direct-to-cloud issues & implications dale mccarty
TRANSCRIPT
DTC IN THE NEWS
“Just Like Everything Else in the Enterprise Space, Security is About to be
Disrupted”
Mobile, Cloud & Social: Driving business beyond the corporate network (often without policy & protection)
Business Users go Mobile
Users work from home or on-the-go
Users who BYOD50%
90%
80% of my MLPS traffic used to be for applications at my HQ and 20% was Internet bound. Now it’s just the opposite.” – CIO, Fortune 50 company
“
Cloud Apps go Mainstream
Cloud-based applications used by an enterprise
50%
Social goes Enterprise
employees use Facebook at work
75%
TRENDS TRANSFORMING IT
This is the biggest transformation in IT security in the last 20 years.
MPLS backhaul kept life under control for IT
InternetBackhaul
On the Road/Mobile
Regional Gateway
Headquarters
Branch
Branch
Internet
VPNBackhaul
MPLS
Home/Hotspot
No policy or protection
TRADITIONAL IT
• Servers, applications & Data at Corp HQ or DC
• Protect the perimeter with firewalls
• Gateway proxies to protect Users
• MPLS backbone connected various offices
Internet breakout off-loaded MPLS circuits for ”trivial” applicationsOn the Road/Mobile
Regional Gateway
Headquarters
Branch
Branch
Internet
VPNBackhaul
MPLS
Home/Hotspot
No policy or protection
InternetBackhaul
THE NET EFFECT
• Perimeter becomes dynamic
• Applications & data are moving to the cloud
• Users embrace mobile apps
• Gateway proxies and firewalls get bypassed
Internet
DISAPPEARING PERIMETER
Full policy & protection
MPLS
On the Road/Mobile
Headquarters
Branch
Branch Home/Hotspot
Direct-to-Cloud reduces MPLS backhaul & improves user experience
Regional Gateway
• Perimeter becomes “the world wide web”
• The Cloud becomes a Data Center
• Users are going direct to net for applications
• Policy can only be enforced in the Cloud
GEOIP & “REAL” CLOUDS
Los Angeles Dallas
Chicago (East)Denver
Toronto
New York
Washington DC
Atlanta (South)S. Amer. Hub (Miami)
Paris
Sao PauloJohannesburg
LondonAmsterdam
Oslo
Bern
Frankfurt (West)Gdansk
StockholmMoscow
MumbaiChennai
Singapore
Sydney
Hong Kong
TokyoMadrid
TaipeiDubaiRiyadh
Cairo Kuwait City
Kuala Lumpur
Cape Town
San FranciscoSunnyvale
Santiago
Lima
AmmanAtlanta (North)
Herndon
Ft. Worth
Chicago (West)Frankfurt (South)
Nigeria
DIRECT-TO-CLOUD TOPOLOGY
Block the bad, protect the good
Global check post Enforces business policyMobile & Distributed Workforce
Regional Office
Home or Hotspot
HQ
On-the-go
Cloud Services
Social Media
Cloud Apps
Mobile Apps
Botnet
Exploits
Compliance-based security: URL filters & A/V Protection
Risk-based security: Behavioral Analysis & Data Loss Prevention
Not Infrastructure! (That is the role of traditional firewalls, IPS, etc.)Secure Users
Proxy-based Data Loss Prevention and SSL Intercept & DecryptProtect Data
Improve Response Time and Selective AccessEnable Applications
Prioritize bandwidth by application and reduce backhaulStreamline WAN
WHAT DIRECT-TO-CLOUD CAN …AND CAN’T DO