Cloud adoption creates hybrid security challenges

Companies have been rapidly adopting cloud computing, and the global pandemic has added fuel to the fire. Companies are now moving applications to cloud to shift the operational burden of running the data center onto the cloud service provider.

This instantly creates a hybrid cloud scenario, where applications that move into the cloud still need to access on-premises backends and services. Moreover, backend users such as DevOps and IT need access to instances running in a variety of different cloud providers.

This is a challenge with legacy IP networking, and often companies resort to connecting all clouds and the on-prem network together for "simplicity". But this dramatically expands the network, creating security concerns that aren't easily addressed with existing technologies like firewalls.

Companies need speed and agility to support migration, without compromising cybersecurity.

 

Simplifying Cloud Security: Read the Whitepaper >

Office workplace with laptop and smart phone on wood table and london city blurred background

Hybrid cloud security impacts productivity for cloud migration

Cloud migration across corporate boundaries triggers security and compliance requirements. A typical example is a hybrid cloud project, which creates multiple network silos created for different business projects. Enterprise IT, trying to follow conventional infrastructure practices, extends the on-prem network to the cloud as one unified network. This practice creates huge operational and compliance overhead, which impact the overall productivity of cloud migration.

Some examples of operational issues include:

  • Is the cloud VPC owned and managed by IT, or by a business unit?
  • Which employees and contractors have access to the cloud environment, and what permissions do they have?
  • What controls are in place for cloud instances that access or are accessible from the Internet?
  • How can you detect and prevent any malicious activity in the cloud environment?

These types of questions may require a 12-18 month effort to fully resolve for a single project. As the business signs up multiple cloud providers and more business units and projects migrate to the cloud, operations begin to grind to a halt under the weight of infrastructure, security, and compliance reviews.

In other words, the infrastructure build never really ends.

sean-pollock-PhYq704ffdA-unsplash

The Solution: Connect Applications, Not Networks

CoIP Access Platform offers an alternative methodology that scales elegantly in a multi-cloud and hybrid environment. Instead of creating a gigantic unified IP network, CoIP Access Platform enables you to securely connect applications across disconnected network domains. This decouples the various infrastructure environments and network silos, allowing each one to be managed and run independently of the others.

The CoIP AppLink session tunnel works as an application connector — it connects applications in any environment, without requiring support from the underlying network infrastructure, by creating a virtual interface for secure overlay communications.

Built on the principles of Zero Trust, CoIP Access Platform authenticates users, endpoints, applications, and services using policy-based access connectivity and strong trust factors. Deploying as software, it secures application access connectivity without touching existing corporate VPNs, routers, or firewalls.

Application teams can set up and manage their own application-centric access , without having to file tickets to the corporate IT infrastructure team to create IP network-level connectivity.

application connector-1

Simple to Deploy and Configure

For teams looking to connect applications across any cloud, CoIP Access Platform deployment could not be easier. Just install the zLink software into the endpoint (server or VM), specify access policies, and applications will then connect via the CoIP SASE overlay.

It's easy to connect cloud VMs to an existing on-premises service, such as a directory service or code repository.  Just deploy a Gateway Proxy close to the service; remote application endpoints will then be able to access the service through the CoIP overlay proxy.

The application connector is installed as a user space agent, so there is no need to modify applications or install kernel modules.

All of this can be done…

  • Without configuring a VPN or MPLS transport
  • Without opening firewalls
  • Without connecting networks – no BGP
  • In minutes
console console

DEPLOYS AS SOFTWARE

More Infrastructure? Nope.

Customers can deploy a self-hosted service as virtual appliances on the cloud marketplace, or choose a hosted SaaS from Zentera's global datacenters (Zentera Air).

No VPN, router, or firewall changes are needed to quickly support a variety of different cloud migration scenarios.

Zentera Air Diagram

DECOUPLED FROM FIREWALLS

Authenticate with a Zero Trust Overlay

Today, many applications for backend services and support are not connected across the cloud, and any effort to do so will trigger security concerns. With no global cloud network or available VPN to provision, the backend service and operations team is in a predicament. How do you connect client-server applications without worrying about opening firewalls?

CoIP Access Platform shifts the attention from the traditional network over to the application. All endpoints and applications are authenticated through a centralized policy database that specifies micro-segmentation and firewall as a service rules.

zca

Stay Connected

Sign up for our newsletter and to be notified of product, solution, and company news.