DIRECT-TO-CLOUDIssues & Implications

Dale McCarty

DTC IN THE NEWS

“Just Like Everything Else in the Enterprise Space, Security is About to be

Disrupted”

Mobile, Cloud & Social: Driving business beyond the corporate network (often without policy & protection)

Business Users go Mobile

Users work from home or on-the-go

Users who BYOD50%

90%

80% of my MLPS traffic used to be for applications at my HQ and 20% was Internet bound. Now it’s just the opposite.” – CIO, Fortune 50 company

“

Cloud Apps go Mainstream

Cloud-based applications used by an enterprise

50%

Social goes Enterprise

employees use Facebook at work

75%

TRENDS TRANSFORMING IT

This is the biggest transformation in IT security in the last 20 years.

MPLS backhaul kept life under control for IT

InternetBackhaul

On the Road/Mobile

Regional Gateway

Headquarters

Branch

Branch

Internet

VPNBackhaul

MPLS

Home/Hotspot

No policy or protection

TRADITIONAL IT

• Servers, applications & Data at Corp HQ or DC

• Protect the perimeter with firewalls

• Gateway proxies to protect Users

• MPLS backbone connected various offices

Internet breakout off-loaded MPLS circuits for ”trivial” applicationsOn the Road/Mobile

Regional Gateway

Headquarters

Branch

Branch

Internet

VPNBackhaul

MPLS

Home/Hotspot

No policy or protection

InternetBackhaul

THE NET EFFECT

• Perimeter becomes dynamic

• Applications & data are moving to the cloud

• Users embrace mobile apps

• Gateway proxies and firewalls get bypassed

Internet

DISAPPEARING PERIMETER

Full policy & protection

MPLS

On the Road/Mobile

Headquarters

Branch

Branch Home/Hotspot

Direct-to-Cloud reduces MPLS backhaul & improves user experience

Regional Gateway

• Perimeter becomes “the world wide web”

• The Cloud becomes a Data Center

• Users are going direct to net for applications

• Policy can only be enforced in the Cloud

GEOIP & “REAL” CLOUDS

Los Angeles Dallas

Chicago (East)Denver

Toronto

New York

Washington DC

Atlanta (South)S. Amer. Hub (Miami)

Paris

Sao PauloJohannesburg

LondonAmsterdam

Oslo

Bern

Frankfurt (West)Gdansk

StockholmMoscow

MumbaiChennai

Singapore

Sydney

Hong Kong

TokyoMadrid

TaipeiDubaiRiyadh

Cairo Kuwait City

Kuala Lumpur

Cape Town

San FranciscoSunnyvale

Santiago

Lima

AmmanAtlanta (North)

Herndon

Ft. Worth

Chicago (West)Frankfurt (South)

Nigeria

DIRECT-TO-CLOUD TOPOLOGY

Block the bad, protect the good

Global check post Enforces business policyMobile & Distributed Workforce

Regional Office

Home or Hotspot

HQ

On-the-go

Cloud Services

Social Media

Cloud Apps

Mobile Apps

Botnet

Exploits

Compliance-based security: URL filters & A/V Protection

Risk-based security: Behavioral Analysis & Data Loss Prevention

Not Infrastructure! (That is the role of traditional firewalls, IPS, etc.)Secure Users

Proxy-based Data Loss Prevention and SSL Intercept & DecryptProtect Data

Improve Response Time and Selective AccessEnable Applications

Prioritize bandwidth by application and reduce backhaulStreamline WAN

WHAT DIRECT-TO-CLOUD CAN …AND CAN’T DO

QUESTIONS?(and thank you for your attention!)