Monday, 03 May 2021 17:46

Why uptime and performance are key to cloud security

By Wayne Neich, Bitglass ANZ

Imagine you just bought a brand new car featuring all the latest bells and whistles. You're itching to take advantage of speed camera detection and try out the heated seat backs and armrests. Unfortunately, when you try to turn your car on, nothing happens. If the vehicle doesn't work, then what's the point of having it and all its exciting features?

Ideally, you want something that provides the latest bells and whistles but also performs as promised whenever you want. This is equally true for cloud security solutions.

Over the past several weeks, the importance of uptime and performance for cloud security solutions has been on full display. During that time, my company has been receiving calls from other SASE vendors' customers as they wrestle with their existing security solutions' downtimes.

Unfortunately, one competitor's product recently went down for 14 hours, while another suffered from six outages in 15 days. Such events not only expose organisations to increased risks, but can disrupt the normal flow of operations and even grind business continuity to a halt.

Typically, such service outages find their origins in the underlying infrastructure on which a vendor's products are built. Most SASE providers have opted to create and maintain their own networks of private data centres in order to power their solutions.

However, this approach essentially amounts to an attempt to match the level of service provided by public cloud companies that have dedicated entire businesses to it.

As we observe these outages, a common question is raised: how has just one company maintained its industry-leading uptime of 99.99% since 2014?

The company's platform is built in, and delivered through, the public cloud, meaning it is able to focus on driving innovation with its security technologies rather than managing a fleet of data centres.

Leaning on public cloud providers in this way powers unparalleled uptime as well as a polyscale architecture, which adapts in real time to changes in customers' load profiles, ensuring maximum scalability and performance around the clock and anywhere in the world.

The cloud already has virtually infinite redundancy, storage and compute power, so why try to reinvent it? True cloud security should be delivered from the cloud itself.

Polyscale architecture

There is a broad range of cloud security services on the market with varying functionality. Some operate inline for real-time security. Others operate out-of-band for visibility and control. In either case, the most important buying criterion is service uptime and performance.

Some cloud security services may be sold as network services with a fixed capacity priced at an annual fee per Gbps. Such pricing is suitable for network security services such as firewalls or secure web gateway proxies.

Other cloud security services such as email security, data loss prevention (DLP) or cloud access security broker (CASB), may be sold at an annual fee per user. When there is a mismatch between the technology stack and the business model, uptime and performance are compromised.

Legacy security products are designed for single tenant usage operating at fixed throughput loads, for example 1GB/sec firewall or secure web gateway proxy.

When these products are offered as cloud services, vendors simply deploy these devices in a data centre and charge customers on the basis of the throughput. Pricing and architecture are aligned, and if a customer overloads the network, congestion ensues naturally.

The customer may elect to purchase additional capacity. Other customers are not affected. However, when the legacy architecture is used for services such as email security, DLP or CASB, uptime and performance suffers. Such services are licensed on a per user basis, and the customer expects performance and uptime independent of the time of day, user mobility or usage trends.

For example, a customer with 10,000 users expects the same performance and uptime even if half the users fly to a remote offsite meeting. In practice, such a temporary migration of users would overload the remote data centre that has a fixed capacity, bringing it down for all users and possibly for all other customers.

Security services that are licensed on a per user basis, such as email security, DLP and CASB, require a broad range of technology components such as proxy, scanning nodes, hadoop clusters, mail servers, databases, search indexes and so forth.

Furthermore, such services must scan multiple applications and protocols simultaneously.

In a polyscale architecture, each component is stateless, multi-tenant and can handle any application. When the load rises in a component, say exceeds 50% over a five-minute interval, the component clones itself. For example, when a large customer has an offsite, the remote data centre grows towards the load profile of that customer automatically.

In contrast, vendors with legacy network architectures have struggled to deliver performance and uptime.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments