Commissioned by Cisco
1 Introduction
Modern businesses are operating in a rapidly changing global environment. Agility becomes the key capability to be able to adapt to new technologies, market regulations, and customer demands. Cloud services, mobile devices, the Internet of Things – all these technologies enable completely new business models, new ways of collaboration with business partners and customers, and businesses are eager to adopt them. However, as companies become more interconnected, the very notion of their security perimeters gradually ceases to exist.
What just a decade ago was seen as an impenetrable castle wall surrounding all the corporate workstations, applications, and sensitive data, nowadays rather resembles the ruins of medieval city walls that can be found in many historical European cities.
Embracing the use of cloud apps and services brings multiple benefits in terms of flexibility and cost reduction, but it leaves a substantial part of the corporate IT assets outside of the traditional IT and access governance processes. Business expansion, as well as mergers and acquisitions, make existing IT infrastructures increasingly distributed and heterogeneous. Mobile users connected devices and smart sensors no longer need to connect to your on-premises network at all. Even worse, these developments are fast and unpredictable, making even the basic IT operations, not to mention enforcing security and compliance policies with perimeter-based approach difficult and costly.
Protecting sensitive resources of an increasingly distributed company with a large mobile workforce is becoming a challenge that traditional security tools are no longer able to address. The most obvious challenge is the growing number of potential threat vectors, so a simple firewall is no longer sufficient: a proper security gateway has to combine a large number of specialized technologies to cover just the most dangerous ones. To protect multiple remote offices, enterprises must either supply each location with a full stack of security appliances or route all local traffic to a central gateway, which dramatically increases hardware costs and bandwidth losses. Often, smaller locations and mobile users are left completely unprotected.
However, an even more crucial problem is the general lack of full visibility across disjointed heterogeneous environments that makes the daily job of a security expert painfully complicated – after all, you cannot protect what you do not know or can’t see. Or for that matter, what you simply cannot reach because it operates outside of the corporate perimeter. Beyond the usual security implications, this lack of visibility also leads to a massive compliance problem, namely the “Shadow IT”. As soon as employees - either frustrated with the inefficiency of their current business applications or simply for lack of better judgment – start using their personal cloud services to perform their jobs, this introduces massive potential impacts not just on compliance but may directly lead to a data breach. Detecting and regulating unsanctioned cloud usage, especially for mobile workers that bypass any perimeter-based controls, is, therefore, a key factor for compliance with regulations like GDPR.
But do all these challenges mean the imminent death of the traditional firewall and an immediate need to rip it out and replace with something entirely new? No, we believe that for the majority of organizations, the existing perimeter defenses are not going away anytime soon. And since the perimeter security alone is no longer able to provide full protection, these organizations should now be looking for additional components for their security infrastructures to plug the gaps in their eroding perimeters and to extend protection to the resources and users outside of them.
An increasingly popular alternative to traditional on-premises security gateways, which are costly, complicated to operate, and create a performance and productivity bottleneck for mobile users, is a security gateway operating directly in the cloud or rather a whole “security cloud” consisting of multiple breakout points across different geographical regions.
Thus, every user or device outside of the perimeter that is currently consuming cloud services directly can continue doing it without any performance penalties and changes in user experience, yet constantly remain protected from the latest cyber threats the same way they used to be behind the corporate perimeter. This way, a secure cloud gateway can be considered the first line of defense in a multilayered “defense in depth” security infrastructure, providing visibility into all internet activities, enforcement of the most important security and compliance policies and identifying and mitigating cyber attacks.
The market now offers a substantial number of cloud-based security solutions that vary in their functional scope, platform coverage, and operational complexity. One crucial distinction among these solutions is the range of network protocols and services that they are able to intercept, analyzing and mitigating threats in real-time – some security gateways only focus on web traffic, leaving all other applications unprotected.
Cisco Umbrella, on the other hand, utilizes the Domain Name Service (DNS) layer to analyze all network connections across all protocols and ports. Harnessing the power of the Umbrella global network – one of the world’s largest DNS resolution services – and the latest threat intelligence from the company’s own Talos Intelligence Group, Cisco Umbrella can identify known malicious or otherwise unwanted network destinations and stop the threats even before a connection is established. Suspicious and potentially risky activities are transparently routed to Cisco’s cloud-based proxy for deeper inspection – customers can even decide to include additional third-party products into the analysis.
Most importantly, all this happens completely transparently for the users, works everywhere outside of the corporate perimeter and does not require any hardware or software deployment.