Cloud Transformation-Cloud adoption can change not just the way an enterprise works, but the way its IT leadership manages applications, connectivity and security. Transition to the cloud offers an opportunity for enterprise IT leaders to reevaluate network architecture and optimize user experience. IT stakeholders looking to optimize network performance for a cloud environment must understand how architecture impacts cloud access. The new blueprint for enterprise IT connectivity infrastructure is comprised of five functional components: inline security, modern identity/access management, smart endpoint management, dynamic security information and event management (SIEM) and direct-to-cloud connectivity.
1. Don’t build castles around your network. Protect users wherever they are.
Enterprise IT stakeholders moving to a cloud model must recognize the subsequent impacts on security and network performance, particularly with regard to mobile users. When doing so, it’s important to:
• Move security as close as possible to users, and ideally, inline. If users are distributed and remote, put security nearby, even if that means distributing data centers or leveraging a cloud-based security tool with local points of presence. Recognize and account for scalability costs as user traffic increases.
• Invest in tools that allow fast, secure, policy-based access between users and applications they need to connect to, regardless of the network. Security is important, but not at the cost of user experience.
• Monitor dynamically. Using identity alone is not sufficient. Policy should be conditioned on dynamic attributes such as a user’s device, location, threat posture, behavioral anomalies, etc. Both Forrester Research’s Zero Trust framework and Gartner’s CARTA approach preach the gospel of a default-deny policy with comprehensive oversight of data in transit, including secure sockets layer (SSL) encrypted traffic.
2. Invest in a federated identity and access management (IAM) platform.
When doing so, it’s key to:
• Sunset legacy directories for a modern IAM that supports single sign-on (SSO) and leverages protocols like security assertion markup language (SAML) to integrate with your cloud ecosystem.
• Simplify partner access. Giving a partner access to a particular application should not mean giving them full access to your network. If an employee at your partner’s organization leaves, you should not have to worry about whether they still have access to your application.
3. Revisit your endpoint management system.
As workers move to the cloud, IT leaders must reevaluate endpoint management. Will corporate endpoint management processes adapt to a “cloud way of work”? Two practices to consider incorporating for endpoint management in a cloud environment:
• Integrate endpoint management into security operations center (SOC) workflows. Infected machines and devices must be controlled and isolated.