This article originally appeared in CloudTech.
As applications increasingly move to the cloud, businesses often voice concerns about soaring WAN costs as well as latency issues when accessing apps. The much-anticipated benefits of a cloud transformation, including greater efficiency and agility, risk being eroded when the user experience is unsatisfactory and costs spin out of control.
How, then, can organisations successfully tackle their transformation projects to avoid these pitfalls and fully realise the benefits of the cloud? This is a contentious issue, even for companies that have already begun their cloud journeys.
According to our own recent independent survey, which included 400 decision-makers in four European countries, fewer than one in 10 companies (nine percent) in Germany, England, France, and the Benelux region are employing a holistic transformation approach, which includes taking application, network, and security aspects into account at the same time.
Furthermore, 21 percent of companies reported starting their journey with applications; 26 percent used the network as the starting point, and one-third (33 percent) began by transforming security. In 11 percent of the companies surveyed, decision-makers actually considered the transformation of applications together with that of the network. The results demonstrate that there is no consistent way to approach a transformation project.
Network topologies for the cloud?
As early as the planning phases, businesses should look at transformation holistically. This means that the decisions for a cloud project should not be started in isolation from a single business unit, because such siloed thinking leads to negative performance and spiraling costs. If an application is pushed into the cloud without the network and security teams being involved in the planning stage, problems are inevitable.
A traditional network topology is not designed to meet the needs of the cloud. Users are not directly connected to applications in the cloud when using a classic hub-and-spoke network. Whether at the headquarters, at a branch office, or from another remote location, users must always take a detour via the data centre, which creates latency as this connection to the internet is never the shortest or most time-saving path.
This detour can also help explain the skyrocketing costs. The traffic from remote users goes through the MPLS lines several times through this detour. In addition, the increase of internet-bound traffic must be taken into account. Office 365, the most popular cloud-based application suite and the one that launches many companies’ journey to the cloud, can increase traffic substantially. For good reason, the recommendation in the Microsoft Design Guide is to rely on direct internet connections at each location to give employees the shortest path to applications in the cloud.
Security for the cloud, from the cloud
Businesses must understand that a cloud-ready network should be built before deploying a cloud-based application. Part of the building process involves changes to the security infrastructure. If applications are to leave the network and a mobile user wants to access data in the cloud, security hardware at the perimeter becomes a bottleneck for this traffic. Here the second silo opens up. The security team must be invited to the table when a transformation project is planned. The specific security requirements of cloud-based projects have to be considered.
If only the network team is consulted, but not the security expert, the following aspects are often overlooked in the planning phase:
- Is the existing proxy designed to cope with increasing network traffic?
- Is the appliance capable of scanning traffic for the rising volume of malware that hides behind SSL encryption?
- Is the firewall also keeping up with the new data volume and parallel connections, which are required for the Office 365 example?
In short, not only is there more data traffic, but there are also new requirements for the security infrastructure as applications move to the cloud. If companies anticipate the move and provide local internet breakouts, the security infrastructure must also be maintained locally because the traditional security infrastructure around the centralised data centre would, in turn, be associated with a detour.
The solution cannot be to install stacks of appliances at each site, as cost and administrative overhead bar such a move. To secure local breakouts, the solution is a security stack in the cloud with all the necessary security modules, from the next-generation firewall to cloud sandboxing and data loss prevention.
Cloud-delivered security as a service reduces the administrative burden through a high degree of integration and therefore a short path to log correlation. And security from the cloud scales easily with increased data volume and ensures the correct path for business-critical applications through bandwidth management. Application, security, and network transformation must go hand in hand.
According to our research, a third of decision-makers are already adapting security requirements as part of their transformation. Building on this progress, the network topology should also be cloud-ready to intercept bottlenecks as applications move to the cloud. That means that the 25 percent of companies that said they want to start with application transformation should reconsider their strategy. All in all, transformation efforts in all three areas must go hand in hand and be planned jointly by all departments from the start. In such a scenario, companies will benefit from their cloud transformation right from the outset.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mathias Widler is Zscaler Regional Vice President and General Manager, Central EMEA