Ten tips to meet cloud challenges

Arashad Samuels, Cisco SecOps Lead – Africa.

---

COVID-19 had a major impact on cloud adoption. As organisations moved quickly to the cloud because of its reach, economy and scalability, cloud usage rose significantly.

However, while cloud provided an effective solution to the challenges posed in terms of a dispersed workforce, it also increased concerns about security – and raised unexpected issues around cloud costs.

Another problem, identified in the latest cloud research, is that the acceleration of migration to the cloud aggravated the widespread lack of resources and expertise, and many organisations found their cloud migration projects were tougher than they anticipated.

A 2021 Cloud Security report revealed that while adoption of cloud computing continues to surge, security concerns are also increasing. Nine out of 10 cyber security professionals who participated in the Crowd Research Partners survey confirmed they were concerned about cloud security. That was 11 percentage points up on the previous year.

Enter SASE (secure access service edge) – pronounced “sassy” – which, according to Arashad Samuels, SecOps Lead at Cisco Africa, offers an elegant solution to these problems

“Given that existing network approaches and technologies are unable to meet the needs of organisations for immediate, uninterrupted user access, there is a need for a new approach to cloud and network security. That’s SASE,” he says.

Gartner first described this emerging cyber security concept in August 2019 and expanded on it in its 2021 Strategic Roadmap for SASE Convergence. Gartner predicts that by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at the start of 2019.

According to Samuels, SASE combines networking and security functions in the cloud to deliver seamless, secure access to applications regardless of the user’s location by consolidating core functions.

However, Gartner warns that when looking at SASE offerings, software architecture and implementation really matters, particularly as some service providers have rushed to market with inconsistent services, poor manageability and high latency as a result of linking a large number of features via VM service chaining.

Samuels agrees and emphasises that organisations can only unlock the full benefits of a SASE model by working with a single vendor who can bring together best-in-class networking, security and observability.

“It’s important to remember that SASE is not just about using security and networking products that are delivered from or managed in the cloud – there are thousands of different products that offer this today. Moving to the cloud alone doesn’t solve your complexity problem – it simply shifts it to the cloud. Instead, these networking and security functions need to be completely integrated in a single service that’s easy to procure and set up, and simple to use,” he explains.

So, for example, Samuels recommends that multiple security services such as software-defined wide area network, secure web gateway, firewall as a service, cloud access security broker, and zero-trust network access be centrally managed and delivered in a single integrated cloud service. This should have the ability to identify sensitive data or malware, and to decrypt content at line speed while continuously monitoring sessions for risk and trust levels.

“Having all this functionality in a single platform is important because it helps to reduce the time, money and resources previously required for deployment, configuration and integration tasks,” he says.

“Equally important is having the flexibility to deploy what is needed by location and users. For example, some users may require DNS-layer security while for others, deeper inspection with the secure web gateway or cloud-delivered firewall is needed.”

When considering a SASE offering, Samuels believes that by asking the following 10 questions, organisations will be assured of getting the service they need to reap the full benefits of cloud:

1. Does the solution deliver converged networking and security in the cloud with end-to-end observability from the user all the way to applications, over any network and cloud?
2. Does it utilise the fastest, most reliable and secure path to the cloud?
3. Is there secure access to applications, data and the internet for remote workers, fixed locations, workloads and IOT or internet-facing devices?
4. Does the system enable zero-trust network access through the verification of user identities and the health of their devices on a per-session basis?
5. Can the solution quickly pinpoint application and network performance issues so as to ensure the best possible service delivery and application experience for users?
6. Can it quickly provision thousands of locations anywhere in the world?
7. Does the solution have the ability to scale up and down from your level of service, features that you use and the number of connections you require?
8. Does the provider offer an 'as a service' model that delivers simplicity, predictability and intelligence?
9. Is data loss prevented? Can the system see and block sensitive data from being transmitted to unwanted destinations, and if so, does this facility also support compliance mandates?
10. Is there cloud malware detection to remove malware from cloud-based file storage applications? This is particularly important as organisations move business-critical data to cloud-based applications.

“It’s also a good idea to opt for a system with SD-WAN and cloud security integration as this speeds up the deployment of cloud-native security across distributed locations with simplified Internet Protocol security (IPSec) tunnel in place,” Samuels says.

“By leveraging the cloud through SASE to remove complexity from infrastructure and provide immediate scalability, organisations will have greater agility, enabling them to quickly adapt to planned – and unexpected – change.”