Loading ...

Multicloud and security | IOA Knowledge Base Community

Posted in: All Community Discussions    IOA Knowledge Base Community

Multicloud and security

Subscribe to RSS
  • rmeyer


    How can we secure multi cloud application interactions without incurring things like added cost & complexity?  The blueprints don't seem call this out much.



  • brysonhopkins

    The customers I've worked with have the most success by doing the following:

    The first step is looking at the paths applications in a multi-cloud work stream require. Then look for the intersection points of network and cloud providers to optimize the path via interconnection.  This point where the clouds come together is where we are able to connect and bridge multi-cloud environments efficiently. 

    For example, eight of the major CSP (e.g. Google, AWS, Azure, Oracle) all intersect their networks in Ashburn, VA. and connect private, virtual networks and serviced from different CSPs to each other over a direct interconnect.  An alternative is to do this across the Internet using some type of overlay topology to connect the private environment together. Using overlay networking introduced, ins some cases, excessive overhead, costs and performance limitations. 

    The second step is to layer in policy enforcement and gain visibility of those application's interactions.  We can leverage the same point we used to optimize the network path and a convenient point to implement security policy. 

    Does the start to answer your question?  Feel free to provide any more specific challenges or questions. 



  • rmeyer

    Thanks Bryson,

    What about managing security risk as the network expands and becomes more distributed?  

  • brysonhopkins

    Thanks for the follow up question.

    We've seen companies looking for the balance between the needs of the enterprise functions at their edge and fortifying network defense by reducing the attack surface.  

    Enterprise customers can sometimes get the benefit of both improved security and network (internal or external) access by regionally aggregating connections into a core networking/function node.  The consolidation of external connections (e.g. partner connection, Internet services) reduces the external network exposure and creates a control point for security policy enforcement and monitoring.  The Security Blueprint  contains these kind of best practices. 

    FYI -  this is a good article talking about how the center of gravity of data production and computing is moving away from central data centers and out to the edge. It references Privacy & Security as one of four major problems with today's cloud that must be overcome:

    Hope this was helpful -- if you have any other follow up questions, please let me know. 

Page 1 of 1 (4 items)