3 ways cloud-native, third-party security services​ can simplify cloud protection

By Yogesh Hirdaramani

As governments embrace multi-cloud and hybrid-cloud strategies, managing security concerns has only become a more challenging task. GovInsider speaks to Sean Hong, Regional Director - Strategic Alliance Cloud at Fortinet, on how third-party cloud-native security services can help simplify cloud protection.

Cloud-native security services can simplify cloud protection in increasingly complex cloud environments. Image: Canva

Governments across Southeast Asia are embracing the cloud – but many are hedging their bets. Instead of relying on a single cloud service provider, many are developing multi-cloud approaches that let them access services offered by companies such as Amazon Web Services, Microsoft Azure, and Google Cloud. 

 

But this can make security a more challenging task. Not only do multi-cloud environments increase operational complexity, agencies may struggle to maintain visibility over security across these complex environments, says Sean Hong, Regional Director of Strategic Alliance Cloud at Fortinet to GovInsider. 

 

This is why large organisations, from government agencies to financial institutions, are turning to cloud-native, third-party security services to simplify cloud protection. Hong shares three ways such services can do so.

1. Unify visibility over complex cloud environments

 

First, cloud-native, third-party security services can support agencies in maintaining consistent visibility across complex environments, which can include multi-cloud and hybrid arrangements, he explains.

 

“From a security perspective, if you can’t see it, you can't manage it and mitigate your risk exposure,” says Hong. A recent IDC Infobrief found that the lack of a unified security monitoring and management system was one of the top ranked challenges for governments embarking on multi-cloud approaches in Asia.

 

Countries like Singapore and Malaysia have adopted such strategies to ensure that their systems are not dependent on any single provider, he says. Both countries have developed multi-cloud initiatives to access services provided by a range of commercial cloud providers.

 

And hybrid cloud environments will continue to be a reality for some time, due to the persistence of some legacy systems, the need to keep highly sensitive systems in private clouds, and work from home arrangements for civil servants.

 

But managing security across these environments is difficult. First, different cloud environments have varying approaches to security. Second, organisations will not only need visibility across multiple providers, they will also need to monitor the infrastructure that allows applications across clouds to connect and communicate with each other, like APIs, he says.

 

This is why consistent visibility across the entire infrastructure is necessary for cybersecurity professionals in government. Cloud-agnostic third-party services can provide a consistent picture by aggregating all logs and security events on single dashboards, as well as enable organisations to enforce security policies in a consistent manner across environments. 

 

For instance, the Fortinet Secure SD-WAN for Multi-Cloud can automatically deploy an overlay network across different cloud environments. With this overlay, professionals can monitor and manage communications across different clouds, on-premises data centres, and end-users working from home

 

This can then be integrated with Fortinet Security Fabric, which can help agencies gain visibility over the entire multi-cloud infrastructure as well as secure applications and connectivity. This tight integration can enable better user experience, says Hong.

2. Access the benefits of cloud-native methodologies

 

Next, cloud-native security services can support government agencies in fully benefiting from cloud-native methodologies, explains Hong.

 

Cloud migration is the first step for any government cloud strategy – but it’s certainly not the last. This year, the Singapore government announced that though the country is reaching its goal of migrating 70 per cent of its less sensitive systems to the Government on Commercial Cloud 2.0, it will continue its cloud journey by embracing a cloud-native approach.

 

“Governments are pushing the public service to embrace the cloud, and move from cloud-first to cloud-native,” says Hong. A cloud-native approach allows agencies to benefit from higher availability, faster innovation, and improved scalability for their services and workloads. 

 

When it comes to security services, adopting a cloud-native mindset also comes with benefits. This is why Fortinet packages its security applications as fully managed SaaS solutions, making it user-friendly and more flexible for agencies.

 

The “pay-as-you-consume” model of cloud-native security services allows agencies to use security services offered by third-party providers without worrying about managing infrastructure, says Hong. 

 

For instance, the FortiFlex licensing programme allows organisations to easily provision necessary services on demand and can be applied to protect any environment. As a result, agencies can scale their use of services up and down according to need. For instance, they can tap on FortiWeb to defend public-facing web applications when there is an increased need to guard against DDoS attacks

 

Hong Kong-based FinTech platform, YedPay, used Fortinet Security Fabric to securely migrate to the cloud in 2020 within a month – a process that would otherwise take a year. This included cloud-native services such as the FortiGate Next Generation Firewall.

 

A cloud-native approach also involves encouraging developers to include security from the very beginning of the application development process. Cloud-native security services can support government teams in putting that into practice.

 

For instance, Fortinet’s FortiDevSec automatically embeds application security into the cloud-native development process. This tool allows developers to find and fix issues on the spot at every stage of the process, so that developers can focus on building tools without worrying about security. 

 

Such tools also mean that developers will not need to learn and deploy the cloud-native security approaches unique to each cloud provider, explains Hong.

3. Tap on the expertise of leading security players

 

Finally, partnering with third-party security providers enables government agencies to tap on the expertise of leading security experts, says Hong.

 

While cloud providers do provide built-in security services, security may not be their bread and butter the way it is for security companies, notes Hong.

 

Fortinet is supported by FortiGuard Labs, Fortinet’s global threat intelligence and research team, which helps to provide timely and accurate protection and actionable threat intelligence.

 

This research in turn helps to drive FortiGuard’s AI-powered security services, which can counter threats in real time and are integrated into the Fortinet Security Fabric, enabling fast detection and response across complex environments.

 

To read more about how government agencies can deliver security and connectivity in the age of complex cloud environments and work from home, read the IDC Infobrief here

 

To learn more about securing connected devices at the edge, register for the upcoming webinar co-hosted by Fortinet and GovInsider, Internet of Things in the Crosshairs: Navigating Cyber Risks Targeting IoT in the AI Era, here.

 

This article was produced in partnership with Fortinet.