By Anshuman Singh, Director, Product Management of Application Security, , Barracuda Networks
Barracuda Networks (NYSE: CUDA) is a provider of cloud-connected security and storage solutions. The California based company has a current market cap of $1.80 billion.
Justifiably, there is a lot of hype and excitement about the prospect of cloud computing, and the ROI and efficiencies that it will offer IT departments and business units. Together with this the explosion of mobile devices are forcing dramatic changes in the way the network infrastructure. Amid this hype, however, it is critical to render consideration to how the cloud will affect the way networks are designed, conceived, and secured. Cloud era means a dramatic increase in the sheer volume of data passing into and out of networks at any given moment – a growing amount of it critical to business operations. Content security in particular faces novel challenges as mobility and Web2.0 applications make web traffic volumes highly unpredictable, with massive spikes and troughs from one moment to the next.
The traditional approach to address concerns like these has been over-provisioning compute resources for content filtering, resulting in higher costs and lost efficiency, while still introducing unacceptably high latency and eroding network performance. However, emerging solutions adopt a different approach, by transferring content-filtering tasks to cloud-hosted services where massive resources can be dynamically re-provisioned as needed to handle any volume of web traffic without bogging down the network.
Ensuring Security in High Data Traffic
To maintain network security, content-filtering solutions must examine all the business-critical traffic that these activities create. This can lead to a kind of arms race, where in order to maintain acceptable network performance; organizations must purchase ever larger appliances and provision ever greater resources to content filtering. In addition to this legitimate, business-critical traffic, the volume of non-productive traffic is also growing exponentially.
Traditional Unified Threat Management solutions (UTMs) are designed to bring a variety of security functions – including web content filtering – into a single appliance. To do their job without compromising network performance, they must support massive throughput. More important, they must dedicate massive computing power to scanning content and enforcing policies making them increasingly costly and less efficient given the dedicated nature of the processing power. Furthermore, it means that as new threat profiles emerge, organizations are often required to upgrade their UTM hardware at significant cost. The UTM also tends to bog down network traffic due to a heavy content filtering queue; it can interfere with connectivity to business-critical resources and applications hosted in the cloud – which can result in a significant loss of productivity or interruption of business.
Taking a cohesive approach - cloud based security
Rather than regarding the ubiquity of the cloud merely as a challenge to security efforts, the emerging approaches to security regards it as an opportunity. Solutions that offload content filtering tasks to the cloud represent the most effective new approach to have emerged in response to the changing security landscape. By combining the integrated capabilities of a true next-generation firewall with the elastic, and practically unlimited, computing resources of the cloud, these solutions allow comprehensive, always-up-to-date content filtering of very large traffic volumes without introducing latency to the system. In addition, they promise to keep user costs low and predictable, and to improve overall business continuity and productivity
With effectively unlimited resources in the cloud, and the ability to dynamically re-provision resources as needed in real time, this approach also eliminates the cost and inefficiency of over-provisioning compute resources locally, as traditional UTMs require. Another significant benefit of using cloud-based resources for content filtering is that as new threat categories are identified, there is no need to upgrade or replace on-premises equipment—firmware upgrades are applied automatically and transparently, ensuring the network is fully protected with no interruptions.
Because there is no on-network congestion due to content filtering, connectivity to business-critical applications hosted in the cloud is not affected. And with a next-generation firewall core that includes capabilities to aggregate multiple uplinks and prioritize traffic based on business policies, it can dramatically increase the reliability of those connections, improving business continuity and reducing downtime.
Although cloud is still in the formative years of all-pervasive approval, it would be right to say that it has made a significant headway in the industry already. The cloud is making network boundaries and on & off network traffic seamless. Data is becoming more and more critical to any business and managing and network security solutions need to evolve to manage and this huge traffic without creating bottlenecks. Solutions that offload content filtering tasks to the cloud are the new approach to have emerged in response to the changing security landscape. In addition, they promise to keep user costs low and predictable, and to improve overall business continuity and productivity. As we advance, the coming years will witness further evolution of agile and interoperable cloud based approach that address the security challenges of the modern days.