By: Jacob Chacko, Regional Director – Middle East, Saudi & South Africa at Aruba, a Hewlett Packard Enterprise company

The pandemic’s acceleration of cloud migration within enterprises has, at this point, been well documented. Last year’s Flexera 2020 State of the Cloud Report suggested that more than 90 per cent of enterprises now have a multi-cloud strategy.

Even in times of great urgency as we have experienced over the last 18 months, enterprise-wide cloud transformations don’t simply happen overnight. In the rush to get their multi-cloud environments off the ground and enable remote connectivity for their workforces, many enterprises will not have suitably adapted their IT and network infrastructure to support applications in a multi-cloud connected environment. Because of this, they will likely now be facing numerous challenges around the performance of mission-critical SaaS applications, automation of cloud security services, and integration of WAN applications in public cloud, to name just a few.

When it comes to meeting and addressing these challenges, enterprises could consider the benefits of an SD-WAN platform which, through a mixture of optimization, orchestration centralization and automation can provide a firm foundation for enabling a successful, performant and secure multi-cloud environment.

Ensuring user experience through SaaS optimization

In a time when applications were hosted in corporate data centres, routing all application traffic from the branch to the data centre made total sense. Today, however, with most applications in modern enterprises delivered through SaaS, backhauling cloud-destined traffic to the data centre only serves to increase latency and impact application performance.

Recognizing this, enterprises could reduce said latency by looking towards a modern, best-of-breed Edge-based SD-WAN platform, which should offer SaaS optimization features to seamlessly and securely connect users from branch sites to SaaS applications, while simultaneously monitoring the SaaS Quality of Experience (QoE).

Key functionalities that any SD-WAN purchaser should look out for include first-packet identification, wherein applications are identified and classified on the first packet, which enables traffic to be routed dynamically to its intended destination (be that the data centre, cloud provider or cloud security). This, in turn, reduces latency and ensures security policies are adhered to. Similarly, Microsoft Office 365 API integration enables secure internet breakout to the closest Office 365 entry point, thus ensuring the best Office 365 performance available.  

Intelligent local internet breakout

Different classes of application require different kinds of treatment to adhere to security policies and controls. As mentioned above, first-packet identification has a part to play here, but there are other functionalities within leading SD-WAN platforms that can bolster security without impacting application performance.

Different applications can be mapped to virtual WAN overlays, each supporting various QoS, transport and failover characteristics. For instance, trusted business SaaS such as Office 365 can be mapped to an overlay that traffics straight to the closest SaaS instance over the internet, whilst untrusted or unknown traffic is sent to the headquarters-based firewall for closer inspection.  

Speaking of firewalls, having a unified zone-based stateful firewall at the WAN Edge is essential to ensure complete, secure local internet breakout. A WAN Edge firewall can connect directly to trusted SaaS applications and IaaS from branch offices, whilst also blocking any unauthorized traffic attempting to enter the branch network from the enterprise LAN.

Network simplification through SD-WAN integration and automation with public cloud

Complexity is the enemy when it comes to network management, and this is most true for particularly large, global networks with many AWS Virtual Private Clouds or Microsoft Virtual Networks (VNets). However, an Edge-based SD-WAN platform can greatly simplify management of such large networks.

By connecting directly to public cloud providers’ global backbone networks, reducing the number of point-to-point connections, and connecting branch locations directly to regional points of presence (POPs) the complexity of the SD-WAN overlay is reduced. An SD-WAN overlay should also support branch-to-branch communication without virtual gateways at each Virtual Private Cloud.

The emergence of SASE

The emergence of SASE has had a profound impact on SD-WAN. Just as SD-WAN is transforming the network infrastructure with uninterrupted connectivity and simplified workflows, SASE takes the logical next step by placing cloud-native security controls closer to the end users where the data is being generated (at the network Edge) and is therefore most at risk.

Although SASE is not a technology on its own, as an architectural framework it offers organizations the capability to bring together security and networking functions into a single, cloud-based service model. In 2021, SD-WAN should form the foundation of a SASE solution: a cloud-programmable networking platform for orchestrating and centrally managing network, security and SASE components.

As part of this, any quality Edge-based SD-WAN must integrate with third-party cloud security services from best-of-breed cloud security firms. Advanced API integration within the SD-WAN platform can enable network managers to fully realize enterprise-wide automation of consistent, network-wide security policies. In this way, they can combine the advantages of an advanced Zero Trust WAN Edge on-premises, whilst also enjoying the flexibility and freedom of choice to enjoy the benefits of cloud-delivered security services from their preferred security vendor.

