Transcript Document
DIRECT-TO-CLOUD
Issues & Implications
Dale McCarty
DTC IN THE NEWS
“Just Like Everything Else in the
Enterprise Space, Security is
About to be Disrupted”
TRENDS TRANSFORMING IT
Business Users go Mobile
90%
Users work from home or
on-the-go
50%
Users who BYOD
Cloud Apps go Mainstream
50% Cloud-based applications
Mobile, Cloud & Social: Driving business
beyond the corporate network
(often without policy & protection)
used by an enterprise
“
Social goes Enterprise
75%
employees use
Facebook at work
80% of my MLPS traffic used to be for applications
at my HQ and 20% was Internet bound.
Now it’s just the opposite.” – CIO, Fortune 50 company
This is the biggest transformation in IT security in the last 20 years.
TRADITIONAL IT
Branch
Home/Hotspot
• Servers, applications &
Data at Corp HQ or DC
• Protect the perimeter with
firewalls
No policy
or protection
Internet
Backhaul
Headquarters
• Gateway proxies to
protect Users
Internet
• MPLS backbone
connected various offices
MPLS
VPN
Backhaul
Regional
Gateway
On the Road/Mobile
Branch
MPLS backhaul kept life under control for IT
THE NET EFFECT
Branch
• Perimeter becomes
dynamic
• Applications & data are
moving to the cloud
• Users embrace mobile
apps
• Gateway proxies and
firewalls get bypassed
Home/Hotspot
No policy
or protection
Internet
Backhaul
Headquarters
Internet
MPLS
VPN
Backhaul
Regional
Gateway
On the Road/Mobile
Branch
Internet breakout off-loaded MPLS circuits for ”trivial” applications
DISAPPEARING PERIMETER
Branch
• Perimeter becomes
“the world wide web”
• The Cloud becomes a
Data Center
• Users are going direct
to net for applications
• Policy can only be
enforced in the Cloud
Home/Hotspot
Full policy
& protection
MPLS
Headquarters
Internet
Regional
Gateway
On the Road/Mobile
Branch
Direct-to-Cloud reduces MPLS backhaul & improves user experience
GEOIP & “REAL” CLOUDS
Oslo
San Francisco
Sunnyvale
Los Angeles
Toronto
Chicago (West)
Chicago (East)
Denver
Dallas
Ft. Worth
New York
Herndon
Washington DC
Atlanta (North)
Atlanta (South)
S. Amer. Hub (Miami)
Stockholm
Moscow
Gdansk
Amsterdam
Frankfurt (West)
London
Frankfurt (South)
Paris
Bern
Madrid
Amman
Cairo
Riyadh
Tokyo
Kuwait City
Dubai
Nigeria
Hong Kong
Taipei
Mumbai
Chennai
Kuala Lumpur
Singapore
Lima
Sao Paulo
Santiago
Johannesburg
Cape Town
Sydney
DIRECT-TO-CLOUD TOPOLOGY
Mobile & Distributed Workforce
Global check post
Enforces business policy
Cloud Services
Block the bad, protect the good
Regional
Office
Botnet
Cloud Apps
HQ
Mobile Apps
Home
or Hotspot
Exploits
Social Media
On-the-go
Compliance-based security: URL filters & A/V Protection
Risk-based security: Behavioral Analysis & Data Loss Prevention
WHAT DIRECT-TO-CLOUD CAN
…AND CAN’T DO
Secure Users
Not Infrastructure! (That is the role of traditional firewalls, IPS, etc.)
Protect Data
Proxy-based Data Loss Prevention and SSL Intercept & Decrypt
Enable Applications
Streamline WAN
Improve Response Time and Selective Access
Prioritize bandwidth by application and reduce backhaul
QUESTIONS?
(and thank you for your attention!)