Migrating to cloud? Consider Microsoft Azure

Migrating to cloud? Consider Microsoft Azure

Key points

  • Microsoft Azure gives enterprises the flexibility to start small and grow their infrastructure as their business grows.
  • Enterprises can easily integrate Microsoft apps and services into its existing solutions.
  • Microsoft Azure offers secure cloud solutions by using sophisticated encryption algorithms and techniques.

Australia is at the forefront of cloud adoption. Approximately 95% of organisations are running applications or experimenting with infrastructure as a Service (IaaS), with cloud service providers, such as Microsoft Azure, managing the infrastructure – and for a good reason. They are seeing the benefits of migrating their apps and workloads to the cloud.

Microsoft Azure (‘Azure’) is one of the fastest growing and most secure cloud infrastructure platforms available today. It is renowned for its speed, flexibility, and resilience. It boasts the highest amount of security and privacy certifications of any cloud provider. Azure empowers workers to be more productive, enables cognitive learning and AI, and can ultimately transform businesses.

Here our cloud specialist, Dev G, digs a bit deeper into the benefits your business could experience shifting to Microsoft Azure.

Ability to scale on demand.

Cloud infrastructure is hugely beneficial to organisations looking to shift workloads to an expandable pool of resources that can contract and enlarge as demand requires; Azure is no exceptionAzure scales alongside an enterprise’s current needs, Enterprises can monitor and tailor their cloud usage as per their workload requirements in a secure environment with no limitation on server capacity. Thus, giving them the flexibility to augment their infrastructure at a pace that suits their business needs.

Azure can also be set up to auto scale as workloads change. With greater scalability, enterprises can gain the experience and confidence in operating their business in the cloud as they continue to grow, while only paying for what they use.

Tip – To make the most of Azure’s hyper-scale environment and avoid unnecessary costs, enterprises should avoid making the common mistake of ‘just’ migrating from on-premises to the cloud. Enterprises need to continue to monitor Azure once they have migrated to the platform. There are helpful tools, such as Azure Advisor and Azure’s auto-scaling engine, to help set triggers to analyse the environment, including workload behaviour, and create sanctions for availability, performance, security, and cost. 

Greater Flexibility 

In the dynamic technology sector, enterprises need to partner with a host that can evolve as quickly as their needs do. Azure can easily adapt to an enterprise’s unique business needs and provides the capability to manage, deploy and control infrastructure from almost anywhere, at any time, enabling enterprises to modify the cloud as required.

Tip – When adopting Azure, enterprises need to scrap the ‘lift and shift approach. They need to see Azure as a highly scalable and adaptable solution that can be right-sized to their specific and current needs – such an approach will lead to many cost savings. 

More Availability 

Azure features an industry-leading SLA and more than 10,000 Availability Zones enabling businesses to migrate their workloads seamlessly from one locality to another.

Tip – Enterprises need to be mindful that the availability is not built-in to Azure by default. Just because it is in the cloud does not mean a resource is always available. It is important workloads enterprises can access their workloads from more than one virtual machine within the same availability zone (to achieve a high SLA).

Improved Accessibility

Azure offers enterprises the freedom to access services from any device and any location in a secure environment. Azure enables enterprises to easily integrate Microsoft apps and services into their existing solutions. Enterprises can also use the Microsoft Azure App service to write apps that use all the platform’s capabilities, including app storage, networking, servers, storage, database, analytics, and machine learning.

Robust Security 

Azure offers several secure cloud solutions which use sophisticated encryption algorithms and techniques. When users access Microsoft cloud services, they can retain complete control of their data while remaining fully protected. Azure’s also gives enterprises the flexibility to choose which apps they want to use, the level of encryption to employ and other settings.

Tip – Enterprises need to ensure they have the right security and backup levels in place when they move to Azure – ultimately, it is their responsibility regardless of if the workloads are on-premises or in the cloud. Enterprises also need to extend their continuity strategy, processes and tools to include Azure – there are various storage and backup tools available. 

