& cplSiteName &

Locking It Down: Securing Multicloud IT Across Industries

Matthew Pley

Organizations engaged in digital transformation efforts are discovering the advantages of a multicloud strategy to meet new requirements for speed, agility and scalability. More than 80% of organizations have adopted a hybrid multicloud environment. However, security challenges abound, and compounding these challenges are the requirements and regulations imposed by market segment.

It is not unusual for a healthcare network to include the local hospital environment, the offices and clinics of doctors and other healthcare practitioners, and the personal devices of healthcare providers. Also, patients increasingly want to be able to access their data from a variety of locations and devices.

Cloud computing, especially multicloud networks, makes sharing data and connecting with patients more effective. However, a multicloud strategy can add complexity by expanding the network footprint while restricting visibility and control.

Because cloud networks often function as separate domains, they can impact an institution's ability to comply with HIPAA definitions of confidentiality, integrity and availability. A multicloud architecture makes it more challenging to have single line-of-sight visibility and control.

Now entering its fifth year, the 2020 Vision Executive Summit is an exclusive meeting of global CSP executives focused on navigating the disruptive forces at work in telecom today. Join us in Lisbon on December 4-6 to meet with fellow experts as we define the future of next-gen communications and how to make it profitable.

IT teams need to consider integrated security strategies that protect patient privacy regardless of where it is located, enable doctors to freely and securely access that information, and at the same time unify and centralize threat intelligence.

Connected medical devices, or IoMT, especially those connected to the cloud, compound this challenge. While the use of new connected devices has positively impacted patient care, many of these devices often lack up-to-date security provisions.

Financial services
Financial services are under pressure to compete for and retain customers. Tech-savvy consumers want cloud-based apps and services to do their banking any time, anywhere. For many financial institutions, multicloud strategies provide the flexibility needed to deliver a wide range of internal and external services.

Simultaneously, the financial services sector is among the most heavily regulated verticals. Recent SEC regulations, for example, require that companies "adopt comprehensive policies and procedures related to cybersecurity and to assess their compliance regularly, including the sufficiency of their disclosure controls and procedures as they relate to cybersecurity disclosure." NYSDFS cybersecurity requirements, which went into effect last year, go even further.

Creating a unified and consistent security strategy that can span local networks, mobile workers and consumers, and different cloud providers is a challenge that financial services organization will need to address.

The cloud is transforming education, from K–12 to universities, as faculty, staff, and students embrace new digital tools and methodologies.

Schools have embraced bring-your-own-device (BYOD) strategies and peer to peer (P2P) networking to allow students to more effectively conduct research or collaborate using their personal mobile devices connected to the campus WiFi network. Cloud-based networks allow schools to create flexible and elastic on-demand environments that enable collaborative learning and, as a result, many school districts now find themselves with multi-IaaS and multi-SaaS services running across both public and private cloud environments.

According to one report, the US education sector experienced more security incidents in 2016 than both the retail and the healthcare sectors. But schools, and K–12 institutions in particular, typically have fewer IT resources and have a harder time combating attacks, which means they have to be smarter and faster to stay ahead of today's threats.

Developing a multicloud security strategy
The opportunities provided by a cloud, and especially a multicloud, strategy far outweigh the risks. Fortunately, many of the challenges can be solved with the right security plan.

Good cyber hygiene: Network hygiene and device hygiene are perhaps the most neglected elements of security today, but they are critically important, particularly when networks and devices are connected to the cloud.

  • Establish a routine for checking for updates and applying patches when they become available. Automate this process as much as possible.
  • Replace vulnerable devices when new versions with better security become available.
  • Establish IoT security protocols, such as making sure your AV and IPS solutions include IoT signatures.
  • Implement sandboxing to discover unknown malware and compromised devices coming from your cloud connections.

Limit device access: Impose strict controls on which devices can access your network. Remember that wireless access only applies to some IoT devices. You will need to also have protocols in place for Bluetooth connections, radio frequency-based devices spanning nearly a dozen different protocols, and smart devices hardwired into your network. Many of these devices access the network behind the firewall.

Limit user access: Not everyone needs administrator privileges.

Limit applications in your environment: Use only those with a business need, and keep those applications and systems up to date and fully patched. Using unnecessary applications expands the attack surface and increases the complexity of protecting the environment.

Inventory authorized/unauthorized devices: This should include the cataloging of authorized and unauthorized connected devices within your environment, including consumer devices like cellphones and laptops. You have to know what you're protecting.

— Matt Pley, Vice President for Cloud, GSI, Carrier, Service Providers and Strategic Accounts for Fortinet.

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Educational Resources
sponsor supplied content
Educational Resources Archive
More Blogs from Column
To deliver the new services promised by 5G, your existing 4G core will not be enough.
The cloud gives enterprises an express lane to machine learning.
The telecom industry can learn from Apple in its efforts to make virtual network function (VNF) deployment quicker and easier.
What has been the effect of the EC's decision to abolish roaming charges for customers traveling outside their domestic markets?
Why it makes sense for cable operators to distribute coherent packet-optical technology to the cable network edge.
Featured Video
From The Founder
John Chambers is still as passionate about business and innovation as he ever was at Cisco, finds Steve Saunders.
Flash Poll
Upcoming Live Events
September 12, 2018, Los Angeles, CA
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 6, 2018, London, United Kingdom
November 7-8, 2018, London, United Kingdom
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
Net Neutrality Controversies Yield No Clarity
Carol Wilson, Editor-at-large, 8/8/2018
Why Do You Need a 5G Cloud-Native Core?
David Nowoswiat, Nokia, 8/9/2018
Windstream Claims US SD-WAN Leadership
Carol Wilson, Editor-at-large, 8/9/2018
Roku's Free Streams Go Outside the Box
Jeff Baumgartner, Senior Editor, Light Reading, 8/9/2018
Layoffs at Ericsson's iconectiv
Ray Le Maistre, Editor-in-Chief, 8/10/2018
Animals with Phones
When Your Cat Hijacks Your Tech Click Here
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed