Networks Europe Mar-Apr 2017 | Page 21

21 legacy IT models . This is most often found around network architecture , where control points exist in the physical LAN / WAN , and the common zone-based security model works on the premise of a protective wall around the physical network and data centre . However , the rise of BYOD means employees are increasingly operating outside this wall and accessing company data via unsecure mobile devices . This increases the risk of data loss and attacks on the network and has a negative impact on end user experience ; specifically , their ability to consume cloud-based services . Data streams intended for the cloud application are now re-routed for security processing , increasing latency and bandwidth costs .
CLOUD COMPUTING

21 legacy IT models . This is most often found around network architecture , where control points exist in the physical LAN / WAN , and the common zone-based security model works on the premise of a protective wall around the physical network and data centre . However , the rise of BYOD means employees are increasingly operating outside this wall and accessing company data via unsecure mobile devices . This increases the risk of data loss and attacks on the network and has a negative impact on end user experience ; specifically , their ability to consume cloud-based services . Data streams intended for the cloud application are now re-routed for security processing , increasing latency and bandwidth costs .

Choosing the right direction The path a user ’ s Office 365 data stream takes to reach Microsoft ’ s app hosting data centres can have a significant effect on the end user experience . In the case of hub-andspoke network architectures , all data traffic flows via the MPLS or IPSec VPN to the company headquarters before going to the Office 365 cloud , potentially incurring a significant impact on the infrastructure costs and latency . There are good reasons why Microsoft recommends having one public IP address for every 2000 users ; with 20 parallel sessions per user , the maximum number of source ports for classic TCP / IP-Stacks is often quickly reached .
A further challenge presented by Office 365 migration is managing the constant expansion of such an agile cloud service and keeping pace with configuration changes , which are often not optional and can result in a loss of service unless properly maintained . In today ’ s environment , no organisation should be connecting to the Internet without some form of access control between users / devices and the resources they are trying to reach . It ’ s therefore a balancing act to meet the security requirements with the velocity of change being generated . From a security perspective , the implications of other existing security infrastructure components must also be considered . This is especially true given Microsoft ’ s guidance that proxies need to be bypassed to ensure all web traffic receives standard security control treatment .
Alternative network architecture For some organisations , they may view a leap to the cloud as too large a step and that they should keep the design for the old world of IT while trying to accommodate the new . One option is to maintain a hub-and-spoke model , utilising a fast connection from the data centre to the Microsoft cloud via ExpressRoute . However , there are cost implications of HQ-based employees benefiting from good performance when accessing data whilst those working in the subsidiaries and branch offices may still suffer reduced speeds and a poor experience .
Companies should also weigh up the different concepts here in the planning phase too . Local Internet breakouts solve the challenge of the user experience , but sometimes to the detriment of the business case , as the remote locations need the appropriate security infrastructure in the form of unified threat management ( UTM ) devise or next generation firewalls . If a company doesn ’ t want to compromise on security for all subsidiaries with a traditional approach , costs for hardware and maintenance of the security stacks must be factored in .
An alternative approach to local Internet breakouts is to use a cloud-based solution to meet the needs of the cloudenabled enterprise world . In order to avoid having hardware stacks , organisations can adopt a cloud-based security approach to protect local Internet breakouts and guarantee user satisfaction . A platform approach with direct Internet access yields considerably faster access to the desired application when this platform has direct peering with the cloud providers delivering the over-the-top services .
Fast , secure migration to the cloud With a cloud service , companies avoid the resource intensive maintenance of security hardware and can even achieve an increased level of security ; taking advantage of up to 120,000 security updates per day in the cloud , which are automatically available to all customers . This means that administration is significantly reduced , but also removes potential security loopholes resulting from delayed patch management . A security platform with different modules , such as internet Security , Bandwidth Management and next generation firewall , not only ensures that the business-critical Office 365 application has priority over other bandwidth intensive services such as YouTube , but also removes the effort involved in maintaining hardware / software . Even the actual implementation of Office 365 can be simplified through oneclick deployment functionality , which automatically creates the necessary security rules in the background with minimal administrative overhead .
Ultimately , a successful rollout of new cloud services is largely based on the lessons learned from those who have been early adopters , and those that have invested in planning for this new way of consuming these applications and those that design for the new world of IT and accommodate the old rather than the other way around . Taking the right approach to managing the upfront infrastructure requirements before introducing a cloud application , hopefully goes hand in hand with not only a seamless migration , but also in delighting end users with their cloud application experience . n
www . networkseuropemagazine . com