Cloud Direct Connects: The Best Bet for Cyber Security

by Tim Fogarty, Director of Enterprise, Shamrock Consulting Group

If you are a member of corporate IT leadership, you’re likely already aware of the many benefits associated with relocating your IT into one of the 4 primary public clouds: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or IBM Cloud.

While the identity of the big public clouds is mostly common knowledge in IT circles, the best way to connect to them isn’t as clear-cut.

There are basically two ways in which you can plug your network into your public cloud provider of choice: the default method is to connect via the public internet; the second method is to set up a direct connection via a private gateway using a provider’s direct connect onramp (AWS Direct Connect, Azure ExpressRoute, Google Cloud Dedicated Interconnect and IBM Cloud Direct Link).
In this article, we’ll explain:
– What a ‘direct connect’ is and its benefits for your business
– Why a direct connect is better for cybersecurity
– Other cybersecurity considerations you will need to make
– How to get the entire direct connect process started

What is direct connect?

A direct connect is a physical or virtual private connection to one or more public cloud provider. It can be set up from your office, private data center or colocation, or even from a third-party hosting facility.

One of the main attractions of a direct connection into the cloud is cost efficiency. Reducing IT spend is one of the top reasons why decision-makers switch to the cloud in the first place, especially if you’re aware of a need to scale up your operation down the road.

A direct connect is also more reliable than an internet connection, creating redundancy by provisioning multiple connections in one or more geographical areas.

When connecting over the internet, there are multiple potential points of failure and no guaranteed redundancy should one part of the network fail. The route by which data travels can also change over an internet connection due to bottlenecks and fail-overs, and your business will have no control (and likely no knowledge of) when this happens. This can lead to inconsistent connection speeds as well as associated lag and jitter, or even fully dropped connections.

Why is a direct connect better for cybersecurity?

For starters, public cloud providers have complete control over every direct connect made, from the second a network enters their connection gateway. Security of the edge locations and networking infrastructure is the cloud provider’s full responsibility and number one priority. Furthermore, the security and monitoring tools that they use to protect their infrastructure and managed services are industry leading, fully compliant and audited by third parties.

In contrast, cloud providers have no control over and no responsibility for data in transit over the public internet. With the exception of some managed cloud services, you are fully responsible for protecting data from theft and corruption as it travels between your cloud service and your premises or colo. And, since you have no control over the routes your data are following, you have no way of knowing how secure it truly is.

To handle the demand for direct connects, cloud companies work through certified partners, with cloud connections managed from co-location centers. These partners also prioritize security and employ robust virtual and physical security processes.

Additionally, by saving money on your data egress, hardware, and personnel via a direct connect, you will also have more funds available to boost your own onsite security tools and training.

Extra security considerations

Using a cloud direct connect can absolutely make cybersecurity much less of a headache, but beware: it doesn’t absolve your business of all responsibility. Cloud providers operate on a shared responsibility model, with some aspects of security (such as securing all infrastructure from the edge location into the cloud) being under their jurisdiction. Other aspects (such as your MPLS network, onsite infrastructure, etc.) remain your responsibility.

You are also responsible for securing and monitoring any data you put onto or connect into the cloud, although the cloud provider will provide many of the tools to do this with. The amount of manual configuration you or your IT team will have to do will depend on the actual services used and how sensitive the data involved is. Certain features should always be manually configured to optimize security (SSL/TLS, user activity logging, user accounts, and credentials, etc).

Finally, the enforcement of standard security practices such as good password hygiene and enabling automatic OS updates falls on your shoulders as well.

How to get started with a direct connect

Direct connections can be set up directly between your edge device/router and your chosen cloud provider, or they can be set up and hosted with direct connect partners (e.g. AWS Partner Network members, IBM Cloud Exchange Providers or Azure ExpressRoute providers).

Choosing the right provider for your business isn’t always an easy exercise, however. There are over 30 different clouds direct connect providers in the marketplace, differing by location coverage, cloud availability zones, capacity, number of VLANs allowed, dedicated vs. shared connectivity, and price. Shamrock Consulting Group will help you sort through all of your best options and we guarantee the best pricing on any product from any provider.

Now, before you go about setting up and configuring you’re directly connected, you will need to fulfill any prerequisites that the cloud provider has. For example, you might need to be using specific network hardware and configure it to support BGP and VLAN tagging. You will also need to have an active account with your chosen cloud provider.

Once you’ve successfully met your cloud provider’s prerequisites, follow their instructions to obtain authorization for a direct connect and to create and configure the connection. If you don’t have the in-house expertise to do this, there are plenty of third-party consultants and managed service providers who will provide advice or handle the process for you.

As cybercriminals continue their relentless onslaught on sensitive data and the penalties for data breaches become harsher, security needs to be a top priority for all business owners.

Simply put, one of the most effective and cost-efficient ways to protect your data is to get a cloud direct connect, which will significantly reduce risk exposure while still leveraging the many benefits of a public cloud.

About the Author

Tim Fogarty is the Director of Enterprise, Shamrock Consulting Group.  Shamrock partners with all four of the major public cloud providers (AWS, Azure, GCP, IBM) to offer direct connects via each provider’s respective on-ramp at the guaranteed best price. We were also first to market offering 100G direct connect into AWS Direct Connect and Google Cloud Interconnect.