the webinar? Learn more about SD-WAN, multicloud, and secure access with these resources:


[1] Neil MacDonald, Lawrence Oran’s, Joe Skorupa, The Future of Network Security Is in the Cloud, Gartner, 30 August 2019



Mark Ellwanger

Marketing Manager

Data Center / Enterprise Networks