Realigning Network and Security with Cloud Migration: Making the Business Case for a Cloud Mindset | HCLTech

Realigning Network and Security with Cloud Migration: Making the Business Case for a Cloud Mindset
September 29, 2021

Experts predict that the cloud service market will be worth a whopping USD 623.3 billion by 2023. Among the several factors enterprises consider when choosing cloud services, optimising costs is right on top. After all, successful cloud transformation allows an organisation to shift operational costs from a CAPEX model to an OPEX model.

However, enterprises often fail to make this business case work due to oversights and a failure to factor in latent costs. These include cloud service provider (CSP)-transformed services, transformation programs, and added network and security services, which are usually an afterthought during the cloud transformation process. Not accounting for network and security during the planning process can result in enterprises duplicating costs, running redundant networks, and missing critical loopholes in their security infrastructure, making them vulnerable.

Therefore, it becomes a business imperative to carefully plan the cloud transition process and optimise each step to save costs and make the business case feasible. More importantly, careful planning of network and security transformation can contribute to a positive cloud business case. So, how can enterprises realign their network and security to match a modern cloud-based business network?

Building a cloud architecture: A paradigm switch

When it comes to a cloud transformation, most business cases are primarily focused on data center compute, storage, and backup. Some cloud migration approaches based on migrating individual business applications fail to adequately account for network and security aspects, even though they add approximately 20-30% to the overall IT budget. Market studies show that some sectors end up spending up to 14% of their IT budget solely on cybersecurity.

But moving to the cloud is not a magic bullet. While cloud migration opens up opportunities for enterprises to scale and grow with agility, it also increases vulnerabilities. With cybersecurity breaches costing organisations upwards of $3.86 million on average in 2020 alone, network and security realignment cannot be an afterthought. Enterprises must prioritise network and security realignment to implement relevant practices and processes and build a secure and profitable organisation on the cloud.

For legacy technology architecture, network and security are akin to the gates and walls guarding a monolithic factory and the roads connecting the factory internally and externally. This type of thinking has no place in cloud architecture. Modern, cloud-based architecture is inherently open and boundary-less. That is what makes it the perfect choice for organisations looking to leverage their global application hosting capabilities with hyper-scalers. Additionally, cloud applications are frequently integrated with on-premises apps as part of a hybrid ecosystem. This requires a completely reimagined and restructured approach towards network and security protocols.

Today, it is common for us to collaborate with colleagues and customers who are a continent away. Combined with the massive, and perhaps irreversible, spike in remote working since 2020, this has reemphasised the importance of network security. In this paradigm, traditional access controls cannot track the ever-evolving assets spread out both logically and geographically. As a result, they become more of an impediment than an enabler of human productivity. From a practical perspective, it is logistically unfeasible and cost-prohibitive to implement individual security parameters (firewalls et al.) at the on-premises datacenter and each scattered end point.

So, what is the solution? Is it building a cloud mind-set that incorporates network and security realignment right from the get-go? Or, is it establishing a security infrastructure that incorporates the key components of cloud– accounts, servers, hypervisors, storage, databases, network, and containers?

Enterprises need to re-evaluate their network and security architecture to conduct business safely in this highly open cloud paradigm. This new model will have to account for both cost optimisation and business performance in tandem.

Network for cloud: Realigning expectations and practices

Traditional network architecture has followed either a hub-and-spoke or a star network model. These models are provided by large internet service providers (ISP) and have instituted complete dependence on MPLS for organisations. This is a problem as the traditional MPLS-based networks offer little to no control of traffic routing and network usage to the enterprise. The OPEX remains high due to the inability to switch off the services during downtime and cost movement flows in only one direction— up. These models are further complicated by long-term lock-ins and tight-fisted ISP controls, which remain a black box for the enterprises.

On the other hand, a cloud network provides far more comprehensive controls to businesses. These controls are inbuilt in its DNA. The intelligence in network routing is set up at the SDWAN layer, which gives organisations substantial control over their network/IT. Replacing MPLS with the internet and consumer-grade networks, which are equally or more reliable than the enterprise networks, would mean fewer instances of lock-ins. It would also enable enhanced access over cost variability, as services can be easily downgraded without compromising network quality and security controls.

Cybersecurity for cloud: Fortifying cloud businesses

In terms of cloud cybersecurity, as we reduce the reliance on legacy centralised security controls, the controls need to adapt to the boundary-less enterprise and shift their focus to end points and application access layers. In traditional models, the security is primarily on the access level as firewalls, IPS and IDS guard and monitor access in and out of data centers. All incoming and outgoing data traffic is tightly controlled, but once a user gains access, they are relatively free to access applications from inside the network due to the less stringent application security layers. Moreover, the siloed nature of network security means that most industrial systems are segregated from the enterprise IT, limiting the ways in which systems can be accessed.

“Careful planning of network and security transformation can contribute to a positive cloud business case”

The open nature of the cloud network calls for altered security measures to facilitate business performance without compromising application security. We need to change our perspective from periphery control to edge security— across several layers of the enterprise and IT apps/devices. Data-center-based security can slow down performance, especially if the traffic is forced to navigate unnecessary layers, so cloud-based applications need to be significantly more accessible. Moreover, AI and ML can induce monitoring capabilities on behavioural traits and transactional trends to further mitigate vulnerabilities.

In conclusion: Justifying the business case

As the cloud becomes all pervasive, the lines between enterprise IT and industrial IT blur even more. Realigned network architecture, as well as edge security, are the keys to expanding the use cases for the cloud. Redesigning cloud networks can help organisations save on cost and effort, while reimagining security to induce smart security practices can secure applications and avoid any mishaps or added expenses. With meticulous planning, enterprises can achieve exponential cloud-based growth, making it a substantial business case that is impossible to ignore for ensuring greater success.

Get HCLTech Insights and Updates delivered to your inbox