DataCenterNews Asia Pacific logo
Specialist data center news for Asia Pacific
Story image

How to secure clouds, apps & data without a performance hit

By Contributor, PR
Wed 19 Jul 2017
FYI, this story is more than a year old

You've heard it before: The corporate network perimeter has disappeared.

We see this in countless ways.

Organizations are collaborating and conducting digital business globally via hybrid and multicloud, and they're interacting over social networks. More people and devices are connecting into corporate networks from just about anywhere.

Remote workers accessing information and applications worldwide via mobile devices is just one increasingly common example. Significant digital activity has become a requirement for doing business in the current era.

At the same time, it has widened organizations' security surface areas and made legacy security boundaries more vulnerable to newer types of cyber-security threats, such as the recent WannaCry ransomware attack.

Leverage an IOA strategy to place secure controls at the digital edge

The blurring of the network perimeter requires a new approach to security. The most effective solution to is to localize security services at the digital edge, where commerce, population centers and digital ecosystems meet, versus the old method of centralizing security services at a single, corporate data center.

The digital edge must be prepared for multicloud application and data flows that service users and things across multiple global networks and cloud services.

In this environment, security can no longer be thought of as a gate, or a wall. It's now more akin to airport security, with bidirectional domestic and international traffic and various classes of service.

Deploying an Interconnection Oriented Architecture (IOA) strategy is the best way to enforce corporate security in the digital era. It provides a framework for strategically placing networks, security, data and applications at the digital edge.

Locating security services alongside the traffic intersection points of networks, partners and clouds is a major shift from the philosophy of centralizing security services in which most chief security officers (CSO) subscribe.

However, enforcing security controls and extending your security posture to the edge, where most digital business is transacted—allows you to expand, scale and fine-tune your security controls in tune with your digital business.

Not only can you better maintain privacy and data sovereignty requirements, but you can also place latency-sensitive data and services in proximity to multiple clouds and population centers, thereby improving overall performance to all dependent services.

In addition, the strategy helps you gain insights into how cloud and SaaS services are being consumed and enable shadow IT with less risk by applying dynamic and real-time policy controls that govern the use of those services, as well as detect packet-level anomalies.

Finally, the low-latency advantages of implementing security, governance and controls locally can significantly improve the user experience.

Deploying security services via digital edge nodes


You should be.

By following an IOA strategy, you can accomplish these security capabilities with digital edge nodes that act as communications hubs inside the infrastructure they are meant to protect.

A digital edge node is vendor-neutral, which means you can tailor it to support various network, cloud and data capabilities via interconnection solutions such as the Equinix Performance Hub, Cloud Exchange and Data Hub.

Organizations can add security services to the edge nodes to establish edge-based security checkpoints with localized firewall, SSL termination and malware and DDoS protection using a “trust-nothing” security model.

All traffic can be routed to the edge node, where a deep packet inspection zone enables other security services, such as vulnerability scanning, data leakage control and monitoring and logging for analytics.

You can also apply policy management to detect unauthorized activity and catch rogue traffic and user mistakes.

The steps for greater security and control

Equinix has published an IOA Security Blueprint with detailed step-by-step instructions for deploying a secure edge node infrastructure.

The steps involve:

  1. Establishing digital boundary control: Boundary control is all about setting up security checkpoints at the digital edge's primary network with localized firewall, SSL termination via virtual private networks (VPNs) and other protections for malware and DDoS. This contains threats at the edge, where they can be neutralized locally.
  2. Deploying an inspection zone: The primary purpose of an inspection zone is to provide transparency (deep packet inspection) to enable other security services (like those that detect vulnerability exploits or lawfully intercept data leakage, etc.) It also monitors and logs activity for security analytics.
  3. Applying policy administration and enforcement: Policy management (via Policy Decision Points [PDP]/Policy Enforcement Points [PEP]) is applied to establish security “guard rails” with fine-grained prescriptions for what is and is not allowed in traffic flows. Policy management, operating in line with the traffic segmentation strategy, detects rogue traffic or unauthorized activity. It also catches mistakes made by users or developers.
  4. Locating identity and key management locally: By colocating high dependency identity and key management services in each digital edge node, it's easy to improve performance and scale. Simply place services closer to where you have large numbers of users and at multicloud intersection points.
  5. Linking all security controls with logging and analytics: By linking security controls, algorithms can detect any security issues before they cause a problem and ensure all traffic is legitimate before a breach occurs, blocking unwanted traffic locally at the edge.
Security at the digital edge benefits

