• Home
  • >
  • Blog
  • >
  • Connecting and Securing Multi-Cloud

Connecting and Securing Multi-Cloud

Glenn Akester

Network Architect at Node4

Most businesses have now welcomed cloud or Software-as-a-Service (SaaS) platforms into their IT toolkit, realising the agility and flexibility they can provide. Forward-looking businesses are also moving on from this to introduce multiple-cloud platforms, capitalising on the strengths of each while reducing lock-in. A well-designed multi-cloud architecture can support and drive the growth of businesses. It is no surprise that “cloud first” and “born in the cloud” organisations are thriving, delivering services with little or no infrastructure. However, there are significant connectivity and security concerns that should not be overlooked.

Cloud-based services are typically immediately internet connected, allowing you to get started using new resources quickly. This does not necessarily mean that you should continue to access them in this way. Start by determining who needs to access the resource and where from. If the only access is from a private Wide Area Network (WAN), e.g. your company branch locations, then why leave this application publicly available? Cloud interconnects, SD-WAN or IPsec VPN can seamlessly connect multiple clouds to your central network. A good IT Managed Service Provider can deliver SLA-backed private connections from Multi-protocol Label Switching (MPLS) WAN’s to multi-cloud services. Examples of such being Microsoft Azure ExpressRoute, AWS Direct Connect and GCP Cloud Interconnect. Software-Defined WAN (SD-WAN) virtual appliances can also extend your network into the cloud. Network bridging between clouds is also possible, using technologies such as Virtual eXtensible Local Area Network (VXLAN). Simulating switched networks simplifies legacy application deployments on multi-cloud and hybrid cloud bursting.

Security is key in all of these scenarios, particularly if your cloud services are publicly available. Combining both public and private connectivity in the cloud furthers this by introducing another internet entry point to your network. Inclusive of Virtual Private Networks (VPN), which tunnel directly from the cloud to your private networks. The need for a holistic and integrated fabric of comprehensive security technologies is clear. These should apply across all IT platforms whether internal or external. Cloud is an extension of your estate, not a silo.

You should consider if cloud-native network and security services are enough. While tightly integrated with the cloud platform, native services cannot usually extend beyond the residing cloud, resulting in a separate set of technologies for each cloud, which is likely already different from what you use in other areas of your organisation. An SD-WAN solution with integrated security, multi-cloud support and an open ecosystem could help to alleviate some of these challenges. Built-in security ensures protection and containment at every network segment. Additionally, a single management platform for configuration, analytics and reporting ensures a common security posture and user experience network-wide. Using Application Programmable Interfaces (API) and telemetry you can have real-time monitoring, event correlation and automation capabilities at your fingertips. All while reducing complexity and management overheads, regardless of where you choose to deploy, or capacity burst applications and services. For SaaS applications, consider a Cloud Access Security Broker for equivalent protection.

When selecting a third-party solution, have a look at the breadth of their portfolio. Can they provide or integrate with all the network and security technologies required? Are multiple deployment options and form factors available for total flexibility along with deep integrations to multiple clouds and the ability to protect SaaS applications? Enhanced security capabilities such as Anti-Virus, Intrusion Detection and Prevention (IPS/IDS), Application Control, Data Leak Prevention (DLP) and Web Application Firewall (WAF) should be baked-in. Centralised management, analytics and event correlation is a must. These provide the simplicity and visibility required to manage large or disparate networks, identify potential issues before any disruption and rapidly respond to incidents. With this, you can form a secure and dependable multi-cloud strategy.