Man holding a virtual padlock icon showing how SDP provides better protection when moving data into cloud

Data Protection Is Better with Software Defined Perimeters and Smart Endpoints

Concerns about data protection/privacy—specifically disaster recovery (DR)—are driving many companies to seek cybersecurity in the cloud. While the cloud is often associated with security challenges, the fact is that when it comes to disaster recovery, the cloud offers quite a few advantages over on-premises options, the top two of which are:

  • Companies can keep backups separate from their home office, to be more easily recovered in a disaster like a fire, flood, or earthquake.
  • Cloud-based DR helps avoid the steep storage costs and high overhead—as well as the complexity—that goes hand-in-hand with on-premises disaster recovery and physical infrastructure expenses.

What is it, though, that helps ensure success when moving data into the cloud for DR? It boils down to the way that companies go about actually connecting their on-premises source systems to the cloud-based counterparts they are targeting. Organizations have two main choices here to achieve this connection: virtual private networks (VPNs), or a relatively new player: software defined perimeters (SDPs).

Connection conundrum

The fallback choice to achieve this connection is often VPN, since this has been the go-to when linking physical locations remotely (on-premises use cases). They still can work fine for on-premises, but when the cloud is involved, VPNs have become quite outdated, even antiquated—especially for DR.

The folly of this approach can be clearly seen by examining the number of data breaches that have continued to occur repeatedly in recent years. These now ubiquitous hacks are often linked back directly to VPN security flaws—as one recent example, NordVPN, a popular VPN service provider, admitted at the end of 2019 that it had been hacked. That incident was just the tip of the iceberg, as MarketWatch recently reported.

VPN’s approach—the “castle drawbridge”—leaves too much of a company’s network exposed and vulnerable. It’s common in this scenario for lateral network attacks to occur as potential ill-doers traverse the network, with easy access to a company’s sensitive data. Some countermeasures can help, such as access control lists. Firewall policies are another way to help mitigate the security vulnerabilities of VPNs. But there are no simple solutions, as VPNs require ample maintenance and updating for just basic connectivity, which can drain IT staff and resources. They’re complex, too, when it comes to configuration. In short, VPN is simply not agile enough for a critical app like disaster recovery.

The SDP solution

Fortunately, there’s now an alternative to resolve this connection conundrum. It comes in the form of a more intelligent endpoint approach offered by SDPs, which were specifically designed for cloud use cases—including hybrid and multi-cloud environments, which require speed and flexibility—and thus circumvent VPN’s shortcomings in this arena. This means that SDPs help enterprises keep their data secure, so that they can take advantage of cloud-based disaster recovery and be safe whether their deployment is on-premises or in the cloud.

SDP software turns the network-exposing nature of VPNs on its head, restoring time and resources to the organization. By shifting perimeter defenses to the software of the cloud DR application, infiltration becomes impossible. For instance, say you want to migrate on-premises data to the cloud from MySQL for disaster recovery. An SDP-enhanced solution ensures that there are only perimeters between this specific pair of application endpoints. But with a VPN in this scenario, the rest of the network is exposed. The primary distinction comes down to the fact that SDPs decrease the potential attack surface on the network while avoiding the headaches of access control lists and firewall procedures.

SDPs give you smart, secure endpoints that synch with the changing business requirements for today’s revamped disaster recovery needs. Hybrid and multi-cloud environments require adaptability, and SDP offers this and more. By shifting from the old guard of VPN to more modern, cloud-based DR software supported by SDP, cloud deployments become the perfect solution for disaster recovery and other data protection challenges.