The benefits of deploying security at the digital edge via an IOA strategy include:

  • Airtight security that doesn't impinge on performance, scale or the user experience
  • Increased insight into cloud and SaaS service consumption, with the ability to apply real-time policy controls that govern their use dynamically
  • The extension of your security strategy and posture to where you do most of your digital business, scaling and changing as your business scales and changes
  • The removal of the security risks of shadow IT, in fact security becomes an enabler to innovation rather than a road block.

Article by Bryson Hopkins, Equinix Blog Network 

Related stories
Top stories
Story image
Artificial Intelligence
ASUS Servers announce AI developments at NVIDIA GTC
The Taiwanese multinational now offers NVIDIA-certified servers with H100 Tensor Core GPU and AI enterprise software suite.
Story image
Eradicating ‘App Fatigue’ and retention problems through implementing no-code ITSM
Almost always, simplicity is best. Intuitive designs and practical workflows are the keys to preventing fatigue.
Story image
Sustainable IT
Equinix partners NUS to use hydrogen tech in data centres
The partners will develop hydrogen fuel technologies for green data centres in tropical climates, and for use in Equinix’s global network.
Story image
IT infrastructure
Bentley Systems announces finalists for the 2022 Going Digital Awards in Infrastructure
The company says that this annual awards program honours the work of Bentley software users who are advancing infrastructure design, construction, and operations throughout the world.
Story image
IT Automation
Juniper Networks announces expansion of Apstra Software with Apstra Freeform
The newly announced Apstra Freeform technology will give customers the ability to manage and automate operations for data centers regardless of the architecture.
Story image
Honeywell launches Data Center Suite for business outcomes
Honeywell has launched its Data Center Suite, a portfolio of outcome-based software offerings to help data centre managers and owners.
Story image
SoftIron announces its newest flagship offering, HyperCloud
SoftIron has announced HyperCloud, the world's first full turnkey, completely integrated and supported Intelligent Cloud Fabric and the company's newest flagship offering.
Story image
Digital Transformation
NTT launches its Cyberjaya 6 data center in Malaysia
NTT expands its hyperscaler footprint in Malaysia with its sixth data center facility, supporting the growing digital economy.
Story image
Data Protection
iseek secures Queensland Government data centre contract
iseek secures the Queensland Government's core network data centre as-a-service contract after a competitive procurement process undertaken by the CITEC.
Story image
Network Infrastructure
Vertiv launches solutions to better manage edge computing
Vertiv has introduced new power and cooling solutions for the edge of the network, including the addition of lithium-ion models to a leading on-line UPS family.
Story image
Digital Transformation
Nanyang Technological University Singapore builds digital brand presence
Leveraging the customisation features of Sitefinity DX, non-technical users could upload content and create design pages and boost work productivity. 
Story image
Iron Mountain InSight SaaS platform extends capabilities on AWS
Company deepens work with AWS, helps customers to accelerate their journey from physical to digital on a global scale.
Story image
Talend announces support for Amazon Redshift Serverless
Talend has announced its support for Amazon Redshift Serverless, with the company saying the integration reinforces its commitment and leadership in supporting businesses.
Story image
Edge Computing
NTT launches Edge-as-a-Service to accelerate automation
"Minimum latency, maximum processing power, and global coverage are exactly what enterprises need to accelerate their digital transformation journeys.”
Story image
Zetaris is changing the way we think about data virtualisation
Zetaris was launched on the Microsoft Marketplace and Ingram Micro Cloud Marketplace in Australia in 2020 and has since expanded into nine global markets.
Story image
NCS, FPT Software launch Strategic Delivery Centre in Vietnam
The new partnership is designed to support increasing demand for high quality digital services across the region.
Story image
Public Cloud
How hyperscalers are shaping Australia’s enterprise cloud landscape future
Australia’s public cloud market encompasses both global and domestic players and there has been widespread adoption of cloud technology across public and private sectors.
Story image
Data Centre Maintenance / Management
Vertiv releases update to Smart InfraSight platform
