IN a pandemic ravaged world, organisations need to find ways to enhance their cloud security to support seamless remote access without affecting employees’ productivity.
According to O’Reilly’s Cloud Adoption in 2020 report, 88% of organisations were already using cloud infrastructure even before the pandemic.
As the world replaced face-to-face business with online interactions, access from anywhere has become the norm, and organisations have to support their hybrid workforce with the required tools to ensure business continuity.
The challenges of allowing access from anywhere, from any devices dramatically increases the attack surface area of business and poses significant risks such as the propagation of malware and identity thief from hackers.
In a recent webinar, Jeff Yeo, Cisco regional technical solutions architect (Asean and Greater China), pointed out that migrating to the cloud saves time and money for organisations.
“Traditionally, you will have to buy a data centre, equipment, and real estate, and employ a group of people to manage this. However, today I can use my credit card, put in the details into a web portal and get Microsoft 365 in a snap,” said Yeo, who has over 13 years of regional experience in Asia-Pacific, Japan and China.
Yeo also noted that the SaaS model provides flexibility is very advantageous because organisations only pay for what they consume and Security such as Cisco Duo can also be deployed on demand to mitigate risks and meet with compliance for businesses.
Yeo added that cloud computing can be an extension of business continuity and disaster recovery plans.
Today, many Cloud Services have adequate Security and Compliance built into the platform with standards such as SOC2 and CSA STAR Certification.
This supports the overall compliance for external audits and government regulations while focusing on keeping customers’ data safe and secure.
“Today, we access consumer apps and data from our mobile phones and laptops, and the approach really needs to change. So that’s where SASE (secure access service edge) comes in,” he said.
Yeo explained that SASE combines networking and security functions in the cloud to deliver seamless, secure access to applications, anywhere users work.
Core functions include SD-WAN (software-defined wide-area network), secure web gateway, firewall as a service, cloud access security broker, and zero-trust network access.
The SASE model aims to consolidate these functions in a single, integrated cloud service.
The benefits of a SASE model are unlocked by working with a single vendor who can bring together best-in-class networking, security, and observability – while offering the flexibility and investment protection to transition to the cloud at your pace.
Yeo also talked about Cisco Duo’s access security which shields applications from compromised credentials and devices with technology such as multi-factor authentication (MFA) and dynamic posture assessment.
Other network security issues that Yeo highlighted include phishing attacks to steal user data, which are very common.
Yeo emphasised that Cisco’s approach to SASE results in predictable performance, and helps businesses become more agile by leveraging cloud security and deployments.
“This is where we converge everything together – networking and security end-to-end observability of all the users from your applications from any network.
“We’ve also optimised performance to ensure fastest and most reliable secure path to the cloud, and adopt the zero-trust framework. We verify that the devices are healthy, we challenge users every single time that they connect to an app and this is on a per session basis.
“And we can quickly pinpoint network performance issues – if there is a lag, or a DNS (domain name system) issue – in a very seamless fashion,” he said.
Yeo also highlighted Cisco Duo’s VPN (virtual private network) – less solution, where users can connect to apps and data without a the use of a traditional VPN.
“We have the Duo Network Gateway (DNG), and this acts as a reverse proxy.
“As an end user, it means that with the use of a web browser, I can access my corporate data centre hosted web application without establishing a VPN.
“To ensure identity access is secure, we do MFA, health checks on the endpoints and the DNG secures all traffic being transmitted over the internet,” he said, adding that only authorised devices get to connect into specific resources in the core infrastructure.
This provides better segmentation compared to a traditional VPN.
“We can ensure that bring-your-own-device (BYOD) have no access into the core infrastructure,” he said.
He explains that compliance with company security policies can be enforced on the endpoint systems.
“With the Duo Device Health App, we can manage this directly from the cloud which makes things really simple and easy for the end user. The agent checks for posture on the endpoint and remediation due to non-compliance, can be self-serviced or guided,” said Yeo.
He also noted that traditional on-premises VPN will still be around for a long time, due to legacy applications.
Cisco Umbrella offers flexible, cloud-delivered security when and how organisations need it.
It combines multiple security functions into one solution, so organisations can extend protection to devices, remote users and distributed locations anywhere.
Yeo pointed out that “SASE is a journey and not a one-stop solution.” While embarking on a SASE solution, it should also be integrated with the Zero Trust Framework to enhance the overall security architecture.
Yeo said the SASE model consolidates numerous networking and security functions – traditionally delivered in siloed point solutions – in a single, integrated offering.
“This would provide better alignment between Networking and Security, to support an agile business strategy,” he said.
Visit ciscodesignedtool.com.my and get suggestions on IT solutions that suit your business needs.
Jeff Yeo spoke at the “Embark on a ‘SASSY’ Journey To Protect Your Cloud” webinar on Jan 20, organised by Star Media Group in partnership with Cisco.
Catch the replay of the webinar at bit.ly/cisco20janfb