Engineering Simplicity
Explore Juniper’s vision for network innovation and how the company and industry are transforming the future of networking
Engineering Simplicity
Securing a multicloud architecture
Mar 14, 2018

As I’ve written in my previous blog ‘Crossing Tax: Multiplying Complexity in Multicloud’, the future for enterprises is multicloud. And for the promise of multicloud to be true, it requires that end-to-end solutions be largely invisible to users, without compromising security and reliability. So regardless of whether a user is on-campus or remote, or whether a workload is served from an on-prem resource or from a public cloud, the experience should be indistinguishable.

 

To accomplish this, enterprises need to solve for connectivity in every place in the network, and then ensure that there is end-to-end orchestration and visibility. But the job is not complete until the entire solution is secure.

 

Secure transport

Security starts at the lowest layers. And that means that multi-domain connectivity has to be a part of an overall multicloud security posture.

 

In a multicloud world where users and workloads can be separated by public and private WAN links, transport needs to be encrypted. This means basic building blocks like IPSec have to be present in the data center, campus, branch and public cloud.

 

Just as important, the policy to control these sessions should be centralized to allow for a more simple extension of a uniform security posture across a set of diverse resources. When there is operational diversity, there is greater chance of a breach. And there is no greater vulnerability in any network than the manual processes most network teams have inherited. Management and visibility must be made simpler—both for point operational tasks, but also for generalized automation. Simplicity is the fastest path to stronger security.

 

For more information on battling complexity in the multicloud, read Juniper’s CTO, Bikash Koley’s blog: Connectivity for a Multicloud Architecture

 

Pervasive security

The need for a strong perimeter hasn’t changed. Due to the increased sophistication of recent cyber attacks, a stronger perimeter is in fact needed. But because of the nature of multicloud, the perimeter is no longer static. It’s expanded to public clouds. So in addition to physical SRX, high-performing next-gen firewalls, Juniper Networks is offering lightweight and portable firewalls in virtualized (vSRX) and containerized (cSRX) form factors to secure such fluid environment.

 

But obviously, security needs to happen beyond just the edge. This is why Juniper has also expanded its security offering to capabilities for embedding security throughout the network.

 

bikash 5.png 

Contrail is designed to be more than just a SDN. Contrail Enterprise Multicloud includes Contrail Security which leverages virtualization and embedded firewall functions to provide a micro segmentation solution that spans all places in a multicloud network, protecting application-to-application traffic.

 

By providing a single software-defined network and security deployment, Juniper is simplifying security to enable a policy to be uniformly distributed and dynamically managed.

 

See something, do something

Of course, successfully remediating anything requires first understanding the traffic flows and identifying threats. And that depends on having visibility in real-time to information residing within the network.

 

This means that security is built on a streaming telemetry foundation and augmented with end-to-end monitoring solutions that help the utilization of surface data for correlation and identification of anomalous behavior.

 

Many enterprises treat monitoring as a bolt-on, applied after the network is architected. By designing explicitly for ease of detection, enterprise architects can help enable their security solutions to be fueled with timely and relevant data. 

 

For more information on battling complexity in the multicloud, read Juniper’s CTO, Bikash Koley’s blog:  Orchestration for a Multicloud Architecture

 

 

Operational aspects of security

It’s easy to reduce security to the set of tools required to identify and remediate specific threats. The problem here is that the industry has exploded with security solutions, each of which commands its own resources to deploy, monitor and manage.

 

The reality is that there are operational concerns with security. Enterprises cannot find enough qualified security experts to grow their security staffs to contend with the number of tools that are deployed. Wherever possible, simplifying workflows to embrace automation is critical to enable the security umbrella to broaden - without necessarily breaking the budget.

 

To that end, Juniper has invested not just in the enforcement points, but in consistent automation frameworks that leverage machine learning to identify threats and execute remediation tasks. AppFormix, for example, provides the kind of end-to-end visibility that multicloud environments demand, along with the machine learning hooks that help deliver against the dynamic needs of a modern infrastructure.

 

No substitute for simplicity

Ultimately, though, when it comes to security, there is no substitute for simplicity. Uniform, end-to-end control starts with a common operating model to enable that policy to be consistently applied every single time. While devices will vary in a multicloud environment, security cannot be inconsistent. And this demands a security layer capable of supporting all devices, regardless of their manufacturer or where they happen to be deployed.

 

Having deployed a common overlay in some of the most demanding environments on the planet, Juniper is confident we have the solutions to help enterprises as they migrate to their multicloud futures.

 

For more information on battling complexity in the multicloud, read Juniper’s CTO, Bikash Koley’s blog:  Multicloud's end-to-end visibility requirement

Top Kudoed Members