Cloud Visibility Overcomes Security Limitation of Turnkey Private Cloud

For government entities, network security is mission-critical and subject to strict regulations. That is why this customer, who was deploying a turnkey private cloud platform, was concerned when they realized their provider could not supply the data needed by their threat detection and security analysis solutions. Without the ability to examine packets for potential threats, their new private cloud would present a considerable risk to their network. In search of a solution to provide access to packet data, this government customer turned to Keysight, who worked alongside their security solutions provider to deploy a total cloud visibility solution and eliminate this serious security issue.

Some Organizations Are Prohibited from Using Public Clouds

While cloud computing offers significant benefits, some organizations do not want to, or cannot legally, connect their computing infrastructure to the internet. This is often the case for government agencies and companies with major federal contracts, that are required to adhere to strict security guidelines. A secure private cloud, with no connection to the internet, offers the best of both worlds: the flexibility and cost efficiency of cloud, with the isolation and separation required for compliance.

Turnkey Private Clouds Are a Compelling Option

Major public cloud providers are stepping up to meet the needs of organizations that cannot use public clouds and have no desire to build and maintain their own private cloud. Several providers now offer a turnkey private cloud platform, with features similar to their public cloud offering, that is completely isolated from the internet, easy to deploy, and flexible to scale. Users are responsible for keeping their cloud deployment updated, but they have no need to hire cloud architects or developers to maintain the platform or its features, which is where many do-it-yourself clouds turn costly and unwieldy. In this use case, the customer chose Azure Stack, a turnkey private cloud platform from Microsoft.

Unfortunately, the convenience of using a pre-built platform came with a trade-off. Azure Stack does not give administrators access to the underlying infrastructure components, such as the hypervisor layer. This limitation meant the security team would not have access to the virtual traffic in their private cloud, which had serious implications for security.

Packet Data Is a Must for Effective Security Monitoring

Governments set up private clouds to host applications in a centralized environment because they can be more easily secured and protected. In this case, the plan was to send traffic from several government agencies—including immigration, security, and law enforcement—to a private cloud for monitoring by best-of-breed solutions.

The government’s security and risk management team chose a leading security vendor to provide products for network and endpoint threat detection and security forensics. These solutions use deep packet inspection to understand the context of communications moving through the network and to identify “indicators of compromise” that provide evidence of a network attack or data exfiltration. Packet detail would be critical to timely, accurate detection and resolution of security issues. Without access to packet data, the customer would not be able to adequately protect their private cloud.