Final word

Multi-cloud environments can be incredibly complex, and managing their connectivity across an enterprise’s WAN can quickly become an unruly, laborious affair. Not only are IT teams tasked with deployment and management of these environments, but simultaneously they must ensure the highest performance levels and security are achieved for their businesses’ end users, alongside delivering the full transformational promise of the cloud through lifecycle management and orchestration.  

IT teams rely on automation and orchestration to manage the complexity of multi-cloud, and businesses must look to further simplify these processes for their teams, particularly as network complexity grows. An important first step is selecting the right SD-WAN platform to simplify the integration of private cloud, SaaS and IaaS hosted applications.

The pandemic has shifted how, when and where employees work, and it is still unclear as to whether these changes will become permanent fixtures after the pandemic has ended. Even if they do not, much of the investment and groundwork has already been laid. The impetus is now on businesses to follow through on their cloud transformation journeys and create a network infrastructure that is resilient and manageable to deliver consistent and secure application performance over any WAN infrastructure to all users, anywhere, and from any device.

With digital threats on the rise, Mindware, one of the leading Value-Added Distributors (VADs) in the Middle East and Africa, announced that it had signed a partnership with the International Council of E-Commerce Consultants (EC-Council). EC-Council is the owner and developer of the world-renowned Certified Ethical Hacker (CEH) program as well as multiple other cybersecurity programs. The institution has trained and certified over 200,000 information security professionals globally, that have influenced the cyber security mindset of countless organizations worldwide.

As per the agreement, Mindware will leverage the presence of EC-Council to offer cybersecurity certification, education, training, and services in various cybersecurity skills to partners and customers across the Middle East and North Africa (MENA) region. The courses are intended to prepare employees, contractors, temporary workers, and any additional representatives who perform authorized functions online, by offering the necessary information to defend themselves and secure their organization’s assets from damage or loss.

“The post-pandemic world has seen the adoption of new technologies for businesses. Adoption of technologies like Cloud, Artificial Intelligence, and Machine Learning is ever-growing. Businesses today need cybersecurity leaders that can make decisions and set industry benchmarks,” says Jay Bavisi, CEO and President of EC-Council Group. “We are delighted to partner with Mindware to encourage innovation and implement robust cybersecurity training strategies. With this partnership, EC-Council would share its cyber security training expertise and help cater to the growing demand for a skilled workforce.”

Speaking about the partnership, Philippe Jarre, CEO at Mindware says, “Most organizations today are embracing digital transformation and leveraging new-age technologies. With every new technology comes new and sophisticated cyber threats. Organizations are finding it difficult to combat these risks, especially with the shortage of security analysts and professionals in the market. The ongoing pandemic has further exacerbated the problem with the ‘work from home’ trend. A home working environment does not have enterprise cyber security prevention and detection technologies and policies in place. Additionally, home Wi-Fi networks are much easier to attack. Cyber criminals see the pandemic as an opportunity to step up their criminal activities.”

“As part of Mindware’s growing security practice, we decided to join hands with EC-Council to help partners and customers overcome cyber security challenges through high-quality training and certification. We believe that this initiative will go a long way in developing overall skills in the region and reducing the number of cyber breaches and incidents,” he continues.

The latest partnership further strengthens Mindware’s security portfolio and enables the VAD to position itself as a one-stop-shop for security solutions and services. With the specific needs for the region in mind, Mindware and EC-Council will focus on the following training courses:

• Certified Ethical Hacker (CEH)
• Certified Network Defender (CND)
• Computer Hacking Forensic Investigator (CHFI)
• EC-Council’s Certified Incident Handler (ECIH)
• Certified SOC Analyst (CSA)

By Joe Robertson , Director of Information Security and EMEA CISO at Fortinet

The digital automotive experience is revving up for some big changes, from online vehicle shopping, to configuring auto systems, to maintenance, manufacturing, and shipping. The advent and availability of 5G can help assure the required high-speed digital links for autonomous and semi-autonomous vehicles. But that’s not all. 5G is also creating a revolution in industrial automotive systems, as today’s vehicles can be manufactured and shipped faster and more easily than ever. However, the growing number of sensors, actuators, probes, machine connectivity, and the high density of connections (including robots)—all connected through 5G—opens new attack surfaces that need to be addressed. 

