//
you're reading...
IT & TECHNOLOGY, Palo Alto Networks

The Best of Both Worlds: Building a Secure Hybrid Data Center with AWS


PANW-New-Logo-2

If you’re looking for a new car, you may be considering a hybrid – one that combines electric power for efficiency and mileage with traditional internal combustion to recharge the engine and extend the travel range. For many buyers, it is the best of both worlds, providing greater flexibility to extend your trip as needed. The same concept applies to a hybrid data center – one that combines your own, dedicated on-premises resources with the scalability and agility of on-demand compute, networking and storage resources such as those from Amazon Web Services (AWS).

As the insatiable appetite for compute and storage resources to support the business continues unabated, customers are using the public cloud as a way to augment their data centers more quickly and more efficiently than in the past. Initially, a hybrid approach was viewed as a step toward migrating all applications and data to the public cloud. In reality, many customers are settling on a hybrid approach as their new data center architecture.

In a recent conversation I had with a customer, two new physical data centers had just come online, and they were already over-subscribed. They were looking to AWS as a way to extend the life of their data center using a hybrid approach. When you think about it, a hybrid approach makes the most sense. First off, it allows you to start small and establish some guidelines around which applications and data should reside in the cloud. There will be legacy applications that cannot or should not be migrated. There will be data that, after careful internal analysis, does not belong in the public cloud. For new applications, you might look at adopting a simple cloud-first mentality that says: for new applications, look to the cloud as the deployment location. A more advanced cloud-first approach entails changing your application development methodology to one that is componentized, makes heavy use of APIs, can be updated rapidly, and can be deployed globally – in the cloud first.

From a security architecture perspective, a hybrid data center is an extension of your data center and therefore should be treated no differently than your physical data. This means that you should:

  • Know exactly which applications are running in the cloud and whitelist them to ensure they are the only ones allowed in the cloud
  • Segment the applications to control which can talk to which and limit lateral movement
  • Enable applications based on the user credentials and the business need
  • Apply threat prevention to block threats from accessing your cloud applications and data while also blocking them from moving laterally

When deployed in AWS, the Palo Alto Networks VM-Series can securely enable your hybrid data center, acting as an IPSec VPN termination point and as a virtualized next-generation firewall, protecting your AWS deployment with application control and advanced threat prevention. More advanced use cases include segmentation for added security and compliance purposes through VPC to VPC and subnet to subnet policies. In effect, you can mimic your physical data center security in AWS.

To learn more about how a hybrid data center with AWS might benefit your organization, check out these resources:

Ignite 2016 register now

[Palo Alto Networks Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 116,997 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,132 other followers

Twitter Updates

Archives

February 2016
M T W T F S S
« Jan   Mar »
1234567
891011121314
15161718192021
22232425262728
29  
%d bloggers like this: