Cloud: More Journey than Destination

When I was at the Ignite user conference recently, a customer said they didn’t yet have a roadmap to move towards a private cloud model. By “cloud," he meant an IT infrastructure where computing resources are pooled together, and applications of different trust levels are residing within the virtualized server. He was worried that this was an atypical perspective in the IT world.

In fact, the cloud is not the utopia IT architecture for all enterprises, nor should it be. It is one of multiple options towards a more efficient, responsive and available IT infrastructure. And, it may be a journey of a thousand miles to get there, rather than an immediate migration. That’s okay. You will get there one step at a time. After all, there’s still a lot to do in terms of data center consolidation, segmentation, securing your virtualized infrastructure, and safely enabling data center applications. But whichever challenge you’re tackling now and whether or not you’re heading to the clouds, we’re here to help. In fact, we have leveraged many of the benefits and characteristics of cloud computing technologies within our next-generation firewall solution.

Cloud Computing Might

For example, the ability to utilize pools of computing resources has been used to great advantage by developers. That same cloud computing benefit can now be extended to optimize and accelerate security analysis. That’s exactly what we’re doing with WildFire

With WildFire, we are harnessing the computational power of cloud to analyze unknown files for malicious behaviors as part of a comprehensive strategy to tackle modern malware. The power of the cloud enables hundreds of thousands of files to be analyzed in minutes, with a platform for malware that lets it do exactly what an attacker intended it to do. This means the malware can be observed in a protected cloud “sandbox” without impacting an enterprise’s network. This would be much harder to do inline, with an on-premise appliance.

Dynamic, Automated Security Services

One of the most popular application development platforms in the cloud-- Amazon Web Services-- was built by developers for developers. The design is all about optimizing the backend infrastructure so these application developers can leverage common features and services, and quickly get up and running. Application developers are nimble, tearing down and creating virtual machines in minutes, and they automate many of their application delivery processes.

We’ve learned from this model that it’s important to embrace the dynamic and automated nature of this environment so that security doesn’t slow down the application delivery process. We do this with dynamic address objects (new feature in PAN-OS 5.0) and our REST XML API features. Dynamic Address Objects are a new address object type that can be updated using our XML API. They can be referenced in security policies and when virtual machines are created or moved, security policies can be enforced without a manual change.

Using a combination of orchestration software APIs (from companies like CA or VMware) and our XML API, security operations like creating a new firewall, applying an initial configuration, applying common security policies and maintaining these policies can all be automated. In a large, dynamic data center with a high rate of change, this automation not only improves response times for firewall changes but also reduces the chance of outages caused by firewall administrator errors.

So, while you may not quite be ready for the cloud, your next-generation firewalls have the features to support you when you decide it’s time.

You can read up more about our how lessons learned from cloud computing can be applied to security in my Security Week Article here -- “Can The Amazon Web Services Model Extend To Security”. Let me know what you think at @DanelleAu.