Cloud: More Journey than Destination

When I was at the Ignite user conference recently, a customer said they didn’t yet have a roadmap to move towards a private cloud model. By “cloud,” he meant an IT infrastructure where computing resources are pooled together, and applications of different trust levels are residing within the virtualized server. He was worried that this was an atypical perspective in the IT world.

In fact, the cloud is not the utopia IT architecture for all enterprises, nor should it be. It is one of multiple options towards a more efficient, responsive and available IT infrastructure. And, it may be a journey of a thousand miles to get there, rather than an immediate migration. That’s okay. You will get there one step at a time. After all, there’s still a lot to do in terms of data center consolidation, segmentation, securing your virtualized infrastructure, and safely enabling data center applications. But whichever challenge you’re tackling now and whether or not you’re heading to the clouds, we’re here to help. In fact, we have leveraged many of the benefits and characteristics of cloud computing technologies within our next-generation firewall solution.

Cloud Computing Might – For example, the ability to utilize pools of computing resources has been used to great advantage by developers. That same cloud computing benefit can now be extended to optimize and accelerate security analysis. That’s exactly what we’re doing with WildFire. With WildFire, we are harnessing the computational power of cloud to analyze unknown files for malicious behaviors as part of a comprehensive strategy to tackle modern malware. The power of the cloud enables hundreds of thousands of files to be analyzed in minutes, with a platform for malware that lets it do exactly what an attacker intended it to do. This means the malware can be observed in a protected cloud “sandbox” without impacting an enterprise’s network. This would be much harder to do inline, with an on-premise appliance.

Dynamic, Automated Security Services – One of the most popular application development platforms in the cloud– Amazon Web Services– was built by developers for developers. The design is all about optimizing the backend infrastructure so these application developers can leverage common features and services, and quickly get up and running. Application developers are nimble, tearing down and creating virtual machines in minutes, and they automate many of their application delivery processes.

We’ve also learned from this model that it’s important to embrace the dynamic and automated nature of this environment so that security doesn’t slow down the application delivery process. We do this with dynamic address objects (new feature in PAN-OS 5.0) and our REST XML API features. Dynamic Address Objects are a new address object type that can be updated using our XML API. They can be referenced in security policies and when virtual machines are created or moved, security policies can be enforced without a manual change.

Using a combination of orchestration software APIs (from companies like CA or VMware) and our XML API, security operations like creating a new firewall, applying an initial configuration, applying common security policies and maintaining these policies can all be automated. In a large, dynamic data center with a high rate of change, this automation not only improves response times for firewall changes but also reduces the chance of outages caused by firewall administrator errors.

So, while you may not quite be ready for the cloud, your next-generation firewalls have the features to support you when you decide it’s time.

Get the eBook –  “Modern Malware for Dummies”

via Cloud: More Journey than Destination ‹ Palo Alto Networks BlogPalo Alto Networks Blog.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of the author. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided "as-is". The author shall not be liable for any damages whatsoever arising out of the content or use of this blog.
%d bloggers like this: