By: Scott Robertson, Vice President of Asia Pacific and Japan for Zscaler
Today’s business landscape requires organisations to be easily adaptable to change and to be prepared for what tomorrow will bring. Many companies see a move away from traditional network infrastructures to the cloud as a way to stay relevant today and ready for tomorrow.
However, the business efficiency and agility promised by the cloud can quickly disappear if the user experience is less than ideal and if transformation costs skyrocket out of control. Can organisations successfully tackle their transformation projects to avoid these pitfalls and fully realise the benefits of the cloud? This question seems up for debate, even among companies that have already begun their cloud journeys.
A recent survey by Atomik Research, which included 400 decision-makers in core European countries, found that only nine percent of companies in Germany, England, France, and the Benelux region are employing a holistic transformation approach. This strategy includes taking application, network, and security aspects into account at the same time when planning a cloud transformation.
That, of course, is just one strategy. According to the same survey, 21 per cent of companies start their journey with applications, 26 per cent use the network as the starting point, and one-third (33 per cent) begin by transforming security. In 11 per cent of the companies surveyed, decision-makers consider the transformation of applications together with that of the network.
What’s clear from this survey that organisations take a wide variety of approaches when it comes to a transformation project. However, a holistic approach just might be the best way to ensure a successful transformation journey.
Network topologies for the cloud?
Businesses are advised to take holistic considerations into account during an application transformation as early as the planning phase. This means that the decisions for a cloud project should not be started in isolation from a single business unit, because such siloed thinking leads to negative performance and spiralling costs. If an application is pushed into the cloud without the network and security teams being involved in the planning stage, problems are inevitable.
A traditional network topology can’t meet the needs of the cloud. Users are not directly connected to applications in the cloud when using a classic hub-and-spoke network. Whether at the headquarters, at a branch office, or from another remote location, users accessing cloud-based apps and content must take a detour via the data centre, which creates latency as this connection is never the shortest or most time-saving path.
This detour can also help explain the skyrocketing costs. Traffic from remote users goes through the MPLS lines several times through this detour. In addition, the increase of Internet-bound traffic must be taken into account. Office 365, the most popular cloud-based application suite and the one that launches many companies’ journey to the cloud, can increase traffic substantially. For good reason, the recommendation in the Microsoft Design Guide is to rely on direct internet connections at each location to give employees the shortest path to applications in the cloud.
Security for the cloud – from the cloud
Businesses must understand that a cloud-ready network should be built before deploying a cloud-based application, and part of the building process involves changes to the security infrastructure. If applications are to leave the network and a mobile user wants to access data in the cloud, security hardware at the perimeter becomes a bottleneck for this traffic. Here the second silo opens up. The security team must be invited to the table when a transformation project is planned.
The specific security requirements of cloud-based projects have to be considered. If only the network team is consulted, but not the security expert, the following aspects are often overlooked in the planning phase:
- Is the existing proxy designed to cope with increasing network traffic?
- Is the appliance capable of scanning traffic for the rising volume of malware that hides behind SSL encryption?
- Is the firewall also keeping up with the new data volume and parallel connections, which are required for the Office 365 example?
- In short, not only is there more data traffic, but there are also new requirements for the security infrastructure as applications move to the cloud.
If companies anticipate the move and provide local internet breakouts, the security infrastructure must also be maintained locally because the traditional security infrastructure around the centralised data centre would, in turn, be associated with a detour. The solution cannot be to install stacks of appliances at each site, as cost and administrative overhead make such a move impossible.
Securing local breakouts requires a security stack in the cloud with all the necessary security modules, from the next-generation firewall to cloud sandboxing and data loss prevention. Cloud-delivered security as a service reduces the administrative burden through a high degree of integration and therefore a short path to log correlation. And security from the cloud scales easily with increased data volume and ensures the correct path for business-critical applications through bandwidth management.
Working hand in hand
According to the survey, one-third of decision-makers are already adapting security requirements as part of their transformation. Building on this progress, the network topology should also be cloud-ready to intercept bottlenecks as applications move to the cloud. That means that the one-quarter of companies that said they want to start with application transformation should reconsider their strategy.
All in all, transformation efforts in all three areas must go hand in hand and be planned jointly by all departments from the start. In such a scenario, companies actually benefit from their cloud transformation right from the beginning.
Scott Robertson is the Vice President of the Asia Pacific and Japan for Zscaler. Mr Robertson has more than 20 years of experience in IT and IT Security, having previously held senior leadership positions at WatchGuard, CRYPTOcard and Microsoft. He has a combined MBA from the University of Washington and Macquarie Graduate School of Management, with a concentration in entrepreneurial studies.