Ability to optimise costs 

Many customers have no idea what discounts or entitlements are available with Microsoft Azure and therefore miss out on huge cost savings. With Microsoft’s huge customer base, it has been able to offer discounted prices to its customers. As the market gets more competitive with AWS and Google, costs will likely go down even further. Also, Azure provides a ‘pay what you use’ model, which significantly reduces the upfront costs for small businesses.

Tips – Azure subscriptions should align with an enterprise’s business goals. Governance tools such as Azure Scaffold can be a powerful cost-management tool, helping enterprises protect businesses from human errors, tag resources, set up policies, quickly run reports on various resources and reduce susceptibility to vulnerabilities which could lead to costly mistakes in the future. 

A great way to optimise your costs with Azure is to shut down machines that are not mission-critical when they are not in use (e.g., after-hours). If you are using a subscription model and not paying upfront for virtual machines, you don’t need to have your infrastructure operating 24 x7.  

Platform as a Service (PaaS) 

Another core strength of Azure is its Platform as a Service (PaaS) capability. Completely serverless, enterprises do not have to worry about infrastructure, including monitoring patching or remediating the server. Enterprises do not have to waste time on deploying, configuring, managing, and monitoring IaaS infrastructure Their IT team can spend more time on the business’s strategic aspects; helping it grow and succeed and save on time and money.

Tip – Enterprises must select which workloads they want to move to PaaS as not all workloads are suitable for this environment.

Hybrid Capability 

Azure allows enterprises to build hybrid environments, enabling them to take advantage of on-premises resources and the benefits of operating on a cloud platform without any hidden unnecessary costs.

Azure continues to grow rapidly, regularly adding support for various features, applications and different technology platforms. If you are considering migrating to the cloud, Azure should be on the list of options.

Oreta has gold partner status with Microsoft because of its distinctive competencies in Azure, including system integration and managed services. We partner with customers throughout their journey to the cloud – from advisory and delivery to operations and continued optimisation.

Firewalls as a Service (FWaaS); the future of network security

Firewalls as a Service (FWaaS); the future of network security

Does your organisation still have a physical (or virtual!) appliance for a firewall? Its days may be numbered. Developments in cloud solutions are creating an upward trend toward cloud-based security services. Cloud firewall deployments are becoming the norm in many enterprises. Firewall as a Service (FWaaS), otherwise known as ‘Cloud Firewalls’, has surfaced as a standalone product and a key element of the overarching Secure Access Service Edge (SASE) architecture. FWaaS is helping meet enterprise security requirements and improve network connectivity and end-user response times.

Here we help build your understanding of what FWaaS is, why companies are considering it as part of their security strategy, and why it is an integral part of the SASE architecture.

What is FWaaS?

Much like a fire-proof wall prevents flames from travelling through a building, network firewalls prevent unauthorised access to, or through, an organisation’s network. They act as an inspection gateway, stopping malicious data from entering or exiting the secured network.

Firewalls have been an essential element of network security since their invention in late 1980, just before the launch of the web browser in August 1991. The rest, they say, is history. As companies move their applications and data to the cloud and people work remotely, firewalls continue to evolve.

FWaaS is the latest version of the Next Generation Firewall (NGFW). It operates the same way as an ordinary hardware-based firewall; however, instead of installing a firewall appliance on a physical server, it puts the same capability to the cloud. FWaaS provides a centrally managed exit point for all staff’s internet access (e.g., corporate headquarters, remote and branch offices, mobile users) without backhauling the traffic through the corporate data centre. It leads to end-user performance improvement, reduced network and link costs, and removal of the DC bottleneck. As a result, FWaaS permits the data centre firewall to focus on its primary role – protecting the corporate servers and data.

As a corporation no longer manages the infrastructure or software patching, security staff can focus more on performing a role that creates real business value – protecting the corporate data. By centralising administration, a consistent security policy can apply across all staff traffic.

How Does FWaaS Work?

Firewalls enforce rules developed by the organisation’s IT administrators that ‘gate’ what staff can access (e.g., Web sites/categories, IP addresses). When prohibited behaviour is detected, users are blocked and alerted accordingly. As mentioned above, this is very similar to a legacy on-premises firewall; however, it is conducted “in the cloud” using an FWaaS provider.