These new attack vectors are partially a result of the complex ecosystem of vendors and partners that supply the software and systems that build connected smart cars. At the same time, the real-time nature of driving also means that the computing required to manage on-board systems and interoperate with GPS, smart transportation systems, or other cars on the road, will happen both at the edge (meaning, in the car itself) and in the cloud. This simply widens the scope of the risk of interference and intrusion that needs to be accounted for.

Autonomous and connected vehicles are the perfect example of the compute edge in action. And given the safety issues for passengers in the connected vehicle as well as in the vehicles around it, the need for connected car security at the edge—that can function at 5G speeds—should be the first and foremost consideration. Securing the smart car and all its data, while also providing reliable and secure connectivity from the car to the cloud, is critical. Without security and connectivity working together as an integrated system, automotive companies are open to significant brand reputational risk. And worse, customers could even be putting their lives on the line.

First Gear: Connectivity with an Autonomous Vehicle

To start, the production and manufacturing of vehicles needs to be protected, especially as operational technology (OT) and information technology (IT) convergence becomes the norm. The challenge is that many legacy OT systems cannot afford any downtime and are highly sensitive to any sort of disruption; many systems are irregularly and infrequently patched. As a result, OT systems often lack consistent protection or single-lens visibility. Inconsistent corporate security policy implementation and governance only adds to the problem. In this environment, being able to protect every integration point across IT and OT to boost connected car security, even as interconnectedness increases, is a challenge.

Fortunately, the way auto manufacturers deal with their original equipment manufacturers (OEMs) is evolving. Traditionally, the manufacturer would turn to suppliers to design whole systems: brakes by one, the transmission by another, satellite nav systems by yet another. All these systems were farmed out to subcontractors, and the manufacturer took responsibility for assembling the pieces. However, with this piecemeal approach, the systems that operate the vehicle, engine, transmission, system gauges, fuel and safety systems, cameras, radar and more, might all run on different operating systems. This resulted in disparate and disconnected systems that were not able to efficiently collaborate or communicate with one another and are more challenging to secure. 

Over the last decade we have seen a change. Auto manufacturers see value for the customer when all of these solutions work together, creating a truly integrated experience. Software is the critical component and requires building connectivity and security directly into the system from the start, in the development, testing, and production phases, rather than a bolt-on solution applied at the end of the process. 

Second Gear: Data with an Autonomous Vehicle

Once these connected and autonomous vehicles are on the road, manufacturers need to continuously gather information from these “rolling data centers.” Vehicle data is collected and poured into a giant data lake, which the manufacturer uses to identify issues before they become critical. Since these autonomous vehicles run on compute power, they bring with them all the challenges of enterprise data systems— such as bandwidth, reliability, visibility, and, of course, cyberthreats, whether from malicious criminals or industrial espionage. Today, given current security trends, holding a vehicle for ransom is not out of the question.

Reliable, secure connectivity back to the cloud is critical to protecting customers, delivering the best user experiences, and protecting revenue streams. These cloud connections are crucial. This data is the only way to truly understand how vehicles are used, which leads to new insights and the development of premium customer experiences. Automotive manufacturers need to establish their own cloud platforms for data collection, processing, and provisioning. By keeping the in-car experience within their control, while protecting connected cars and their data, they can leverage car telemetry data to monetize and provide a differentiated, premium in-car experience.

But none of this will work without security. So, what is the best approach to ensure effective connected car security? The first step is integrating systems and software. This requires steering disparate vendors and solutions into a unified and broadly deployed platform that weaves security, connectivity, and networking into a single solution. 

Third Gear: Unification with an Autonomous Vehicle

In the connected-car industry, as elsewhere, software systems are now core to the business. Reliable connectivity and security of vehicles is important. It is possible to achieve powerful connectivity and integration between the vehicles that create the data, the cloud that processes it, and the applications that leverage it, resulting in continuous improvement and optimum user experience. In this scenario, automation, visibility, and an open integration platform are essential for providing the required agility and flexibility across all major public and private cloud providers and technologies. Without vendor lock-in, auto manufacturers can get what they need from proprietary technology while leveraging third-party tools, allowing their technology strategy to continually evolve as their business needs change. 

To unlock the true potential of the connected car, automotive manufacturers need to not only own the in-car experience but all the software and systems as well – from the backend to the front bumper. And because nearly every component of these autonomous vehicles will be connected to an in-car network as well as the cloud, the entire system is at risk if a vehicle is compromised. Thus, securing the car and its data while providing secure connections from the car to the cloud is critical to drive the connected car experience.