Transcript Document
DIRECT-TO-CLOUD Issues & Implications Dale McCarty DTC IN THE NEWS “Just Like Everything Else in the Enterprise Space, Security is About to be Disrupted” TRENDS TRANSFORMING IT Business Users go Mobile 90% Users work from home or on-the-go 50% Users who BYOD Cloud Apps go Mainstream 50% Cloud-based applications Mobile, Cloud & Social: Driving business beyond the corporate network (often without policy & protection) used by an enterprise “ Social goes Enterprise 75% employees use Facebook at work 80% of my MLPS traffic used to be for applications at my HQ and 20% was Internet bound. Now it’s just the opposite.” – CIO, Fortune 50 company This is the biggest transformation in IT security in the last 20 years. TRADITIONAL IT Branch Home/Hotspot • Servers, applications & Data at Corp HQ or DC • Protect the perimeter with firewalls No policy or protection Internet Backhaul Headquarters • Gateway proxies to protect Users Internet • MPLS backbone connected various offices MPLS VPN Backhaul Regional Gateway On the Road/Mobile Branch MPLS backhaul kept life under control for IT THE NET EFFECT Branch • Perimeter becomes dynamic • Applications & data are moving to the cloud • Users embrace mobile apps • Gateway proxies and firewalls get bypassed Home/Hotspot No policy or protection Internet Backhaul Headquarters Internet MPLS VPN Backhaul Regional Gateway On the Road/Mobile Branch Internet breakout off-loaded MPLS circuits for ”trivial” applications DISAPPEARING PERIMETER Branch • Perimeter becomes “the world wide web” • The Cloud becomes a Data Center • Users are going direct to net for applications • Policy can only be enforced in the Cloud Home/Hotspot Full policy & protection MPLS Headquarters Internet Regional Gateway On the Road/Mobile Branch Direct-to-Cloud reduces MPLS backhaul & improves user experience GEOIP & “REAL” CLOUDS Oslo San Francisco Sunnyvale Los Angeles Toronto Chicago (West) Chicago (East) Denver Dallas Ft. Worth New York Herndon Washington DC Atlanta (North) Atlanta (South) S. Amer. Hub (Miami) Stockholm Moscow Gdansk Amsterdam Frankfurt (West) London Frankfurt (South) Paris Bern Madrid Amman Cairo Riyadh Tokyo Kuwait City Dubai Nigeria Hong Kong Taipei Mumbai Chennai Kuala Lumpur Singapore Lima Sao Paulo Santiago Johannesburg Cape Town Sydney DIRECT-TO-CLOUD TOPOLOGY Mobile & Distributed Workforce Global check post Enforces business policy Cloud Services Block the bad, protect the good Regional Office Botnet Cloud Apps HQ Mobile Apps Home or Hotspot Exploits Social Media On-the-go Compliance-based security: URL filters & A/V Protection Risk-based security: Behavioral Analysis & Data Loss Prevention WHAT DIRECT-TO-CLOUD CAN …AND CAN’T DO Secure Users Not Infrastructure! (That is the role of traditional firewalls, IPS, etc.) Protect Data Proxy-based Data Loss Prevention and SSL Intercept & Decrypt Enable Applications Streamline WAN Improve Response Time and Selective Access Prioritize bandwidth by application and reduce backhaul QUESTIONS? (and thank you for your attention!)