Vertiv has unveiled an update to its Smart InfraSight data centre management platform, featuring improved intelligence and the ability to manage multiple IT devices.
AWS Marketplace
Whitepaper: A practical guide for mitigating risk in today’s modern applications
Link image
Story image
VMware advances multi-cloud management with VMware Aria
Managing apps and infrastructure in a multi-cloud, especially public cloud, and multi-technology environment is complex.
Story image
InterSystems releases updates to its IRIS data platform
Provider of next-generation solutions InterSystems has announced a series of new releases to its award-winning InterSystems IRIS data platform.
Story image
Google Cloud Platform
Google Cloud to open first cloud region in NZ - among others
Google Cloud has announced plans to bring three new cloud regions, one each in New Zealand, Malaysia and Thailand.
Story image
ManageEngine unveils SaaS availability of Analytics Plus
ManageEngine's Analytics Plus is now available as a software as a service (SaaS) offering, enabling users to set up a completely functional and integrated analytics platform anywhere in under a minute.
Story image
Machine learning
Oracle announces MySQL HeatWave for Amazon Web Services
MySQL HeatWave is a service that combines OLTP, analytics, machine learning, and machine learning-based automation. 
Aws Marketplace
Learn how to implement a backup and recovery plan for a new generation of Kubernetes-based modern applications
Link image
Story image
Equinix invests $23m to expand ME2 data centre in Melbourne
Equinix has completed the second phase expansion of its ME2 International Business Exchange data centre, located in Port Melbourne.
Story image
Worldwide 5G mobile data traffic exploding - report
"With 5G, there is a wider range of deployment scenarios, forcing vendors to provide comprehensive solutions to support every need."
Story image
Cloudera launches all-in-one data lakehouse cloud service
CDP One makes it faster, easier and less risky for businesses to move to the cloud and migrate existing workloads to a modern data architecture.
Story image
Data center
Macquarie Asset Management acquires stake in ST Telemedias VIRTUS Data Centres
"We will further strengthen VIRTUS' focus on sustainability by backing investment in its technology and enhancing the lifecycle management of its equipment."
Story image
Stellar financial result after major strategic moves by Superloop
We get a glimpse under the hood at the financial results from 2022 for the connectivity giant Superloop.
Story image
DCI plans to build new cloud edge data centre in Canberra
DCI is one of the first to commit to the Precinct which has a focus on defence, space, cybersecurity and high-tech manufacturing sectors.
Story image
Sustainable IT
Empyrion DC announces 40MW green data center in South Korea
Empyrion DC has announced it is developing a 40MW green data center in Gangnam, Seoul, South Korea (GDC).
Story image
DCI Data Centers breaks ground on AKL02 center
DCI Data Centers has commenced construction on Auckland's largest data center.
Story image
Data center
Australia’s data centre pioneer still leading after 22 years
We look at the fascinating success of Macquarie data centre's over its 22 year life span and how they continue to innovate in a highly contested sector.
Story image
Fortinet unveils compact firewall for hyperscale data centres, 5G networks
"Fortinet’s dedication to pushing the boundaries of what is possible in security performance has yielded the most powerful compact firewall yet."
Story image
Data Centre Maintenance / Management
Schneider Electric backs new Leading Edge data centre in Australia
As a result of the new project, regional Australian businesses and communities will likely have greater access to distributed cloud networks.
Story image
Software Defined Wide Area Network
Axiata, Versa Networks partner for enterprise SASE in Asia
Axiata has partnered with Versa Networks to deliver Secure Access Service Edge (SASE) technology to rapidly digitalising Asian enterprises.
Story image
VMware extends collaboration with Microsoft for enterprise workloads in Azure
Mutual customers will have the choice to purchase Azure VMware Solution through the VMware Cloud Universal program.
Story image
Growth in hyperscale data centres to increase shortage of IT workers
New Zealand's tech worker capacity is set to come under increasing pressure as the number of hyperscale data centres grows.
Story image
Seagate announces next gen advanced storage arrays
The new Exos X systems feature up to twice the performance of the previous generation and enhanced enterprise-class durability, the company states.
Story image
SnapLogic named Visionary in two Magic Quadrant categories
SnapLogic has announced that it is the only iPaaS (Integrated Platform as a Service) vendor to be named a Visionary in two Magic Quadrant categories.