行业趋势

在任何地方工作的时代的混合和多云

CISO CISO上 视角

在过去的一年里,组织越来越依赖于混合和 多重云 environments to help support their evolving digital transformation requirements. 根据福提内最近的一份报告, 76%的被调查组织报告至少使用了两家云提供商. The result is that applications can reside any在哪里 – from on-campus to branch to data center to cloud. 现在,在任何地方工作的时代已经到来, organizations have had to rethink how they secure network edges both on-premises 和 in the cloud.

这对网络安全和未来的工作意味着什么? 升博体育的阿兰•桑切斯, Joe Robertson 和 特洛伊智力缺陷者 join us to explore the impact of hybrid 和 多重云 on organizations 和 discuss the need for adaptive cloud security solutions to enable a holistic platform approach to cybersecurity.

What are some of the key learnings CISOs have had in the last year when it comes to building an effective 多重云 security strategy?

乔- One of the key factors CISOs are taking into account is the difference between each of the cloud platforms. 如果我们关注安全方面, each of them has different built-in security tools 和 functions with different comm和 structures, 不同的功能, 不同的语法和逻辑. 数据中心也是另一个环境. 除此之外,组织可能会迁移到或离开云. 每一种云都具有独特的优势, 和 it’s critical that the organization is capable of leveraging whichever ones support their business needs. 网络安全不应妨碍这一点. 然而, with each cloud provider offering different security services using different tooling 和 approaches, each of your clouds becomes an independent silo in a fragmented network security infrastructure – not an ideal prospect. 

通过在所有这些云上有一个共同的安全覆盖层, you provide an abstraction layer above the individual tools that gives you visibility across the clouds, 控制他们, 和 the ability to put in place a common security posture regardless of 在哪里 an application may be, 或者它可能会移动到哪里. 堡垒网的虚拟安全系统就像覆盖层一样. 它可以成为云安全的“联合国”, 桥接的多样性, 连接筒仓, 并使这些离散的实体聚集在一起.

阿兰- 去年促成了许多悬而未决的决定. 多云迁移就是其中之一. The numbers speak for themselves; the global cloud computing market grew 17.5% in 2020 和 is expected to reach $436B by the end of 2021 (Source: Research 和 Markets, 2020年8月). 然而, I still sense this fear from my CISO colleagues to be stuck into a vendor roadmap as you embark your company on a cloud journey. 如果所有这些数据爆炸怎么办 OT 设备转化为巨大的云存储成本? What if the compliance context evolves 和 I find myself in a situation 在哪里 I need to repatriate significant amounts of data to avoid crossing the legal line? 

As these pros 和 cons were weighed—和 more rapidly than usual during the months of the p和emic—CISOs realized how important it was to adopt a security posture that transcends the individual cloud offerings 和 protects their cloud strategy as a whole. 当您的策略位于多云多样性之上时, 你可以避免把所有的鸡蛋放在同一个篮子里, 知道您不需要手动重新配置, 重新部署, 和 retest your policy every time you take advantage of a new cloud provider offer. 

特洛伊, Healthcare security 和 technology executives are leveraging multi 和 hybrid cloud computing to position their organizations to be more agile 和 resilient while at the same time increasing security posture. The reality for industries like healthcare is that the complex computing environments require alignment with hybrid cloud computing 和 multiple-cloud partners. 虚拟访问, 电子医疗记录, ERP, 和 ancillary clinical systems are the primary systems that healthcare systems are prioritizing for cloud adoption.

How has today’s work from any在哪里 reality impacted multi- 和 hybrid cloud security?

阿兰- 比以往任何时候都更, the massive home working wave operated as a wake-up call that one single policy had to be delivered every在哪里. 不管位置如何, 该设备, 和网络, 用户需要被授予访问其应用程序环境的权限. 这个访问, 需要得到明智的批准, through a context-sensitive mechanism 和 this applies particularly to distributed architectures such as hybrid 和 多重云. 简单地说,不要设计您的多云架构和您的 Zero-Trust访问 单独的策略. 

乔- Where today’s users are 和 在哪里 the applications reside are actually two sides of the same coin. Because in both cases the item we’re dealing with – whether a user or an application – could be any在哪里. 因此,我们必须改变我们旧的网络模式,以一个新的. 旧的范式侧重于 在哪里 事情是. 用户从哪里连接? 应用程序的位置在哪里? 在哪个服务器,哪个数据中心? 问题是,通过关注 在哪里 we weren’t focusing on what was most important: the actual users 和 applications. 这些才是我们真正关心的. So user identification, authentication, authorization, 和 access permissions have become critical. This is what Zero Trust Access is all about: never assume anything can be trusted simply because it is “inside the perimeter.” 

What are the key technologies CISOs should look to invest in to protect work from any在哪里?

阿兰- 多云部署是一个后退一步的机会, move away from the point solution approach 和 design your cybersecurity in a holistic manner. 否则, 你可能最终会增加典型的混乱, 太多的产品, 管理平台太多, 太多的供应商. 事实上, 不管他们采用的是私有/公共/SaaS的平衡, ciso需要包含三个关键的安全层:网络, 平台及应用. 是应用的时代 电子邮件安全, 沙盒,以及web流量控制器. 在平台级别,您需要控制访问服务代理(CASB), 和云工作负载保护(CWP). 最后,网络层面要求 安全SD-WAN、微分割和虚拟机安全.

乔- 在任何地方工作 需要连接和安全性. 这对ciso来说已经很复杂了. 你必须补充的事实是,在任何地方工作都是关于人的. 不是安全专家的人, 和 who generally are not very patient with whatever hinders them from doing what they need to do. 因此,安全团队需要权衡便利性和实用性. 多因素身份验证是一个很好的开始, 例如使用FortiAuthenticator和FortiToken, because people have gotten pretty used to needing to authenticate for other applications, 而且这些工具很容易使用. 您还需要关注保护端点. 反病毒是必要的,但还不够. 你需要考虑端点检测和响应工具,比如 FortiEDR, that can run in the background 和 look at unusual activity that can signal an attack or ransomware. The end user doesn’t have to do anything, but 该设备 和网络 are protected.

特洛伊, It is critical for CISOs to ensure that workforce mobilization technologies are scalable 和 eliminate security blind spots to enable greater protections for the remote workforce as bad actors pivot to take advantage of an increased threat l和scape.

学习如何 升博体育的自适应云安全解决方案 provide the necessary visibility 和 control across cloud infrastructures, 支持安全的应用程序和数据中心到云的连接.

阅读这些客户案例研究,了解如何做到这一点 欧特克 和 这个教育SaaS提供商 implement 升博体育的自适应云安全解决方案 for secure connectivity from data center to the cloud.