It’s Time to Get Multicloud Security Right

By praviraj posted 04-23-2018 16:41



Here’s some advice:  use the term “multicloud” now, while it still means something.


According to market research firm IDC, by the year 2021, enterprises will be spending close to half a trillion dollars on cloud.  More than 90% of those deployments will be multicloud.  At that point, explicitly labeling a deployment as “multicloud” will be pointless, since it will effectively be the de-facto standard by then.


While multicloud is the ultimate destination, however, security is the Number 1 concern.


 Figure 1: Key Multicloud StatisticsFigure 1: Key Multicloud Statistics 

In a previous post, I wrote about how price, agility, scale, and global footprint are key considerations for customers choosing between cloud platforms. However, the sophistication of emerging technologies such as machine learning, artificial intelligence, Internet of Things (IoT), and image and voice services—which are now built into the cloud platform—are already having a major impact on how enterprises design their multicloud deployments.  


In this hyper-demanding market, leveraging these technologies is critical for businesses to remain competitive and meet customer demands.  If you are responsible for your organization’s security, helping your business adopt these technologies and deployment models while keeping the network safe from attack is your primary challenge.




Figure 2: Key Challenge for CISOs and Security AdminsFigure 2: Key Challenge for CISOs and Security Admins


Like all things related to security, this is easier said than done. Let’s break down this colossal challenge:


The first thing to consider is the ongoing evolution of cyberattacks.  New malware and ransomware is emerging all the time, resulting in more and more money being lost to data breaches.  This is not new information.  What is alarming is the fact that, with multicloud deployments, the attack surface is much larger, and the native security offered by cloud providers does not provide sufficient protection against these emerging threats.


Second, even when a threat is accurately detected, traditional workflows require manual steps to quarantine an intruder or an infected host.  This takes time and does not scale well, preventing a timely counter-response.  That means, while a defense is mounted, the threat has time to propagate to other systems in the network.


A third major challenge with multicloud is related to managing different cloud-specific security policies. This leads to risky discrepancies across deployments, compromising the security posture. Also, VMs are dynamically created and terminated in the cloud, making traditional IP-based security policies too rigid.


Figure 3: Challenges in Securing Multicloud DeploymentsFigure 3: Challenges in Securing Multicloud Deployments


So how can enterprises defend their multicloud deployments?  Let's take a look at a three-pronged approach using Juniper Networks Unified Cybersecurity Platform powered by the Software-Defined Secure Networks (SDSN).


  • Adopt Operational Simplicity.  Start with a single pane-of-glass management solution to monitor and enforce security across all cloud deployments. Then switch to a dynamic policy model that utilizes end-point metadata rather than IP addresses and use the same security policy throughout the enterprise.



Figure 4: Operational SimplicityFigure 4: Operational Simplicity



  • Deploy Pervasive Security. Extend the same security capabilities from on-premises deployments to the cloud with next-generation firewall services (NGFWS), advanced threat prevention (ATP), and secure IPsec connectivity between deployments. This ensures a consistent posture across all deployments and blocks threats from entering your network in a north-south direction. Implement microsegmentation to block internal threats from propagating laterally (east to west).


 Figure 5: Pervasive SecurityFigure 5: Pervasive Security




  • Implement End-to-End Automation. Use accurate threat detection technologies and deploy automated threat remediation to block threats at a network level in a public cloud, private cloud, or on-premises deployment without writing a single line of code. Juniper’s Junos® Space Security Director Policy Enforcer tool supports integration with third-party switches, wireless access points, and endpoint security solutions, making it easy to insert future-proofed security in to your multivendor deployment without having to rip and replace the existing infrastructure. Juniper’s Junos operating system also comes with a powerful SDK and REST APIs, and integrates with tools such as Chef, Puppet, Ansible, and Saltstack, allowing the seamless insertion of security into your agile DevOps workflows. It even has a built-in Python interpreter so you can run automation scripts right from Junos.


Figure 6: End-to-End AutomationFigure 6: End-to-End Automation


By following the robust strategy detailed above, we believe enterprises can deploy future-proofed security in their multicloud deployments. To learn more about Juniper’s Unified Cybersecurity Platform for multicloud, check out the video below and the attached poster for links to related solution briefs.







Poster:Artboard 1.png

 Download it here