How To Secure SaaS and IaaS, the Flexible Cloud Consumption Models


Vince Hwang, senior director, products and solutions, Fortinet talks about why securing all cloud use cases across cloud networks, applications and platforms is the security architecture “of the future” that many organizations need right now. Networking and security solutions need to converge to form a native, unified front of protection across all endpoints.

There are many ways in which organizations consume private, public, and hybrid clouds, but from a practical perspective, cloud consumption boils down to either using a cloud application or consuming cloud infrastructure. Cloud brokered consumption models place IT between all users and devices and cloud resources, whether public or private. This enables secure and monitored access to things like software as a service (SaaS) applications, cloud-based storage and infrastructure as a service (IaaS). Cloud direct consumption models, often led by the DevOps team, let end users directly consume resources through APIs, custom applications, cloud-native tools and consoles.

This does not need to be an either/or situation. Today’s organizations are simply looking for flexibility in how they consume the cloud, with capital expenditures and operating expenses being top of mind. Cloud consumption models, whether they are services in the cloud (such as SaaS or IaaS), or services through the cloud (such as cloud-based access controls for off-network users), provide an abundance of software licensing options, ranging from short- or long-term contracts for named-users or enterprise-wide access, to pay-as-you-use models and everything in between. 

Flexible Consumption: How Do You Cloud?

Cloud journeys are personal to each organization, meaning that every organization has different strategies and preferences to how they choose to deploy and consume cloud.

The most common cloud usage involves a subscription to a SaaS offering. This usually entails some type of flexible consumption, allowing businesses to use software without installation or maintenance. Without a traditional licensing model, the business only pays for the number of accounts or devices or the amount of work performed by the software service. 

Flexible consumption models (FCMs) are not new. Utilities and telecoms have been taking advantage of the pay-as-you-go model for years. The current pandemic has accelerated the extension of flexible consumption models, such as car insurance companies that offer low rates and a per-mile pricing structure. Given that almost 42% of the U.S. workforceOpens a new window continues to work remotely due to COVID-19, many consumers are driving less and this model has enabled them to reduce operational costs for their cars. 

Likewise, technology, media and telecommunications (TMT) organizations are shifting to the flexible consumption model to allow their customers to access, consume, and pay for products and services based only on need and usage. On-demand and short-range licensing have also become popular in the SaaS world. Customers feel greater flexibility and control when they are not locked into long-term services and contracts, where they often spend more for less. 

Learn More: 3 Ways Retailers Can Leverage the Cloud To Provide Rich Brand Experiences

The Need To Secure all Consumption Models

As products and services become more software- and data-driven, businesses not only need to think about how their products and service offerings will be delivered, but how the data is being used and how the resources being connected to these services will be protected. There are several considerations for securing different consumption models.

Infrastructure as a Service

IaaS solutions require deploying security in the cloud to protect cloud-based data, applications, and other resources. There is a common misperception that cloud providers are responsible for protecting an organization’s online resources. They are not. And not all cloud-based security solutions are the same.

First, security should be cloud native, meaning that it is designed to operate seamlessly within the cloud platform in which it has been deployed. For example, security and network scalability need to be synchronized so that protections seamlessly follow changes in the network. This enables cloud security to be as scalable and flexible as the cloud it is deployed in.

But for multi-cloud environments, tools like Flex-VM allow organizations to address elasticity and on-demand consumption requirements across all of their cloud deployments. It allows resource consumption to be based upon calculating capacity needs at predefined “points” so organizations can plan ahead by pre-purchasing capacity in consumption points. 

Subscribers to such a service are then able to create multiple sets of a single virtual machine (VM) entitlement that corresponds to a licensed VM. They can then allocate these points to any virtual firewall size and type of security service in seconds, without incurring another procurement cycle. 

These virtual firewalls and security services can be used on any cloud, anytime, satisfying the demand of hybrid cloud environments. And with a central portal to manage consumption, organizations can have the control and flexibility of a secure consumption model that enables their customers and partners to deploy security faster and right-size their investments.

Learn More: Cybersecurity for Multi Clouds: Why the Cloud Needs Native Security

Software as a Service 

Likewise, users and data need to be protected when using SaaS applications. While users connected to the core network can piggyback on existing security solutions, backhauling all traffic, especially bandwidth-intensive applications like video conferencing, through the core network quickly runs into scalability and user experience issues. 

Branch offices, retail locations, and remote super users can rely on secure SD-WAN to provide reliable connections, accelerate application access, and integrated enterprise-grade security. 

But what about the dozens, hundreds, or thousands of new work-from-home employees? Cloud-based secure access service edge (SASE) solutions can easily extend security to these users, ensuring consistent security whether they are connected to the core network or working off-network.

Consistency, Now and in the Future

But all of this is just the start. Any security solution deployed in the cloud should also operate seamlessly with security solutions deployed at other network edges, including the LAN, the data center, and branch offices. Hybrid cloud – a mix of both traditional data center and cloud – is often where many organizations find themselves deploying due to the necessities of their businesses or industry. There may be mission-critical legacy applications or compliance and regulatory requirements that prevent organizations from migrating entirely to the cloud.  A common mistake organizations make is selecting an entirely different security solution for a cloud environment, only to find that they have immediately lost visibility or the ability to enforce security policies consistently across the network. This becomes more critical when a multi-cloud strategy is put in place. Security deployed in each cloud must be consistent to manage consumption, as well as to protect data, applications and workflows as they move between cloud environments.

The reality is that cloud consumption patterns will continue to evolve due to such things as the implementation of 5G, hybrid cloud migrations, sustained work from home, and ongoing digital innovation efforts. Organizations need to carefully strategize about how they plan to consume adaptive cloud environments, especially with regards to implementing consistent security across all network and cloud edges. 

How does that affect the rollout of a flexible consumption model? It requires the convergence of traditional and multi-cloud security, as well as deep integration between security and fundamental networking elements. And it all starts by implementing a flexible and adaptable security framework, built around open standards and APIs, that can operate in any form factor and in every cloud environment.

Let us know if you liked this article or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!