The vast majority of organizations—92 percent according to one recent study—now use, or intend to use, multiple cloud providers. How they arrived there varies. Some organizations developed a centralized, thought-out multicloud strategy, while others found themselves adding cloud providers via M&A or internal shadow cloud projects driven by business units or development teams. In either case, as applications and data extend across this growing cloud footprint, a multicloud networking approach must be developed and implemented. For most, this is a rare opportunity to start with a new approach, one informed by mistakes and challenges of the past. In this case, implementing a zero trust strategy can minimize security risks while improving performance and reducing costs and complexity.
Of course, with multiple cloud providers, each has its own architectures and services for addressing multicloud networking. And unfortunately, they haven’t exactly made it easy to build connectivity to other cloud environments or back to the data center. This is (somewhat) understandable in that their goal is to get you to consume as many of their services as possible, minimizing your reliance on other cloud providers and on your own data centers. The result is that you’ll likely face several key challenges in connecting your clouds and data centers.
Five key challenges with multicloud networking
Difficulty in ensuring consistent visibility and control across your varied environments
Problems connecting remote users and corporate offices to cloud resources
Struggles with troubleshooting and solving connectivity issues
Inability to maintain consistent levels of performance and availability
Poor security due to exposed attack surface and high risk of lateral threat movement
Most multicloud networking solutions in the market today have focused on addressing numbers 1–4 on the list above—those directly related to networking and connectivity—but have failed to address issue number 5, perhaps the most critical of all. These solutions attempt to build abstraction layers above the unique components of each cloud provider, helping to minimize cloud-specific implementations and provide a single pane of glass for visibility and troubleshooting.
However, challenge number 5, that of the expanding attack surface, remains unsolved because these solutions take a network-centric approach and extend the traditional corporate WAN to the public cloud. These flat, overly permissive networks that rely on firewall and VPN-type technologies result in a high risk of lateral threat movement, not to mention the fact that every externally facing firewall in a cloud environment represents exposed attack surface—a potential area for an attacker to gain a foothold.
Leveraging zero trust for multicloud networking
Fortunately, there is another approach to multicloud networking that addresses all five key challenges with a simple, automated operational model. Zero Trust has garnered widespread adoption in the enterprise for user access to corporate resources. But Zero Trust was never meant to be a strategy applied solely to user remote access; rather, it’s most powerful when applied holistically across the organization to every entity with an identity and the ability to access other enterprise resources. So it most definitely applies to cloud workloads! Afterall, a key objective of multicloud networking is to enable secure workload communications.
And that’s exactly why Zscaler has extended its Zero Trust Exchange platform, best known for securing user access to the internet and private applications, to workloads running in the public cloud. We call it Workload Communications, and it solves all of the major challenges with multicloud networking:
Simplifies multicloud connectivity by using a direct-to-cloud and direct-to-internet architecture that eliminates backhauling, peering, route distribution, and service chaining.
Ensures fast, highly reliable connectivity from anywhere
Provides scalability via the power of the industry’s largest security cloud. Workload Communications connects to Zero Trust Exchange via Cloud Connector, which is deployed in your VPCs, is built on a DTLS architecture, delivering 4x-5x times better performance compared to IPSec.
Enables cross-cloud visibility with full logging and a single, integrated platform that simplifies operations and troubleshooting.
Enhances security by eliminating all exposed attack surfaces and dramatically limiting the ability for bad actors to move laterally across your public cloud.
How does Zscaler Workload Communications work?
Workload Communications enables two powerful use cases: ZIA for Workloads, which provides secure workload access to the internet, and ZPA for Workloads, which enables workload access to any other cloud or data center. In both cases, traffic is forwarded to the Zscaler cloud, the Zero Trust Exchange, via a simple yet innovative component called Cloud Connector. Cloud Connector installs in your VPCs or VNETs via zero-touch deployment and automated policy configuration through deep integration with cloud-native services and automation tools. Once deployed, it forwards traffic to the Zscaler cloud, where ZIA and/or ZPA policy is evaluated and applied. It can be deployed automatically across multiple clouds within minutes.
Once traffic is forwarded into the Zero Trust Exchange, ZIA and ZPA policies can be applied to workloads to provide protection based on identity and location and control access between applications, cloud services, and workloads. And as you would expect from Zscaler, it leverages the proven scale, performance, and reliability of the Zero Trust Exchange to ensure safe, controlled access from any cloud, with no exposed attack surface.
In summary, Workload Communications dramatically simplifies multicloud networking, eliminating several cloud-native services as well as site-to-site VPNs, firewalls, and third-party security services—and their associated management overhead. User experience improves thanks to the high-performance, highly reliable Zscaler cloud. And, perhaps most importantly of all, the zero trust model dramatically improves security.
Learn more about extending zero trust to cloud workloads with Zscaler Workload Communications.
↧