Meeting The Challenge of Securing the Cloud – Michael Xie, Fortinet

Guest Editorial by Michael Xie, Fortinet Founder, President and CTO

The cloud has been a powerfully disruptive technology, transforming traditional network architectures that have been in place for decades and allowing businesses to be more agile, responsive and available than ever before.

Networking experts predict that by 2020, cloud data centers will house as much as 92 percent of workloads. And yet, while cloud service providers certainly offer compelling new services, they also create isolated data silos that have to be managed separately and that impose unique security requirements on organizations.

Unfortunately, many traditional security solutions were not designed to protect the agile public, private and hybrid cloud environments being adopted today – or the expanding attack surface they create.

When corporate data no longer sits in isolated data centers and users, devices and applications can access virtually any information from any device or location, traditional security models and technologies simply can’t keep up.


And as we can see every day, cybercriminals are ready to exploit these security gaps and weaknesses.

So, while organizations are re-engineering their networks, they have also begun to retool their security model and solutions.

For example, some organizations have begun to move many of their traditional enterprise edge security tools into the cloud to protect critical workloads there and load up on on-demand public cloud security, virtualized security tools designed for private clouds and cloud-based tools like cloud access security brokers (CASB) designed to protect hosted SaaS applications and corporate data.

Meanwhile, security budgets for their existing traditional networks are being reassigned to the adoption of specialized security tools, such as data center protection, web-application firewalls, security for mobile devices, thin clients, secure email gateways, advanced threat protection and sandboxes.


The result, in many cases, is that today’s hybrid cloud environments are recreating the same data center security sprawl that organizations have spent years streamlining and consolidating.

Implementing dozens of isolated security tools and platforms, regardless of how relevant they are to new cloud-based networks, creates its own problem.

IT teams are already overburdened with managing their network transformation.

The lack of additional resources, combined with the growing security skills gap, means that security technicians now need to learn how to deploy, configure, monitor and manage dozens of additional cloud security tools, with no good way to establish consistent policy enforcement or correlate the threat intelligence each of these devices produces.

But what if the data and security elements across all an organization’s various cloud environments were well integrated, cohesive and coherent, like a seamlessly woven fabric.

Such an approach would allow companies to see, control, integrate and manage the security of their data across the hybrid cloud, thereby enabling them to take better advantage of the economics and elasticity provided by a highly distributed cloud environment.


This type of approach would also allow security to dynamically expand and adapt as more and more workloads and data move into the cloud, and seamlessly follow and protect data, users and applications as they move back and forth between IoT and smart devices, borderless networks and cloud-based environments.

An approach like that will address three fundamental requirements necessary to meet today’s advanced networking and security requirements:


  • Security, network and cloud-based tools need to work together as a single system to enhance visibility and correlate and share threat intelligence


  • Security solutions need to work as a unified system for simplified single-pane-of-glass management and analysis and to enable a coordinated respond to threats through such things as isolating affected devices, dynamically partitioning network segments, updating rules and removing malware


  • For security solutions to adapt to dynamically changing network configurations and respond in real time to detected threats, security measures and countermeasures need to be applied automatically regardless of where a threat originates, from remote devices to the cloud

For many organizations, cloud-based infrastructure and services have become a blind spot in their security strategy. And cybercriminals are prepared to take advantage of that.

A critical lapse in visibility or control in any part of the distributed network, especially in the cloud, can spell disaster for a digital business and have repercussions across the emerging global digital economy.

To securely meet today’s digital business requirements, organizations need to be able to cut through the cloud security hype and intentionally select security solutions designed to be part of an interconnected, end-to-security framework that can solve evolving physical and virtual IT challenges regardless of the deployment option.

Security needs to be designed to meet this new challenge not only now, but into tomorrow as businesses continue to evolve. 

(To Learn More, check out the first in a series of podcasts featuring industry experts speaking to what’s new and exciting. Courtesy of Fortinet and YouTube)

About the author:

Michael Xie has more than 15 years of experience in the network security industry. Previously he held positions as software director and architect for NetScreen.

Michael Xie, Fortinet
Michael Xie, Fortinet

He was honored with the 2009 Tech Innovator Awards by Everything Channel’s CRN, and also named a 2006 Northern California Entrepreneur of the Year by Ernst & Young and a Top Technology Innovator by VARBusiness Magazine in 2004.

Michael has an M.S. degree in electrical & computer engineering from the University of Manitoba, as well as M.S. degrees in automobile engineering from Tsinghua University.

Learn More,