Network security in the cloud: 5 trends in 2019
Today we are talking about SDN, VPN and other "network" trends in the field of information security, which, according to analysts and experts of the IT industry, will be decisive this year.
/ MaxPixel / PD
According to Statista, in the next three years, the volume of traffic passing through SDN-systems of data centers will more than double: from 3.1 zettabyte to 7.4 zettabyte. The main tasks for which there is a request: reducing the time to allocate additional virtual resources and simplify the work with security policies.
')
For example, Fujitsu has implemented SDN technology in hundreds of its data centers around the world. This allowed the organization to define common rules for networks. Data center administrators do not need to configure each network device separately, it’s enough to set general packet processing rules, and SDN implements them independently.
At the same time, analysts expect that the growing popularity of SDN will also lead to an increase in demand for whitebox routers - devices from OEM manufacturers without a pre-installed operating system. This approach allows you to develop your own network management software.
Whitebox-solutions are already used by large IT giants, such as Google or Microsoft. Such systems will be implemented and the average. The forecast is due to the fact that such devices will reduce the cost of IT infrastructure. For example, at Innova, whitebox switches helped reduce hardware costs by more than twenty times.
With the help of VPN tunnels, companies implement a secure geographically distributed information system. In 2019 (including at the expense of IaaS-providers), automation services for deploying VPN infrastructure in the cloud will gain popularity.
Manufacturers of data center equipment also plan to automate VPN configuration. According to Juniper technical director, automation of all solutions in the cloud will be for the company one of the main priorities of 2019.
VPNs in data centers will complement technologies of software-defined perimeters (software-defined perimeters, SDP). Such systems pre-identify the device before allowing it to connect to the network. At the same time, access is opened only at the application level, and an unknown host simply will not see information about the network itself.
In 2019, SDP technologies are expected to grow in popularity to protect hybrid cloud infrastructure. In particular, SDP will be one of the priorities of Cisco, which can become a leader in this market.
According to the 2018 State of the Cloud report , 81% of the thousands of organizations surveyed use multi-cloud in their work. At the same time, 69% of them intend to implement tools that will automatically check the compliance of the cloud system with the organization's security principles. Such tools can be software-defined perimeters.
The technology is already used by state and financial structures. In the US, the SDP service was implemented by a government organization that provides IT services to federal agencies. Twenty thousand of its employees are connected to the internal systems remotely. With the help of the SDP service, the access rights for each user are controlled separately. Another example is the British real estate company Aster Group, with which SDP helps to connect employees and third-party partners to the IT infrastructure.
In 2018, Gartner reported on the state of the firewall market. In it, the NGFW solution development companies (the next-generation firewall) - the “new generation firewalls” - took the lead. In 2019, this concept is expected to continue to gain popularity.
/ Flickr / DVIDSHUB / CC BY
The firewalls of the new generation can be embedded technologies DPI , intrusion detection systems ( IDS ) and antivirus. Some NGFW developers go further and add firewall integration capabilities with third-party services. For example, Fortinet's NGFW is built into the Symantec Web Security Service platform.
The trend towards integrating different services to protect the infrastructure will continue. Gartner writes that in two years, 80% of the defense solutions for the cloud will be simultaneously equipped with a firewall, a web application firewall and web traffic filtering systems.
Application Delivery Controllers (ADCs) are physical devices that are installed in the network topology between the firewall and application servers. ADC is an important part of data center security. They act as a firewall, protect against DDoS attacks, and also collect application performance data.
Increasingly in the data center, physical controllers are being replaced with virtual devices. They provide the flexibility to manage virtual machines and containers. For example, vADC can be run for just a few seconds - it is not so easy to do this with a physical device.
Cisco conducted a survey among the fifty executives of large IT companies. 35% of respondents said that they are attracted to vADC by the ability to automate IT infrastructure protection services. For example, vADC was used by the financial organization Handle Financial. The new system allowed to monitor network threats in real time.
Market analysts expect that next year the demand for virtual application delivery controllers will continue to grow.
/ MaxPixel / PD
The popularity of software-defined networks (SDN) is growing
According to Statista, in the next three years, the volume of traffic passing through SDN-systems of data centers will more than double: from 3.1 zettabyte to 7.4 zettabyte. The main tasks for which there is a request: reducing the time to allocate additional virtual resources and simplify the work with security policies.
