BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

An Ex-DOD Hacker Raises $20 Million To Stop ChatGPT-Fueled Cyberattacks
Tech Firms Pledge To Eliminate AI-Generated CSAM
Taser Company Axon Is Selling AI That Turns Body Cam Audio Into Police Reports
European Commission Launches Another TikTok Probe
Election 2024: Championing Proactive Cybersecurity To Fortify National Security
Malvertising Slips Through: Boosting Digital PR And Ad Safety Is Vital
Edit Story
ForbesInnovationCybersecurity

The Three Stages Of Cloud Transformation: Application, Network, Security

Richard Stiennon
Former Contributor
Opinions expressed by Forbes Contributors are their own.
Industry analyst. Author.
This article is more than 5 years old.

A data center

IT-Harvest Press content

From mainframe, to client-server, to web, to cloud, IT architectures have evolved to support the way people demand to work. In a sense, everything old is new again: Modern cloud-computing technology shares user commonalities -- specifically, the ability to connect remotely -- with a mainframe architecture, except the cloud is considerably more highly-distributed, scalable, and resilient

Early computing architects could never have imagined the limitless size, breadth of scope, and always-on availability of today’s cloud computing. Infrastructure-as-a-Service platform providers like Amazon, Microsoft, and Google have invested heavily to be able to offer elastic, pay-as-you-go, cloud services. Those same services have effectively displaced on-site computing and even private data centers. The cloud is no longer a playground for IT experimentation but rather an operational mandate for enterprises of all sizes.

There are three stages to the enterprise cloud transformation journey: Application, Network, and Security.

1. Application Transformation

Innovative software providers like Salesforce ushered in the era of Software as a Service (SaaS). Salesforce’s CRM offering quickly displaced incumbent enterprise internal-hosted contact management systems. (Anyone remember Siebel? Act!?) Similarly, Microsoft moved its Microsoft Office suite of email and productivity tools to the cloud with Office 365.

SaaS offers enterprises several advantages to shrink-wrapped alternatives:

•    Subscription pricing instead of software licensing.

•    Scalability: One-size-fits-all from five users to thousands.

•    Availability: Maintenance, support, and uptime are all the responsibility of the provider.

•    Dynamic upgrades: Users log on Monday morning and discover significant upgrades that have been made over the weekend. They can start to use them right away, without having to wait for the IT team to test the updates, schedule downtime, and roll them out.

Cloud transformation also provides enterprises with an ideal opportunity to better manage corporate applications. Most enterprises have embarked on migrating internal applications to the cloud in three tranches:

1.    Lift & Shift: Take internal apps that are already web-enabled and host them in the cloud.

2.    Partial Refactoring: Move elements of an application stack, usually the front-end, to the cloud. Leave legacy data-processing and storage in the corporate data center (for now).

3.    Refactoring: Re-write applications for the cloud. Host the entirety of the application --  front-end, middleware, and database -- in the cloud.

2. Network Transformation

In the old world of legacy hub-and-spoke corporate networks, applications were hosted in the data center, and users accessed them via the corporate network, and -- always -- within the confines of the perimeter-based firewall. To connect, users logged on via a VPN (over SSL or IPSec), connected to a VPN concentrator back at HQ, and traveling via (expensive) MPLS circuits to their desired application destination.

Cloud-computing breaks the legacy network model. MPLS hair-pinning degrades the user experience, particularly when users are accessing cloud applications like Office 365. Users demand to connect directly to internet and cloud resources, from home, the coffee shop, or on a plane. Hub-and-spoke networks constrain that growing traffic, routing it over a spotty VPN to the local hub, filtering it through a stack of (expensive) security hardware appliances, out through a secure web gateway to the cloud. Cloud access requires bandwidth, and enterprises struggle to keep up with bandwidth demand (and to pay for it).

Users connecting directly to cloud resources via local internet breakouts represent the promise of network transformation. The approach is supported by Software-Defined Networking (SDN) capabilities that recognize traffic destination and route it to the corporate data center or out to the internet. And that broadband internet connection is considerably cheaper to manage than leased MPLS lines.

3. Security Transformation

Legacy network security models protected the entire corporate network. But how can an enterprise protect users bypassing the old network on the way to the cloud?

Security transformation should start with deploying Zero-Trust networking, an approach that establishes a default-deny posture for all network data and traffic interactions. Second, move on from legacy security to dynamic, continuous adaptive trust and threat mitigation.

The legacy castle-and-moat network security model relies on IP address for authentication. That’s a start, but with today’s threat landscape, it’s not secure: Go to any website. You can quickly determine the IP address. You can try to log into the page multiple times. You can try different ports for FTP, Finger, or telnet. A hacker can attempt cross-site scripting or SQL injection attacks. A nation-state can intercept the connection and inject their own malware to infect the end user’s computer or smartphone.

In an SDN-enabled Zero-Trust environment, the corporate application (whether hosted in a data center or in the cloud) is never exposed to the open internet. It is discoverable only to authorized users. Cloud-based inline security–a security check post–identifies the user requesting access and authenticates access privileges. This check post informs the application which then connects the user device to the resource.

The cloud-based inline security check post uses a granular policy engine that can enforce each user’s access to each application. Traffic goes through multiple filters much like a UTM device, except the architecture is multi-tenant and scalable. And each user benefits from the threat-intel derived from all user traffic.

-----------------------------------------

The implications of cloud transformation are readily apparent. More efficient IT leads to more efficient business processes which leads to higher enterprise productivity. Better security is delivered at a lower cost.

Similar to how SaaS spells the end of licensed, on-prem enterprise software, the new cloud security architecture signals the demise of the overburdened network security hardware stack in front of the data center and its cumbersome refresh cycle. The internet has replaced the corporate network. The cloud has replaced the corporate data center.

Follow me on LinkedInCheck out my website
Richard Stiennon
Richard Stiennon