The Holistic Approach to a Successful Cloud Transformation
by Mathias Wilder - Regional Vice President and General Manager, Zscaler Central EMEA
As applications move to the cloud, businesses often complain about skyrocketing WAN costs as well as latency issues when accessing apps. The much-anticipated benefits of a cloud transformation - greater efficiency and agility - seem to vanish when the user experience is unsatisfactory and costs get out of hand. Can organizations successfully tackle their transformation projects to avoid these pitfalls and fully realize the benefits of the cloud? This question seems up for debate, even among companies that have already begun their cloud journeys.
According to a recent survey by Atomik Research that included 400 decision-makers in core European countries, fewer than one in 10 companies (9%) in Germany, England, France, and the Benelux region are employing a holistic transformation approach, which includes taking application, network, and security aspects into account at the same time. In addition, 21% of companies start their journey with applications, 26% use the network as the starting point, and one-third (33%) begin by transforming security. In 11% of the companies surveyed, decision-makers actually consider the transformation of applications together with that of the network.
The survey results demonstrate that there is no consistent way to approach a transformation project.
Network topologies for the cloud?
Businesses are advised to take holistic considerations into account during an application transformation as early as the planning phase. This means that the decisions for a cloud project should not be started in isolation from a single business unit, because such siloed thinking leads to negative performance and spiraling costs. If an application is pushed into the cloud without the network and security teams being involved in the planning stage, problems are inevitable.
A traditional network topology is not designed to meet the needs of the cloud. Users are not directly connected to applications in the cloud when using a classic hub-and-spoke network. Whether at the headquarters, at a branch office, or from another remote location, users must always take a detour via the data center, which creates latency as this connection to the internet is never the shortest or most time-saving path.
This detour can also help explain the skyrocketing costs. The traffic from remote users goes through the MPLS lines several times through this detour. In addition, the increase of internet-bound traffic must be taken into account. Office 365, the most popular cloud-based application suite and the one that launches many companies’ journey to the cloud, can increase traffic substantially. For good reason, the recommendation in the Microsoft Design Guide is to rely on direct internet connections at each location to give employees the shortest path to applications in the cloud.
Security for the cloud – from the cloud
Businesses must understand that a cloud-ready network should be built before deploying a cloud-based application, and part of the building process involves changes to the security infrastructure. If applications are to leave the network and a mobile user wants to access data in the cloud, security hardware at the perimeter becomes a bottleneck for this traffic. Here the second silo opens up. The security team must be invited to the table when a transformation project is planned.
The specific security requirements of cloud-based projects have to be considered. If only the network team is consulted, but not the security expert, the following aspects are often overlooked in the planning phase:
- Is the existing proxy designed to cope with increasing network traffic?
- Is the appliance capable of scanning traffic for the rising volume of malware that hides behind SSL encryption?
- Is the firewall also keeping up with the new data volume and parallel connections, which are required for the Office 365 example?
In short, not only is there more data traffic, but there are also new requirements for the security infrastructure as applications move to the cloud.
If companies anticipate the move and provide local internet breakouts, the security infrastructure must also be maintained locally because the traditional security infrastructure around the centralized data center would, in turn, be associated with a detour. The solution cannot be to install stacks of appliances at each site, as cost and administrative overhead bar such a move.
To secure local breakouts, the solution is a security stack in the cloud with all the necessary security modules, from the next-generation firewall to cloud sandboxing and data loss prevention. Cloud-delivered security as a service reduces the administrative burden through a high degree of integration and therefore a short path to log correlation. And security from the cloud scales easily with increased data volume and ensures the correct path for business-critical applications through bandwidth management.
Application, network, and security transformation must go hand in hand
According to the survey, a third of decision-makers are already adapting security requirements as part of their transformation. Building on this progress, the network topology should also be cloud-ready to intercept bottlenecks as applications move to the cloud. That means that the one-quarter of companies that said they want to start with application transformation should reconsider their strategy. All in all, transformation efforts in all three areas must go hand in hand and be planned jointly by all departments from the start. In such a scenario, companies actually benefit from their cloud transformation right from the beginning.
Read the full 2019 State of Digital Transformation