')
For example, Fujitsu has implemented SDN technology in hundreds of its data centers around the world. This allowed the organization to define common rules for networks. Data center administrators do not need to configure each network device separately, it’s enough to set general packet processing rules, and SDN implements them independently.
At the same time, analysts expect that the growing popularity of SDN will also lead to an increase in demand for whitebox routers - devices from OEM manufacturers without a pre-installed operating system. This approach allows you to develop your own network management software.
Whitebox-solutions are already used by large IT giants, such as Google or Microsoft. Such systems will be implemented and the average. The forecast is due to the fact that such devices will reduce the cost of IT infrastructure. For example, at Innova, whitebox switches helped reduce hardware costs by more than twenty times.
VPN systems will become more accessible
With the help of VPN tunnels, companies implement a secure geographically distributed information system. In 2019 (including at the expense of IaaS-providers), automation services for deploying VPN infrastructure in the cloud will gain popularity.
“We recently simplified the installation of a VPN channel between servers for users in 1cloud - all settings are done in the control panel. You can connect the machines located in different data centers, as well as in the cloud or office, - comments Sergey Belkin, head of the development department of the IaaS provider 1cloud.ru. - But, of course, customers can configure VPNs themselves on a physical or virtual server ( VPS / VDS ). To do this, we have prepared OpenVPN configuration guides for Windows and Linux . ”
Manufacturers of data center equipment also plan to automate VPN configuration. According to Juniper technical director, automation of all solutions in the cloud will be for the company one of the main priorities of 2019.
SDP systems protect hybrid cloud
VPNs in data centers will complement technologies of software-defined perimeters (software-defined perimeters, SDP). Such systems pre-identify the device before allowing it to connect to the network. At the same time, access is opened only at the application level, and an unknown host simply will not see information about the network itself.
In 2019, SDP technologies are expected to grow in popularity to protect hybrid cloud infrastructure. In particular, SDP will be one of the priorities of Cisco, which can become a leader in this market.
According to the 2018 State of the Cloud report , 81% of the thousands of organizations surveyed use multi-cloud in their work. At the same time, 69% of them intend to implement tools that will automatically check the compliance of the cloud system with the organization's security principles. Such tools can be software-defined perimeters.
The technology is already used by state and financial structures. In the US, the SDP service was implemented by a government organization that provides IT services to federal agencies. Twenty thousand of its employees are connected to the internal systems remotely. With the help of the SDP service, the access rights for each user are controlled separately. Another example is the British real estate company Aster Group, with which SDP helps to connect employees and third-party partners to the IT infrastructure.
Firewalls will become "more powerful"
In 2018, Gartner reported on the state of the firewall market. In it, the NGFW solution development companies (the next-generation firewall) - the “new generation firewalls” - took the lead. In 2019, this concept is expected to continue to gain popularity.
/ Flickr / DVIDSHUB / CC BY
The firewalls of the new generation can be embedded technologies DPI , intrusion detection systems ( IDS ) and antivirus. Some NGFW developers go further and add firewall integration capabilities with third-party services. For example, Fortinet's NGFW is built into the Symantec Web Security Service platform.
The trend towards integrating different services to protect the infrastructure will continue. Gartner writes that in two years, 80% of the defense solutions for the cloud will be simultaneously equipped with a firewall, a web application firewall and web traffic filtering systems.
vADC will become more popular
Application Delivery Controllers (ADCs) are physical devices that are installed in the network topology between the firewall and application servers. ADC is an important part of data center security. They act as a firewall, protect against DDoS attacks, and also collect application performance data.
Increasingly in the data center, physical controllers are being replaced with virtual devices. They provide the flexibility to manage virtual machines and containers. For example, vADC can be run for just a few seconds - it is not so easy to do this with a physical device.
Cisco conducted a survey among the fifty executives of large IT companies. 35% of respondents said that they are attracted to vADC by the ability to automate IT infrastructure protection services. For example, vADC was used by the financial organization Handle Financial. The new system allowed to monitor network threats in real time.
Market analysts expect that next year the demand for virtual application delivery controllers will continue to grow.
What we write about in a blog on 1cloud.ru:
A couple of posts from the blog on Habré:
Source: https://habr.com/ru/post/435630/
All Articles