Cloud Security

Building Security For the Cloud-Based Enterprise

Many organizations are engaged in digital transformation initiatives designed to improve the customer experience or to enable an organization to operate more efficiently and profitably. In some cases, these initiatives have resulted in the deployment of Internet of Things (IoT) devices to monitor machinery and remote locations. In others, companies have adopted bring your own device (BYOD) policies to enable employees to work with the devices with which they are most familiar.

The most common change that organizations adopt as part of their digital transformation strategy is to move data storage and applications from on-premises to the cloud. However, this shift to cloud computing creates security problems that are best solved using cloud-based software-defined wide area networking (SD-WAN).

Challenges of Securing the Cloud


Organizations are increasingly adopting cloud computing as part of their daily operations. Over 94% of companies currently use the cloud, and the number is steadily growing. These cloud-based resources provide a number of advantages to an organization, including flexibility, scalability, and cost effectiveness. 

However, they also create security challenges for organizations unprepared for dealing with them.

  • Off-Premises Infrastructure

One of the biggest challenges associated with securing the cloud is that cloud infrastructure does not fit into many organizations’ security models. Many companies still operate using a perimeter-based security model, where security solutions are deployed at the network perimeter. Anything within this perimeter is considered “trusted” while anything outside the perimeter is considered “untrusted”.

An organization’s cloud infrastructure, while outside of its network perimeter, is part of its “trusted” infrastructure. If an organization is relying on perimeter-based defenses for security scanning, it must either give up visibility into traffic to cloud environments from outside the network or route all traffic through the perimeter-based defenses. This dilemma forces an organization to choose between network security and performance.

  • New Operating Environments

Most security teams are accustomed to securing on-premises environments. In these environments, the organization has total control over its infrastructure. This allows the organization to select its own underlying infrastructure and the security solutions that it runs on top of it.

This same level of flexibility and control is not present with cloud-based infrastructure. When working in the cloud, an organization relies upon its cloud service provider (CSP) to provide and secure the underlying infrastructure that it is leasing. The relationship between the CSP and the customer regarding security responsibilities is described by the CSP’s shared cloud responsibility model.

For many security teams, this arrangement creates issues. One issue arises from the fact that an organization no longer has control over their underlying infrastructure. Without this level of control, the organization may be limited in the range of security solutions that they can deploy. This increases the complexity of the organization’s security architecture and makes it more difficult to enforce consistent security across the corporate network.

Another major issue associated with cloud security arises from many security teams’ lack of understanding regarding their security responsibilities in the cloud. Almost three-quarters of security professionals have trouble understanding the cloud shared responsibility model. As a result, many organizations’ cloud deployments are inadequately secured.

  • Multiple Cloud Vendors

Securing a single cloud deployment can be a challenge for a security team due to the need to customize security settings provided by the CSP to meet the organization’s security needs. However, 84% of enterprises have a multi-cloud strategy.

These multi-cloud strategies are designed to enable an organization to take advantage of the advantages provided by different vendors specializing in different areas. However, they also dramatically increase the complexity of maintaining consistent security across an organization’s entire network. Some security solutions may only work on certain cloud platforms, and maintaining consistent security settings across multiple platforms is difficult.

Moving Security to the Network

Many of the challenges associated with securing the cloud arise from the fact that organizations only control the endpoints in their cloud environment. The details of these endpoints vary from CSP to CSP, making it more difficult to deploy consistent security solutions across multiple cloud environments.

SD-WAN provides a solution to this challenge. An SD-WAN solution integrates networking and security functionality, including a next-generation firewall (NGFW) and a secure web gateway (SWG) in a single appliance. Any traffic routed through the SD-WAN appliance undergoes security scanning and is optimally routed to its destination.

However, SD-WAN is only effective at securing the traffic that passes through it. If SD-WAN is deployed on the corporate network, then it experiences the same issues as a traditional perimeter-based security deployment on the corporate LAN.

However, some SD-WAN solutions can be deployed in the cloud. This provides the dual benefits of enabling an organization to deploy security geographically near its users, minimizing network latency, and ensuring that an SD-WAN exit point is nearby to an organization’s cloud-based assets.

Securing the Modern Enterprise

Organizations’ network environments are changing rapidly. As cloud-based resources become an increasingly important part of daily business, securing them properly becomes more of a priority.

However, securing the cloud can be complex. The cloud doesn’t fit into the traditional perimeter-based security model, and security teams must often configure CSP-provided security settings in multiple cloud environments.

SD-WAN provides a solution to this problem by integrating networking and security functionality in a single appliance. By moving security to the network level, rather than the endpoint, organizations can ensure that consistent security policies are enforced in both on-premises environments and in the cloud.