Feature Story

Defending the cloud connection

by Jason Deign

sdwan security

New kinds of cyber defense are needed as companies reach to the cloud for vital applications.

It is not often that IT gets to steal a lead on cyber threats. Most often, hackers rule the game. New threats turn up and new shields are put in place to block them. But when it comes to IT's latest trick, the shields are being put in place before the threat has become a real danger.

The latest trick is the cloud. Or, to be more precise, how firms are now using the cloud to host vital data at lower cost than ever before. Putting critical data in the cloud was risky before, because you could never be sure if your wide area network (WAN) connectivity would hold up.

In recent years, though, things have changed. Software-defined networks now make sure connectivity to any branch can perform to the same standard as a traditional WAN.

"Your security must extend to everywhere the user works from. "You can't compromise on this. I don't see anyone else on the planet with this kind of robust solution."

Scott Harrell, SVP & GM, Cisco Enterprise Networking

This means key applications that are moving to the cloud and are no longer hosted at the data center will always have good application performance. The value of this so-called SD-WAN approach is clear from how quickly the market is growing.

See also: Five SD-WAN trends that will define the future market  

The research firm IDC says the SD-WAN infrastructure market could be worth more than $4.5 billion by 2022. At the same time, though, there have been concerns about trusting your most critical applications and data when it passes over the Internet.

It is simple to protect your data behind a firewall. But when that data travels over public networks it could be an easy target for hackers. This worry is well founded, says Brandon Butler, a senior research analyst with IDC.

"We've seen a number of attacks over the years related to transferring data over the Internet without the proper security tools in place," he says.

But for now, at least, hackers don't seem to have homed in too closely on the connectivity layer of the network. The IT sector is keen to keep things that way. Butler says there are two main options for shielding network links.

One is to add a layer security on top of the SD-WAN, a bit like putting a metal jacket around your virtual pipe and hoping nothing gets through. The other is for security to be integrated into the SD-WAN, so the network itself acts as a shield.

See also: Intent-Based Networking, why it belongs on every network

It does this by using tools such as encryption, intrusion prevention, next-generation firewalls, and deep packet inspection.

"Having these integrated into the SD-WAN offering is, in many cases, an ideal way for organizations to deploy security," Butler says.

Having integrated SD-WAN security sounds great in theory. In practice, it's not easy to do. You can't afford for there to be gaps. You can't afford for things to be too complex, or the cost spirals. And you can't afford for your security to slow down other systems. 

Getting all these things right has not been easy until now. The standard way of installing distributed security involves up to 35 actions that can take weeks of manual work, for instance. But Cisco has led the way in making things easier.

Cisco SD-WAN products now come with built-in best-of-breed intrusion protection, URL filtering, enterprise firewall tech, and cloud security, all of which can be installed in hours instead of weeks or months.

Cisco SD-WAN not only protects applications and data but also helps it along its way, so that, for instance, Microsoft Office 365 runs up to 40 percent faster. Most importantly, though, it helps protect workers from cyber threats wherever they are.

"Your security must extend to everywhere the user works from," says Scott Harrell, senior vice president and general manager of Cisco's Enterprise Networking Business. "You can't compromise on this. I don't see anyone else on the planet with this kind of robust solution."



The contents or opinions in this feature are independent and may not necessarily represent the views of Cisco. They are offered in an effort to encourage continuing conversations on a broad range of innovative technology subjects. We welcome your comments and engagement.

We welcome the re-use, republication, and distribution of "The Network" content. Please credit us with the following information: Used with the permission of http://thenetwork.cisco.com/.