Installing the firewall is comparatively easy, often only involving changing a company’s router settings. As soon as the network links to the FWaaS provider, network traffic travels through the provider instead of the company’s firewall.

Why do companies need FWaaS? 

With more companies adopting the cloud, and an increase in remote workers, network complexity is intensifying. As a result, the network permitter has changed. Where corporate data was previously on-premise, data is now in “the cloud”. A centralised firewall introduces latency due to backhauling data to the central corporate firewall, which may require high network bandwidth to improve performance, which in turn flows on to needing a larger firewall to accommodate the extra traffic flowing.

FWaaS addresses these inhibitors by providing dedicated, corporate-controlled security services located close to the end-users and the data they seek to access. Shorter paths mean lower latency and better response times. Corporate security is enhanced with a firewall to user access and lets the data centre firewall focus on its original function of protecting the corporate data centre.

T teams can now build customised cloud-friendly security models protected by enterprise-grade firewalls as a vital part of a cloud strategy.

The Benefits

FWaaS is the answer for companies looking for enterprise-level network security solutions but is still in the early stages of deployment. In September 2019, Gartner estimated that less than 5% of distributed companies deploying cloud-firewalls took advantage of FWaaS. However, as the benefits become more widely known, the number will likely quadruple to 20% by 2024(1).

Here are some of the reasons an increasing number of companies are leaning towards FWaaS:

Simpler architecture – FWaaS manages corporate user traffic by leaving the current data centre based physical firewall to handle only data centre related traffic, thus simplifying the firewalls’ configurations by dedicating them to specific tasks.

Scalability – FWaaS scales “on-demand” compared to the physical firewall, requiring life cycle management and capacity planning. When additional throughput is needed, it can be enabled within hours or days at incremental pricing with no disruption to service.

Unified Security Policy – FWaaS provides a single egress point for all staff, whereby enforcing a standard policy without addressing the potential multiple egress points that may exist today.

Easy to install and manage – Companies can easily integrate FWaaS into their existing IT infrastructure – no complex implementation.

Easier maintenance – FWaaS firewalls are always current, so there are no risks of late or missed software updates. IT staff have more time to plan the infrastructure’s future needs rather than on routine maintenance.

Complete network visibility – Together, FWaaS and SD-WAN can implement a single logical managed platform. Companies have full visibility and control over their user internet and WAN traffic from one centralised location. In turn, companies can get consistent delivery of critical security information (e.g., data breach).

Cost-effective: Business units can configure and manage FWaaS remotely. Thus, eliminating the need to purchase, license, install, maintain, and update hardware and software. Simply put, FWaaS is ideal for businesses of all sizes as it can reduce costs significantly while maintaining the safety of all their data.

Challenges of FWaaS

The following are challenges (not disadvantages!) companies may face when they adopt FWaaS :

  • Resistance to Adoption: Enterprise businesses may be hesitant to move a critical function like security into the cloud. They may be willing to forego all the cost savings and operational conveniences of FWaaS and continue to stay with legacy firewall appliances.
  • Concerns about Network Latency: As mentioned above, integrating SD-WAN and other cloud services with FWaaS makes it a more attractive solution for enterprises. While doing this, FWaaS providers need to guarantee a network latency comparable to or better than that of legacy firewalls.
  • Data Centre Traffic: Corporate servers in data centres have different access requirements linking inbound connections. FWaaS are maturing in this space, but it’s not there yet. Currently, the data centre still needs its own firewall/internet service. We expect this limitation to reduce over time. Telstra has released their Secure Edge product, which addresses these constraints.

FWaaS & SD-WAN

FWaaS provides several benefits as a standalone solution; however, when it converges with other technologies such as Software-Defined Wide Area Networking (SD-WAN), companies can restructure their network and route it directly to its destination without sacrificing security and visibility. FWaaS and SD-WAN can significantly enhance performance and serviceability and reduce the dependency on the corporate WAN. Together, FWaaS and SD-WAN are essential components of the emerging cloud-based networking architecture known as Secure Access Service Edge (SASE).

