In this episode of The Digital Decode, Campbell Macinnis and Andy Richter, Senior Solutions Architects at Presidio, share their insight into building secure cloud networks that can meet the adapting needs of a company.
A successful cloud structure must not only meet the current needs of a company and be flexible enough to adapt to future challenges.
Join us as we discuss:
- Verifying core control requirements
- Setting governance criteria with clients
- Designing for visibility, functionality and security
Verifying core control requirements
First and foremost, companies looking to migrate to a cloud network should be aware of their core control requirements, as well as the fact that these requirements might change along with the cloud infrastructure and applications.
While security control and regulatory requirements will not typically change too much, Andy, who also serves as a distinguished engineer at Presidio, explained that it is likely for different infrastructure components to be swapped in and out to meet an organization’s core requirements.
The infrastructure can change pretty quickly as well, so it’s vital to verify the core control requirements. Then, Andy said you can use cloud native functions as necessary or deploy a third party solution – whatever fits your requirements best.
But even in those cases where infrastructure is changed through automation orchestration, the core requirements and how you verify those controls have been met will remain the same.
“Because all cloud infrastructure has so much automation orchestration built into it, it’s often much easier to swap them out if you have to.” — Andy Richter
Setting governance criteria with clients
So how exactly do you set the governance criteria with clients?
The answer is simple: by focusing on the appropriate security controls wherever that data happens to be. Although these tools can be stylistically and operationally different, Andy says they are, in fact, the same controls whether on-premises or in the cloud.
Firewalls, for example, are oftentimes physical components with clustering technology on-premises, but virtual and auto-scale in the cloud. The controls are basically the same and have similar functionality, but the infrastructure appears a little different, he explains.
So, when clients decide to make the switch from on-premises infrastructure to the cloud, it’s important to ask what solutions make the most sense in terms of what controls they already have in place, where their data is and how they are currently protected on premise.
These criteria then need to be translated appropriately to the cloud, which could mean reimplementing similar on premise technologies.
Andy pointed out that these controls will also be affected by the technology that’s available to the cloud and how users are accessing data.
For instance, in office settings where data is on-premises, web proxy servers, firewalls and EDR solutions would be implemented to protect clients from malware and viruses, but these same tools would not be necessary in work-from-home environments.
“We need to make sure we’ve set the governance criteria that we’re going to use to verify we’re meeting our security control requirements.” — Andy Richter
Designing for visibility, functionality and security
It’s also important that cloud networks are strategically designed for visibility, functionality and security.
This can be particularly challenging, noted Campbell, as some networking teams may not have the same support tools during enterprise class cloud deployment that they formerly had on premise.
One of the easiest ways to deal with these types of challenges is by finding people with a certain level of cloud networking expertise who can integrate complex solutions that will help ensure the cloud’s long term supportability and implement those solutions from the ground up.
Cloud networking teams should also be aware of building the proper redundancy, dealing with transit correctly and understanding how to scale solutions out on multi-cloud platforms.
All of this may entail a shift from cloud-native concepts and toward third-party solutions like overlay networks, Campbell said, which will provide a uniform technology, interface and operational support across all platforms, making it a “one-stop shop” for cloud networking.
“You need people who understand how networks should be designed — IP addressing, schema allocations, security controls, the whole nine yards.” — Campbell Mcinnis
While cloud networking can be simple in certain instances, most of the time it’s proven to be a difficult and intricate process. Fortunately, organizations interested in exploring the switch to cloud systems can leverage the help of Presidio.