Apttus was created within the cloud. We offer AI-driven SaaS choices to the customers, including Quote-to-Cash, Contract Management, Digital Commerce and Supplier Relationship Management solutions. Our “all in” cloud approach helps us better serve our greater than 700 customers around the world.
Some organizations have a hard time learning how to run modern cloud infrastructure. So, understandably, they go ahead and take crawl before you decide to walk, walk prior to running approach. This looks something similar to: Have a lift-and-shift approach and migrate applications “as is” towards the public cloud infrastructure (IaaS) optimize critical factors from the migrated application to leverage the managed services (PaaS) available within the public cloud et al.
We made a decision to bypass the very first two stages and run headfirst into cloud, benefiting from the advantages supplied by Azure, mainly, and AWS. Are going to more with less, benefiting from these platform-as-a-service (PaaS) options. But we wanted a method to ensure secure use of our cloud infrastructure and applications for the global operations.
What Business and Security Issues Were We Searching to resolve?
The bottom line is, we wanted fast, reliable and secure use of our cloud infrastructure driving our business and services, so we needed to make sure that we're able to rapidly debug and resolve customer issues. Before we deployed Palo Alto Systems VM-Series Virtualized Next-Generation Firewalls, we faced two key security challenges.
Insufficient centralized cloud access management
We create pods - basically an accumulation of cloud sources needed to produce a service and run our solutions. With every pod, we spin up an online machine (VM), which functions as jump host and provides operations teams accessibility pod. Today, we've over 100 pods, and every pod access 's time and resource intensive. The present access management model doesn't provide visibility or control and stays an origin hog. A lot of time is wasted, as well as in business, time wasted is money lost.
Slow, insecure and hair-pinned cloud access model
We enforce centralized Virtual private network usage for being able to access cloud sources. Our users and employees would undergo our corporate office to enable them to interact with single sign up (SSO). Then, they'd connect in the corporate office towards the data center. Given we is global, with users and branches in India and many other nations, this introduced latency and slow connectivity in to the system. As a result, we couldn’t effectively trobleshoot and fix, also it grew to become more and more hard to run the company.
Palo Alto Systems VM-Series: A Decentralized Access Gateway to Cloud Sources
That old method of doing things simply wasn’t working. So, we spearheaded an initiative to build up an architecture where operations teams weren’t needed to route with the corporate office in addition to eliminate the requirement for an increase host in each and every pod. In the centre of the new security design sitting Palo Alto Systems VM-Series. We deployed the GlobalProtect subscription on the VM-Series Virtualized Next-Generation Firewalls to do something because the access gateway, and we’re using Panorama because the centralized security manager. Since the VM-Series connects straight into Azure AD for central user termination, we can now manage access and employ just one identity source. Further, we gain granular visibility, control and the opportunity to segment and isolate pods from one another.
Clearly, there are many cloud firewalls available for sale. We chose Palo Alto Systems for several distinct reasons:
- Palo Alto Systems VM-Series has native integration with Azure AD. The combination with Azure AD within the cloud was crucial for Apttus. We’re in a position to centralize charge of all user on/off boarding with Azure AD SSO, including activity and audit trails.
- The opportunity to manage the firewalls centrally through Panorama was hugely advantageous. Managing all firewalls is important to help keep configuration condition and all sorts of firewall program current. The VM-Series also integrated with this SIEM system for further security monitoring.
- The VM-Series is deployable through infrastructure as code (IaC). Our cloud infrastructure deployment is performed as “infrastructure as code.” We’re in a position to programmatically decouple and deploy the VM-Series, together with all of those other infrastructure components, within the cloud in a few minutes. It establishes an idempotent practice across all of our regions.
If Little Else, Remember These 3 Key Things
When I pointed out earlier, we dove headfirst in to the cloud running our apps on cloud-based modern infrastructure. So we depend on Palo Alto Systems to allow us to rapidly and safely drive our business forward. While you consider your security and business evolution, I wish to give you a couple of key ideas and suggestions:
- With security, separate operations from this: Should you not, you’re prone to sacrifice around the agility gains the cloud affords. It isn't necessary to undergo exactly the same paper processes on sides from the fence. This is also true for big organizations where it might take days, or perhaps several weeks, to completely mix the t’s and us dot the i’s.
- You are able to scale peace of mind in cloud. I implore you, its not necessary as numerous access points (or Bat-Signals as I love to make reference to them) to get involved with the body rapidly and safely. Make the most of cloud-native services like Azure AD - it had been created to scale. It is simple to authenticate your users inside the cloud - no connection to on-prem needed.
- Choose security choices that may be managed as IaC. We’ve had positive results with Palo Alto Systems using infrastructure as code. We achieve high amounts of security, low latency and improved time for you to resolution for customer care.
No comments:
Post a Comment