Professional Documents
Culture Documents
Three Use Cases For Securing A Hybrid Data Center
Three Use Cases For Securing A Hybrid Data Center
Three Use Cases For Securing A Hybrid Data Center
Securing a Hybrid
This paper provides network teams
Data Center
and their leadership insights into data
center transformation and securing
Introduction
hybrid data centers while dramatically Network and IT leaders face a daunting challenge. IT is
reducing security complexity. evolving into a business enabler by delivering services
more quickly and closer to customers. Application
workloads need to be able to move, based on business
requirements, across on-premises data centers and
multi-cloud deployments anywhere around the globe.
These highly distributed application workloads move
across the network at an unprecedented rate while
dynamically growing and shrinking to address the on-
demand deployment of applications.
Strata by Palo Alto Networks | Three Use Cases for Securing a Hybrid Data Center | Brief 1
From big data DevOps for Hybrid cloud
to fast data business agility IT
Virtualization, SDN, CI/CD, microservices, APIs Workload mobility,
hyperconvergence multi-cloud management,
and automation
A modern, hybrid data center enables greater IT efficiency, The elastic nature of workloads requires the network to scale
automation, and agility, supporting the delivery of new up and out on demand, but this makes it difficult for data cen-
application workloads across dynamic network fabric and ter teams to enforce security as the workloads move across
hypervisor/virtual machine infrastructure. However, securing data centers and clouds. Data center teams can’t see where
the hybrid data center requires a uniform security approach the workloads are, who is using them, or where those users
across physical, virtualized, and cloud environments while are connecting from. The teams are also challenged to enforce
providing the best visibility, control, and next-generation proper access controls and implement a Zero Trust architec-
threat protection. ture. Fundamentally, security must be consistently enforced
regardless of workload dynamics.
Strata by Palo Alto Networks | Three Use Cases for Securing a Hybrid Data Center | Brief 2
their networks are robust, matching the agility and speed of enforces granular access control across north-south (using
DevOps as well as the line of business. physical firewalls at the perimeter) and east-west traffic (via
micro-segmentation using physical or virtual firewalls).
Orchestration of Workloads That Are Everywhere Palo Alto Networks physical and virtual Next-Generation
As organizations race to the cloud to gain an economic ad- Firewalls enable you to segment east-west traffic flows via
vantage, data centers and clouds are often indistinguishable. microsegmentation and are easily integrated into the net-
Workloads can be orchestrated and provisioned across the work fabric (e.g., on Cisco ACI® or Nexus® 9000 Series, or
cloud, and applications can reside on-premises one day and third-party switches such as Arista CloudVision®). In addi-
in the cloud the next day. This “lift and shift” practice is an tion, our VM-Series Virtual Next-Generation Firewalls can
underlying driver of the hybrid data center architecture. New be integrated at the hypervisor level to help secure virtualized
orchestration tools allow workloads to be easily provisioned, infrastructure (e.g., across multiple hypervisors and SDN en-
deployed, and administered across multiple data center and vironments, such as VMware NSX®, Nutanix®). The VM-Series
cloud environments. can help protect the perimeter and segment east-west traffic
Network operations for the hybrid data center require full, within multiple public clouds, such as Google Cloud Platform
continuous network insight to better manage security across (GCP®), Amazon Web Services (AWS®), Microsoft Azure®,
the hybrid data center footprint as well as support orchestra- Alibaba Cloud, and Oracle Cloud®.
tion of workloads across multiple locations and in a multi-
cloud infrastructure. 3. Automate Threat Protection
Data center network teams protecting hybrid data centers with Palo Alto Networks multilayered defense enables you to
traditional security approaches face a security complexity tri- discover threats and malicious activity, block threats in
fecta: limited visibility and imprecise control, an ever-expand- real time, and automatically isolate infected hosts to min-
ing attack surface, and increasingly advanced cyberthreats. imize business disruption as well as prevent data loss. This
Overcoming these requires adopting a new hybrid data center automated threat protection strategy for the hybrid data
protection methodology to gain complete visibility, minimize center requires broad coverage with tight integration, in-
the attack surface, and automate threat protection. cluding the following functions:
• Threat prevention to block known threats and vulnerability
Three Use Cases to Protect the Hybrid Data attacks (network and application).
Center • Advanced malware analysis to automatically identify and
1. Gain Complete Visibility protect against zero-day exploits.
Complete visibility—of who the users are, what applications • Security analytics to analyze endpoint and cloud telemetry
they’re accessing, and when and where they’re connecting— for automatic detection and response to stealthy threats and
is one of the biggest challenges for data center teams. Achiev- insider attacks based on malicious network or host activity.
ing this gives teams a comprehensive view of devices and • Endpoint security to protect servers (physical or virtual,
connections so they can track applications and users. Appli- on-premises or cloud) from malware, exploits, and
cation and user insights simplify network security manage- ransomware.
ment functions, such as installation, deployment, and main-
3000 Tannery Way © 2020 Palo Alto Networks, Inc. Palo Alto Networks is a registered
Santa Clara, CA 95054 trademark of Palo Alto Networks. A list of our trademarks can be found at
https://www.paloaltonetworks.com/company/trademarks.html. All other
Main: +1.408.753.4000 marks mentioned herein may be trademarks of their respective companies.
Sales: +1.866.320.4788 3-use-cases-for-securing-a-hybrid-data-center-strata-b-100720
Support: +1.866.898.9087
www.paloaltonetworks.com