By Wieland Alge, VP and GM of EMEA, Barracuda Networks
There is a multitude of benefits from the cloud including streamlined collaboration capabilities, simple remote access to critical files and reducing the workload with in-house IT to focus on other important business objectives. A more methodical approach is in order when it comes to a hasty migration to the public Cloud to ensure all crevasses are covered between the current existing on premise security and the new security requirements in the Cloud.
The public Cloud frontier
Virtual security appliances have existed for a number of years, offering tools such as deep packet inspection in a portable, easily-deployed format for private Cloud and virtualized data centres. However, as public Cloud solutions such as Microsoft Azure have advanced, protecting business-critical applications in these environments has become a significant challenge for corporate IT teams. While Azure and its peers provide top-notch network hardware security, when it comes to workload-specific security, such as protecting application traffic from exploits, implementing anti-malware solutions, or defending against sophisticated targeted attacks, Cloud vendors cannot serve up an appropriate solution. The dearth of application-layer support has left tenants somewhat exposed if they place data-driven applications within virtual machines in the Cloud.
Don’t leave your security behind
While on-premises security devices such as firewalls, VPNs, IPSs and so on provide a robust security exterior, applications within Cloud environments have only the basic protections afforded by the shared services, or those included in the server operating system. Cloud operators also have no knowledge of what constitutes a customer’s normal operations versus malicious traffic. In order to address the Cloud security needs, IT teams will have to deploy new layers of protection through a virtual security device sitting within the tenant environment. A next generation firewall can leverage its application visibility and user awareness to manage traffic and bandwidth intelligently and can help IT administrators re-establish control over their network.
Cover all crevasses for the cloud
A Cloud-based virtual firewall can meet a number of security requirements in the Cloud, including:
- Secure Data Centre: a virtual firewall can filter and manage traffic flowing to or from the Internet, between virtual networks or between tenants, to secure the virtual data centre. It can also securely extend a physical data centre to the Cloud, which is particularly relevant if you are migrating solutions to the Cloud and therefore require secure connectivity between the Cloud environment and local infrastructure.
- Secure Remote Access: while the standard tunnels used to configure VPN gateways are certainly secure from an encryption and privacy standpoint, they do not provide the level of control that many IT groups have come to rely on through their hardware-based firewall. A virtual firewall can provide the advanced access policy, filtering and connection management necessary to provide client access to the Cloud. As for encrypted content, the virtual firewall can ensure that all data (regardless of source or destination) is subject to the same protective measures that would be in place with an on premise hardware-based firewall.
- Identity: since most Cloud platforms are not designed to intercept malicious intent, the virtual firewall is crucial in maintaining integrity and confidentiality of apps and data. It should integrate with most well-known access control providers and offer a broad range of granular, policy-based filtering tools.
- Management: while Cloud vendors typically provide tenant isolation and security, a Cloud-based firewall is needed for effective management of the tenant environment. It will manage performance, usage, visibility, reporting, configuration and the other capabilities that are normally associated with on-premises management tools.
Securing applications and data in the Cloud is far easier with tools that are dedicated to the task. A Cloud-based application firewall can provide security where the application and data reside and bridge the void between on-premises network protection and Cloud security needs.