The 3 Requirements of a Multi-Cloud IT Infrastructure

istock 1341772842
iStock

Every once in a while, you run across an article of clothing like a rain poncho or wrap-around skirts with a tag that says, "one size fits all" or "one size fits most." In theory, the garment fits most average-sized people. But even if you're wearing what is effectively a tent, one size never fits all. People are all different shapes and sizes, so that medium-sized poncho will leave the six-foot-tall person soaked while the five-foot-tall person is dragging it through the mud.

Whether it's clothing or technology, there's no such thing as one size fits all. Although it has taken a while, most organizations have moved beyond a “one cloud fits all” approach and use two or more clouds to achieve their desired business outcomes or as a necessity to bridge the old with the new, running critical legacy on-premises while migrating to cloud where possible.  Some organizations might pursue a multi-cloud approach to increase redundancy and resiliency and decrease costs and their reliance on a single provider.

But adopting a multi-cloud strategy and expanding across multiple Infrastructure-as-a-Service (IaaS) cloud providers has a ripple effect on networking and security architectures. Organizations need to be able to connect users to the applications and resources they need yet still be able to apply consistent controls to reduce cybersecurity risks.

Because of the rise in remote work, organizations need to include zero-trust network access (ZTNA) into their security strategy. Many organizations are moving from traditional VPNs to ZTNA because it provides better security, more granular control, and a better user experience. ZTNA is used to control access to applications, no matter where the user or the application resides. For organizations using multiple clouds, ZTNA is critical.

Those organizations embarking on a multi-cloud security strategy need to keep the following requirements for networking and security in mind.

Policy and Enforcement

In a multi-cloud architecture, IT staff need to deal with the fact that public cloud providers have different proprietary architectures built on frameworks, application programming interfaces (APIs), and toolsets specific to each one. For repeatable deployments, organizations need to make sure that they have a common networking and security policy and enforcement framework. The networking and security architecture needs to be able to span across these clouds, use the native features and functions of each cloud, abstract that functionality with APIs, and then manage these connections dynamically using automation.  When it comes to cloud, consistent security is the “best security” as it delivers predictable outcomes while lowering deployment complexity.

Application-aware networking

Current networking technologies that connect multiple clouds suffer from the underlying transport's lack of awareness of different types of applications. To deliver consistent application performance, the network needs to be application-aware to maximize the use of available resources, network conditions, and capacity, control unimportant traffic, and understand the end-user experience.

Networking and Security Convergence

If networking and security are separated, multi-cloud deployments can't reach their full performance potential. When each layer uses different technologies from different vendors, it causes gaps in coverage, which makes the deployment vulnerable to attacks. The only way to ensure consistent, adaptable threat detection and response across the architecture is with fully integrated and unified security solutions. The effectiveness of security components is compromised when they are not tightly integrated.

But with central oversight, coordinated enforcement, and integrated communications between networking and security, the potential for attacks is reduced significantly through intelligent deep packet inspection and segmentation of the network traffic flowing between applications and workloads across multiple clouds.

Considerations Moving Forward

The architecture of on-premises, hybrid cloud, and multi-cloud deployment models are fundamentally different. Largely driven by APIs, cloud infrastructure is designed for horizontal scaling (or scale-out) and rapid changes. It also requires deep integration with underlying cloud platforms.

Networking and security must be integrated. The network layer should use cloud-native constructs such as security groups and advanced security such as intrusion prevention system (IPS), and end-to-end high-performance encryption to protect network traffic.

Organizations that take a multi-cloud approach benefit from a software-defined wide-area networking (SD-WAN) solution that provides a programmable, consistent, and cost-effective framework that is designed for multi-cloud deployments. It can be used to connect branch offices to cloud services, connect multiple public clouds to one another, and even connect workloads within a single public cloud.  Ideally, organizations should leverage a SD-WAN solution that provides orchestration across all points of deployments whether on-premises, in the virtual datacenter, or across multi-clouds.

With SD-WAN, organizations can efficiently connect people to the cloud resources they need; it's a good way to secure network traffic without sacrificing performance.

Learn how Fortinet’s cloud security solutions provide the necessary visibility and control across cloud infrastructures, enabling secure applications and connectivity from data center to cloud.

Related:

Copyright © 2022 IDG Communications, Inc.