ra2 studio - Fotolia
Cloud networking complexity includes visibility and security
Enterprises are deploying more workloads in cloud environments. But the visibility, security and management required for those extensions of IT infrastructure can get complicated.
In perhaps the least surprising news of early 2021, research firms agree that enterprises have grown more comfortable using public cloud services and running workloads in cloud environments. While the familiarity with cloud has grown, so has the complexity.
More than ever, enterprises require flexible and scalable infrastructure that can enable a rapid response to changing business needs and support a remote workforce. For many enterprises, cloud models offer that support. According to a recent survey conducted by market research firm Enterprise Strategy Group, a division of TechTarget, cloud usage in 2020 was pervasive across the 664 survey respondents, with only 6% saying they didn't use public cloud services.
With benefits like high availability, reliable performance and scalability, public cloud offers enterprises an appealing alternative to running applications on premises. As a result, enterprises increasingly rely on SaaS applications, cloud-based collaboration tools and cloud networking services that are readily accessible and cost-effective.
This reliance is expected to continue as IT teams use cloud-delivered services and move many of their workloads to the cloud. According to a Gartner report, 20% of enterprise workloads in 2020 were deployed in cloud infrastructure and platform services. By 2023, Gartner said that number will double to 40%.
For cloud networking, specifically, enterprises are looking for simpler ways to support traffic from a distributed workforce and access services and resources that often sprawl across multiple environments. Take networking and security, for example. While enterprises have traditionally used siloed approaches, many are now considering strategies that combine networking and security in a cloud-delivered offering.
Consequently, the networking industry has burgeoned with a variety of cloud networking models designed to better connect users to resources, such as Secure Access Service Edge and network as a service.
Complexity creeps into cloud networking
In many ways, the popularity of these various operational models is a response to an increasingly complex IT infrastructure, according to Hammad Alam, principal solutions architect at Aviatrix Systems, a cloud networking vendor. When implementing these cloud models, however, enterprises can't simply settle for strategies that make sense at the moment, Alam said; they need to take thoughtful, future-proofing steps.
"The rise in complexity will result in different kinds of operational models that will be needed," Alam said during an Aviatrix webinar on cloud networking predictions for 2021. "These models aren't something you can set once and forget; they need to be evolved and evaluated repeatedly -- it can't be stagnant."
Enterprises must constantly reassess the models they implement because the network infrastructure -- and, by extension, the cloud environment -- is constantly changing, introducing more operational overhead, integration complexities and shifting traffic patterns. According to John Burke, CTO at Nemertes Research, most of that assessment focuses on the four following factors:
- Path to the internet. How will enterprise traffic get to and from the cloud services?
- Path to internal services. Does remote, mobile and cloud-based traffic come in over the internet, via a VPN or through a cloud access point?
- Performance and capacity. How much traffic is expected? How sensitive are services to latency and jitter?
- Security. How is enterprise security enforced on traffic along these paths?
These factors can fluctuate depending on application requirements, cloud infrastructure and business needs, which means enterprises need to implement a networking and security architecture that can support all these variabilities.
Management, visibility and security complexities
Security and visibility are components that present further complexity with cloud models. In the shared responsibility model prevalent in public cloud products, providers are responsible for securing their cloud infrastructure, while customers are responsible for securing the applications, services and workloads they choose to host in the cloud.
But the delineation between responsibilities isn't always clear, and visibility and integration into those environments vary by provider, product and platform. These factors add complexities with management, configuration and troubleshooting.
With private cloud and IaaS, for example, teams have more control over which management, monitoring and security tools to implement. But public cloud and SaaS infrastructure is opaque, Burke said, so teams can't get insights into performance issues with their applications running in those environments.
"Cloud workloads often provide less depth of visibility on network traffic, which can make performance troubleshooting more challenging," Burke said.
As more enterprises have moved to public cloud, they recognize the limitations in finding tools that offer comprehensive visibility and management capabilities into those environments, said Shamus McGillicuddy, vice president of research at Enterprise Management Associates, during a webinar on network management trends. Often, teams are limited to the tools that the providers support and permit.
In response, enterprises are now prioritizing network management and monitoring features, like device logs, cloud provider flow logs and management system APIs. And, in many cases, enterprises are sticking with a hybrid cloud approach, in which they run some workloads in the cloud, while keeping mission-critical applications on premises for more control.
How to address cloud networking complexity
Vendor APIs and integration will -- ideally -- improve over time, enabling network teams to more easily compile data for visibility into their cloud networking environments. Until then, teams should validate visibility, troubleshooting and configuration management for virtual LANs, access control lists and routing with their public cloud environments, according to a recent Gartner report. Burke also advised teams to use third-party add-ons with their on-premises and cloud platform management and monitoring tools to improve visibility.
Other steps that teams should take are to document where resources are located -- as well as the primary and backup paths used for access to and from the cloud -- and build their cloud management requirements into their overall network security strategies for a more consistent management framework.