By now, articles espousing migrating to the cloud are a dime a dozen. You can find everything from simple how-tos to complete lift and shift project plans being touted as the best way to migrate. At face value, the advantages and cost savings of moving enterprise applications to the public cloud are easy to grasp. Why wouldn’t your enterprise leverage the scale and power of the cloud, which grows as your business grows, without the huge capital investment of adding to an existing data centre?
Regardless of where a company is in this transition, there are a few cloud myths that always seem to rear their ugly head. One of my personal favourites is, “We don’t need to use security/network tools in the cloud because we’ll never have those issues in the cloud.” To some extent this is correct (I have yet to see a malfunctioning ethernet card that causes issues with a subset of my cloud instances). However, this doesn’t mean a plethora of connectivity snafus and end user application issues have subsided. They’ve simply changed and diagnosing the root cause is now more difficult.
While the cloud simplifies infrastructure provisioning and management, the new challenges that present themselves must be solved before full-scale cloud deployment takes place. Some of the integrated cloud tools can assist, such as flow logs or any of the infrastructure monitoring elements. But all of these elements come at a cost as you expand them wider across your environment.
Part of the answer to this security challenge is to gain full visibility into the data you host in the cloud. Network engineers need to determine how they will gain access, visibility and control of their data before moving enterprise applications to the cloud because, once there, they lose access to the traditional tools used in the data centre to diagnose these problems.
Packet capture to the rescue
In the data centre, there are numerous proven solutions for network security that translate perfectly to the cloud. In the DC, physical choke points are used for various network and security services. This architecture is easily migrated to the cloud, but now one must focus on “logical” choke points. Another key element in DCs and retained in the cloud is to “log everything.” Today’s log and log management capabilities in the cloud outpace on-prem solutions. However, the cloud lags the physical world when it comes to packet capture.
In the data centre, full packet capture and analysis are a key factor in troubleshooting performance issues or forensically identifying security threats. Full packet capture is like having an 80-inch 4k picture-in-picture screen running your favorite programming 24/7. They provide much more detail than application logs or network flow logs. When a security team is trying to replay the exact data which was exfiltrated or identify the delay in an application, these logs don’t suffice. So what should a network security team do?
How can one stay ahead of security breaches or network issues, understanding every single packet matters for the security and performance of your business? To achieve this level of insight in the cloud, you need three things:
- Accurate packet-level history of network activity so the security team can recreate events and look at related packets to identify exactly what happened and when
- 100% packet capture of traffic that will help detect a threat or identify a network performance issue in real time
- A network monitoring tool that copies packets of all sizes and types and provide complete visibility
To acquire, process and distribute cloud packet traffic to your monitoring tools, IT teams are turning to next-generation cloud agents. These highly specialised agents instrument the cloud and enable packet monitoring and analysis in detail.
Because they are cloud-native, modern agents can continuously stream virtual machine network traffic to a network packet collector or analytics tool. With cloud agents, users can acquire packet traffic from any public cloud provider and cloud compute resources.
Cloud agent technology is designed to filter and process the packets; then replicate and distribute the information to the tools and teams that need it. The agent can send traffic to any routable IP address including tool destinations like IDS and DPI security tools, as well as to load balancers that front scalable tool clusters. The agent can even send packet traffic to your on-premises systems via Express Route or Direct Connect.
Lastly, cloud agents will cut down on data transport charges while increasing the life and utility of the tools and teams already in place. These easy-to-deploy, flexible agents literally help connect the apps and resources in the cloud and maximise your access, visibility and control of the data placed there.
The public cloud offers incredible opportunity for your enterprise and with the right formula, you can get full packet capture, analysis and distribution using born-in-the-cloud, for-the-cloud agents. If it’s confidence and security you’re thinking about as you consider how to fully leverage the cloud, consider how cloud agents can serve as the policy driven, cloud networking solution to activate and enable your security and monitoring tools.
Photo by Samuel Zeller on Unsplash
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.