Anterovium - Fotolia
As networks grow more complex, chances for security breaches increase in tandem. The risk is even greater for cloud network designs, so network pros need to make sure they implement the right tools.
Years ago, when only a single building or building complex contained an organization's computer network, network security was a minor issue, as data wasn't exposed to the outside world. Now, the benefits of public cloud, hybrid cloud and SaaS applications may outweigh the risk of increased network complexity.
Connectivity options for cloud network design
When data processing moves to the cloud, it eliminates the need to purchase and maintain equipment only used periodically. This also reduces the risk of a local outage during critical traffic periods, as cloud vendors can maintain sites across multiple geographies.
However, to move data processing outside the local data center means IT teams must move sensitive data across external links. The public internet is an inexpensive link option, but this choice could also expose data to attackers. VPNs could resolve this issue, but they can't always guarantee quality of service. Also, application performance may suffer if VPN throughput drops.
Private network connections to cloud environments offer a more expensive, more secure route in cloud network designs. The major cloud vendors offer local connection points in major centers or cities, and customers can connect to one or more nearby sites through private links.
Traffic can flow to cloud environments from local sites over dedicated, high-throughput links. Customers can select data rates that match their cloud network design and business requirements, and they can use multiple network vendors to access different connection points for decreased security risks.
How cloud network designs have evolved
In the past, network managers configured networks based on which application or application component used which data and at what required application performance level. With this information, network managers would allocate network and compute resources and set up virtual LANs, access control lists and firewalls to control data flow.
Intent-based networking tools can reverse this process. These tools can simplify security configuration and the allocation of network bandwidth and data processing resources within cloud network designs.
Instead of allocating resources and risking the error-prone task of data flow setup, network managers can use intent-based networking tools to specify which application components use which data items and determine the required application performance levels. Then, the tools can determine and configure which methods they can use to complete those tasks most effectively.
AI and machine learning components within intent-based networking tool sets can continually monitor performance and allocate additional resources if performance falls below an acceptable level. These tools also monitor data movement to detect and block anomalous actions -- e.g., if an application that normally delivers a single database item per transaction instead delivers multiple items.
Microsegmentation can provide and specify additional security to VM levels and individual virtual network interfaces, as microsegmentation subdivides networks into many individual virtual components with no data movement permitted between them. Intent-based networking tools can use microsegmentation to specify and control data movement.
As cloud technology continues to develop, tools must evolve to manage and protect networks. Technologies such as microsegmentation and intent-based networking tools should adapt along with the increased network complexity of cloud network designs.
Dig Deeper on Cloud and data center networking
Related Q&A from David Jacobs
UDP is a simple protocol, but it has inherent vulnerabilities that make it prone to attacks, such as limited packet verification, IP spoofing and ... Continue Reading
Connectivity over longer distances and higher data rates are some of the major differences that separate Carrier Ethernet from traditional wired ... Continue Reading
Network load balancing and application load balancing both handle traffic requests. But they process and direct those requests with different levels ... Continue Reading