Conquering multi-cloud challenges with confidence

By David Maclean, Systems Engineer, F5 Networks.

  • Friday, 13th July 2018 Posted 6 years ago in by Phil Alsop
Automation, orchestration, and optimisation is the mantra for today’s businesses. The pressure is on to boost performance and become more agile, and multi-cloud-powered success is fast becoming a revolutionary reality for many industries. Automotive is more automated. Retail is more rapid. Finance is more forensic. Hardware is more transient.

 

Yet, despite all-time high security risks, outdated security tools and traditional IT practices are still impeding progress and hitting multi-cloud confidence.

 

According to recent research by F5 Labs, 53% of security breaches target applications and boardrooms are scrambling to bridge a widening security expertise gap. The challenge is exacerbated by the complex logistics of migrating apps to the cloud. Take your eye off the ball for a moment and there is a danger of innovation outpacing planning.

 

Cloud decisions

Protecting creaky old networks against data loss and privacy threats is an enduring concern for decision-makers. Additional headaches occur as more workloads move to the cloud in all its forms (public, private, hybrid and multi). Typical operational gaps include lack of visibility into encrypted traffic, inconsistent security policies, compliance issues, inadequate security tools and obstructive legacy processes. Decision-makers are also often hamstrung by poorly deployed security budgets, diminishing DevOps, SecOps, and Cloud Architects’ important, business-boosting influence.

 

Cloud vulnerabilities typically exist because organisations misconfigure their platform. The days of purely protecting the perimeter have long gone. Today’s cloud-based decisions should be driven by what is best for the application. Different applications require different cloud services.

 

Encouragingly, there is a growing awareness that business as usual is yesterday’s news. F5’s biggest ever State of Application Delivery (SOAD) 2018 report found that 54% of surveyed customers determine which cloud is best for each application on a case by case basis. This is fueling an uptick in multi-cloud environments, with 75% of respondents claiming to use multiple providers. The need to safeguard these environments is also spurring an update of Web Application Firewalls (WAFs). 61% claim to use the technology to protect their applications.

 

Looking ahead, canny businesses are already assessing cloud security’s next evolutionary step. Advanced WAF (AWAF) solutions now hitting the market are capable of dynamically protecting applications with anti-bot capabilities and stopping credential theft using keystroke encryptions. They can also extend app-layer DDoS detection and remediation for all applications via a combination of machine learning and behavioural analysis.

 

Significantly, AWAFs support a variety of consumption and licensing models, including a per-app basis, as well as perpetual, subscription, and utility billing options for flexibility in the cloud and the data centre. This enables SecOps work with modern DevOps and NetOps teams to easily deploy app protection services in any environment. These can then be configured for individual applications or en masse. The holistic approach reduces management complexity, decreases OpEx, and efficiently delivers services to neutralise attacks.

 

Automate and control

Architecting a multi-cloud strategy with effective security solutions is the key to optimal efficiency and agility. Standardising on advanced tools, improving the speed of deployment processes, and gaining greater control management is a strong step in the right direction.

 

Today’s companies need and want application delivery services reinforced with robust and integrated cloud security that are flexible, programmable and automatable. The ability to quickly develop and deploy scalable applications and services anywhere, on any platform, is vital to meet customer demand and remain competitive. Applying consistent policies, irrespective of application location, dramatically simplifies the game, decreases total cost of ownership while accelerating time-to-market and accelerates overall innovation capacity. 

 

AWAFs also enable businesses to take advantage of automated security policy capabilities, shortening deployment times for new apps with easy to use cloud templates for AWS, Google, and Azure environments. The ultimate goal should be a secure, agile model that gives the freedom to grow on-premises and cloud infrastructures according to business priorities.

 

Cloud confidence

The transition to the cloud is a major challenge for IT departments, and traditional business models are being questioned at the executive level. The time is right to embrace new techniques and technology to succeed in the digital economy.

 

Implementing a robust, future-proofed ecosystem of integrated security and cloud solutions will help to build end-to-end IT services that give key stakeholders greater context, control, and visibility into the threat landscape. It will also yield the confidence needed to remove the scourge and cost of complexity.