FWaaS & SASE 

When aligning to the SASE framework, FWaaS connects with other cloud-based security components to develop an architecture that provides inline protection and access control at the network edge. SASE is becoming the framework for securing organisations. SD-WAN’s capabilities address connectivity constraints, restricting heavy end-user access by creating a reliable firewall connection for office, branch, remote and mobile locations.

Together with FWaaS and SD-WAN, the SASE framework incorporates Cloud Access Security Brokers (CASE), Secure Web Gateways (SWG), and Zero Trust Network Access (ZTNA) to defend the network from potential threats.

Making the Switch to Firewall as a Service (FWaaS)

Is your organisation ready to adopt FWaaS? The answer is ultimately dependant on where your company’s network strategy is going. An SD-WAN strategy aligns with cloud-based FWaaS. SD-WAN with FWaaS will reduce the load and complexity on the centralised corporate firewall whilst providing a better end-user experience to corporate users due to better egress pathing.

Companies with a complex firewall deployment will still need to maintain an on-premises firewall; however, Telstra’s Secure Edge FWaaS is a new option that places the firewall on the edge of your existing MPLS network. This solution provides a Next-Gen Firewall which protects both corporate users and the systems in the data centre.

FWaaS, either cloud-based or Telstra’s network-based solution, should be considered when you review your network or firewall strategy.

Oreta partners with vendors to offer customers cloud-based FWaaS solutions that have Next-Gen functionality. Our strategic partners include Palo Alto Networks, Checkpoint and Cisco. With our advisory, delivery and managed service capabilities, we can ensure that our customers benefit from a SASE or FWaaS solutions. Contact us today for a non-obligatory conversation about your company’s security requirements.

Resources

  1. Top 4 firewall-as-a-service security features and benefits (techtarget.com)
Roundtable – Secure SD-WAN; foundation for your digital strategy

Roundtable – Secure SD-WAN; foundation for your digital strategy

Secure Access Service Edge (SASE), pronounced “sassy” supports secure branch office and remote worker access. SASE’s cloud-delivered set of services, including Zero Trust Network Access (ZTNA) and Software-Defined WAN (SD-WAN) is driving rapid adoption. Gartner predicts that by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at the end of 2018. More and more companies are evaluating their network connectivity in the new world, post-pandemic, and the importance of encompassing secure network technologies as part of their digital strategy. Recently Oreta, together with VMware, hosted a dynamic technology roundtable discussion that mainly focused on the future of SD-WAN and Secure Access Service Edge (SASE). Moderated by Oreta ’s MD, Sachin Verma, several insights and tips were shared during the conversation, including; Key Insights
  • SD-WAN is not a question of if, but when. SD-WAN is hardwired; driven more by a cloud strategy than a network strategy.
  • SD-WAN overcomes the challenge faced with less than agile Telcos assisting with speed to market.
  • SASE (Secure Access Service Edge) is not a bolt-on. It has to be part of your network strategy when deploying SD-WAN.  It provides greater convenience, however, with convenience comes a price.
  • A company’s security posture depends on what network platform a business uses. More companies are moving towards a user-based security architecture.
Key Takeaway
  • COVID was an eye-opener to many companies regarding the influence technology has on business outcomes. IT needs to take decision-makers (e.g. IT procurement and finance) on the journey from awareness, education, and adoption, and bridge the knowledge gap that exists within some organisations.
Moving Forward – Customer and Partner Expectations The conversation extended its focus to the importance of developing a healthy working relationship between a customer and their technology partner when resolving connectivity issues and upgrading from a legacy WAN to secure SD-WAN. There are three fundamental components customers look for when appointing a technology partner. They include;
  • Technology partners must have a proactive outcome-based approach to advising/guiding customers on emerging technologies and trends. Don’t just promote the next ‘shiny’ offer,
  • Technology partners should have a genuine willingness to solve a problem – no matter what the issues may be,
  • Customers want to purchase an outcome and not be tied down with issues, so that they can concentrate on more strategic aspects of the business.
There are three fundamental components a technology partner looks for when working with a customer, including;
  • Customers want to have trust in the value of the advice and service provided,
  • Customers want to adopt a collaborative approach with their chosen technology partner, and work together to develop a successful outcome,
  • Customers want their technology partner to be readily available to work with them to resolve issues as and when they arise.
Oreta achieves Microsoft Gold Partner status

Oreta achieves Microsoft Gold Partner status

Oreta has achieved the Microsoft Gold – Certified Partner status in the Cloud Platform solution competency.

