Taking Cloud-Based Disaster Recovery (DR) to the Next Level with an SDP Client and Smart Endpoints
By Don Boxely, CEO and Co- Founder at DH2i,
Trepidations regarding data protection, privacy and security data protection/privacy—especially disaster recovery (DR)—are driving many organizations to pursue cybersecurity in the cloud. Although the cloud can be at times associated with security challenges, the truth is that when it comes to DR, the cloud provides a number of advantages over on-premises options, the top two of which are:
- Organizations are able to maintain backups separate from their central office, to be more easily recovered after a manmade or natural disaster, such as fire, hurricane or flood.
- Cloud-based DR enables organizations to avoid the steep storage costs and high overhead—as well as the management complexity—inherent with on-premises DR and physical infrastructure expenses.
So, what is it then that helps to ensure success when migrating data into the cloud for DR? It comes down to the method by which organizations go about actually connecting their on-premises source systems to the cloud-based counterparts they are targeting. Organizations have two primary choices here to achieve this connection: virtual private networks (VPNs), or a relatively new solution: software defined perimeters (SDPs).
Why Fix It, If It Ain’t Broken? Spoiler Alert: IT’s Broken
Traditionally, VPNs have been the fallback choice to achieve this connection, as VPNs have for a long time been the go-to when linking physical locations remotely (on-premises use cases). But VPNs have aged-out—especially for DR.
The imprudence of this tactic is obvious when you take a look at the number of data breaches that have continuously occurred in recent years. Such seemingly commonplace hacks are most times tied directly back to VPN security flaws—as one of the numerous examples demonstrate. NordVPN, a popular VPN client, admitted at the end of 2019 that it had been hacked. Of course, that case was just the tip of the iceberg, as MarketWatch recently reported.
The “castle drawbridge” VPN approach leaves too much of a company’s network exposed and vulnerable. It is commonplace in this situation for lateral network attacks to take place as prospective malefactors navigate the network, with easy access to an organization’s sensitive data. Some actions to counteract can assist, such as access control lists. Firewall policies are an additional way to help mitigate the security vulnerabilities of VPNs. But there are no easy solutions, as VPNs demand ample maintenance and updating for just basic connectivity, which can drain IT staff and resources. VPNs are complicated too, when it comes to configuration. In short, VPNs are simply not agile enough for a critical app like DR.
The Software Defined Perimeter Solution
Fortunately, there is now a new and innovative alternative for resolving this connection conundrum. It comes in the form of a more intelligent endpoint approach offered by SDP clients, which were precisely engineered for cloud use cases—including hybrid and multi-cloud environments, which necessitate flexibility and speed —and consequently evade VPN’s shortcomings in this arena. In other words, SDP clients enable enterprises to maintain data security, so that they can take advantage of cloud-based DR and be safe whether their deployment is on-premises or in the cloud.
SDP client software turns the network-exposing nature of VPNs on its head, restoring time and resources to the organization. By transitioning perimeter defenses directly to the cloud DR application, infiltration becomes impossible. For example, say you want to move on-premises data to the cloud from MySQL for DR. An SDP-enhanced solution ensures that there are only perimeters between this specific pair of application endpoints. But with a VPN in this same scenario, the rest of the network is exposed. The principal distinction comes down to the fact that SDP clients decrease the potential attack surface on the network while avoiding the pains of access control lists and firewall processes.
SDP clients provide you with smart, flexible and secure endpoints that align with the ever-evolving business requirements for today’s revamped disaster recovery needs. Hybrid and multi-cloud environments require adaptability, and an SDP client ensures this and more. By transitioning from the traditional yet outdated VPN to more modern and innovative, cloud-based DR software supported by an SDP client, cloud deployments become the ideal answer for disaster recovery, data protection and other security challenges.
About the author:
Don Boxley is a DH2i (www.dh2i.com) co-founder and CEO. Prior to DH2i, Boxley spent more than 20 years in management positions for leading technology companies. Don earned his MBA from the Johnson School of Management, Cornell University.