Four Noteworthy Advances in Cloud Security
In keeping with our Fortinet’s long history of security innovation on-premise, Fortinet offers this expertise for the cloud as well. We are proud to announce Four new advances that further demonstrate our commitment to the variety of cloud adoption initiatives organizations are undertaking—enabling them with the confidence needed due to consistent security across their entire infrastructure even as their cloud and networking initiatives continue to evolve.
1. Accelerated Performance—Virtual Security Processor (vSPU) for FortiGate VM
As organizations migrate existing applications into the cloud, they too often find that many of these applications—especially those with high-performance requirements—can not benefit from the flexibility and potential that these new cloud architectures have to offer. Quite often, this is due to the performance constraints inherent in the virtual security solutions they have deployed to protect themselves and their resources, and not in the cloud environment itself. To truly unleash the potential of the cloud’s scale, customers need a new class of high-performance virtual security appliances designed for cloud environments.
Fortinet’s new Virtual Security Processing Unit (vSPU) for the FortiGate-VM solution, modeled after the award-winning security ASICs in place in Fortinet’s physical devices, extends accelerated security performance into private and public clouds. Our new vSPU technology enables customers to migrate their high-performance applications to the cloud without compromising on speed or security. It also supports a variety of other use cases, including highly available, large-scale VPN in the cloud.
Fortinet’s revolutionary vSPU architecture provides a whole new level of performance for virtual security. We also made the process of integrating with new acceleration technologies much easier, which, in turn, provides customers with the benefit of early access to high-performance security in the public and private cloud.
Fortinet has achieved this by applying our 15+ years of proven hardware design leadership to cloud software by optimizing code, eliminating unnecessary processing, and addressing many of the processing challenges and complexities faced by other security solutions. As a result, Fortinet is now the first to market with high-performance support for AWS C5n and Intel QAT, on top of their existing support for DPDK and SR-IOV running in a variety of environments.
2. Cloud Security Analytics—FortiCASB-Cloud 4.1
Gartner predicts that through 2023, at least 99% of cloud security failures will be the result of misconfiguration. So whether an organization is migrating to the cloud or building cloud-native applications, the cloud’s management interface is one of the new threat vectors that organizations need to address. In fact, while many organizations are still trying to use their traditional security tools to deal with cloud security issues, it is important to realize that none of these tools address the threats associated with the misconfiguration of cloud infrastructures—let alone the potential risks associated with such misconfigurations being distributed across multiple disperse and distinct cloud infrastructures.
The cloud security management capabilities provided by FortiCASB-Cloud 4.1 provide organizations with the visibility and controls they need to mitigate the growing risks associated with the configuration of their public cloud infrastructures, as well as with the applications they have built in the cloud.
FortiCASB-Cloud powers security teams with insights and information that help them communicate cloud security information and findings more effectively with cloud DevOps teams. This information helps them better address potential risks, such as those that can be addressed through modifications to infrastructure code in the CI/CD pipeline. Among its capabilities. FortiCASB-Cloud offers organizations the ability to investigate security events, optimize security configurations, and assess an overall security posture against internal or external policies and regulatory requirements.
- FortiCASB-Cloud leverages the public cloud management API to monitor activity and configure multiple public cloud resources on AWS, Azure, and Google Cloud Platform
- FortiCASB-Cloud continuously evaluates configurations across regions and public cloud types to:
– Provide guidance on security best practices
– Offer threat and risk management tools to help mitigate cloud risk
– Trace misconfigurations to their source
– Enable regulatory compliance violation reporting
3. Container Security
As organizations build native cloud applications. they often leverage emerging technologies such as containers and serverless workloads. The use of these technologies to accelerate the application development process is accelerating digital transformation. However, traditional security tools—even those designed for the cloud—cannot address all of the security needs of these workloads.
FortiGate (FortiOS 6.2) Fabric Connectors and New Technology Partners
Fortinet offers a comprehensive Container and emerging technology solution for our customers through a mix of organic products and tools, and integrations with 3rd parties.
FortiOS 6.2 addresses these cloud container challenges with the following advances:
- FortiGate running FortiOS 6.2 Fabric Connectors delivers container-aware security by helping customers secure any traffic entering or leaving (north-south) their container clusters using logical policies based on labels and meta-data information attached to container resources. Since containers cannot be defined using static IP address information, these capabilities are essential when securing container-based workloads for publicly facing cloud applications.
- FortiCASB-Cloud 4.1 delivers container-aware security by providing full visibility into container service configuration risk profiles and vulnerabilities, as well as detailed traffic analysis to and from container hosts.
- Fortinet Cloud Technology Alliance Partnerships deliver container-integrated security with the partnership with companies like (1) Tufin, through their cloud-native Iris platform that manages native cloud security, as well as their Orca platform that manages Kubernetes security without agents, and (2) Alcide, which offers deep integration into serverless and container-based workloads, leveraging emerging standards such as Istio, and supporting agents for containers.
4. FortiMail 6.2 O365 Connector
For those organizations that consume O365 applications, many find it hard to implement a network-heavy security product that requires potentially challenging changes to network configuration. Fortinet addresses this challenge by offering organizations the ability to easily attach industry-leading mail security to their O365 Exchange online instances that have been optimized for cloud performance and that functions as a cloud-native solution.
Conclusion
Fortinet continues to be committed to solving the wide range of cloud adoption initiatives organizations are considering or implementing, whether migrating applications and infrastructure to the cloud, building cloud-native applications, or consuming SaaS applications. Fortinet’s comprehensive strategy of the native integration of our portfolio of products and services into the cloud platforms, offering the broadest set of protections available and enabling single pane of glass management and security operations offer customers the confidence they need to expand cloud operations while deploying any application on any cloud without concerns of risk, availability, or performance.