Attaining this status is no easy feat and is only achieved by a very small percentage of Microsoft’s global partners. Partners, such as Oreta, which accomplish this status have met the highest standards of Microsoft’s widely recognised partnership program.

Microsoft has a policy of strictly assessing all its partners, and several criteria have to be met before any certification is awarded. Oreta achieved its gold status after passing rigorous examinations, and our technical specialists attaining their Microsoft Azure Administrator Associate certificates.

Sachin Verma, MD, Oreta, said that “Our Microsoft gold partner status adds to our capability stack. It proves that we have deep expertise in deploying cloud solutions that will put us at the top of our partner ecosystem.”

The gold partner status is a testament to Oreta’s commitment to Microsoft’s cloud services. It will enable us to have a higher level of engagement with our Microsoft contacts, as well as boost our internal research and development efforts, and consequently offer greater support, both technical and commercial, to our cloud customers, especially those who have or are considering investing in Microsoft Azure.

Mr Verma said that, “With the Microsoft Gold Partner status, Oreta is now accredited as a Microsoft Azure specialist, our customers can now leverage our expertise to deliver advanced cloud solutions and take our customers even further in its journey to cloud.

If you looking at replacing or augmenting your on-premise servers, Microsoft Azure could be the right solution for you. If you’re interested in learning about its full potential and ways you can use it, talk to one of our technical experts today.

Talk to us about your cloud needs

Transforming with SD-WAN

Transforming with SD-WAN

What is SD-WAN?

SD-WAN (Software-Defined Wide-Area Network) allows for a new way to manage WAN connections such as broadband internet, 4G, LTE, or MPLS. It connects networks of all sizes from SMB to enterprise — including branch offices and data centres — over large geographic distances.

Customers no longer need to invest in expensive, proprietary technology to get the connectivity they need. SD-WAN allows customers to a range of technologies to deliver higher values of service.

SD-WAN essentially virtualises the network and abstracts much of the complexity from the customer. It is now possible to use lower-cost links for backup (think NBN or 4G) as opposed to paying for different path point to point connections. All the management of these links are centralised, and traffic can be routed via the most appropriate path. This approach can significantly assist organisations who are looking to deploy into Hybrid and Multi-cloud environments.

Getting your design right

While many SD-WAN solutions may make it sound simple to deploy and manage, it is crucial not to miss the design phase of your overall network requirement. Understanding traffic flows, firewall rules, application dependencies and system performance needs to bring any SD-WAN project to a halt. It is also crucial to build a level of future-proofing into your design. Incorrect sizing of the equipment to meet your future business needs is a very typical issue that hits many organisations. SD-WAN allows you to scale your network bandwidth needs, but it needs to have the capacity itself for the number of users going through it, especially for things like remote VPN and FW throughput.

How can we help?

Oreta has multiple in-house resources that can assist you in understanding and transforming your network to meet your changing business requirements. Many of our resources are certified with our industry partners and are technically adept at working across several WAN technologies, routing and deploying SD-WAN.

We have a profound understanding of our partners SD-WAN applications, including VMware by Velocloud and Cisco’s full Cisco SD-WAN stack, from small to medium business products (Meraki) to large scale enterprise (Viptela). Also, we have a strong background in integrating connectivity options from Telstra, Equinix, AWS, Azure and Google Cloud Platform (GCP).

Oreta can tailor your SD-WAN solutions, using the lowest cost links while giving you the highest levels of service and security.

If you would like more information, please get in touch with us here.