At Palo Alto Networks, we recognize that the shift to multi-cloud is the new operational standard, and we understand the profound security challenges this creates. Security teams face a daily struggle against fragmented visibility, inconsistent policies, and the unsustainable manual effort required to manage controls in multiple clouds.
To address this, our technical vision is to deliver a fully integrated platform that creates a unified security fabric, abstracting cloud complexity and delivering consistent protection everywhere. Powered by the just-announced PAN-OS 12.1 Orion operating system, our multicloud security fabric has been designed to tackle complexity head-on. Our approach combines four key capabilities, which we will explore in this post:
- Deep Visibility: To eliminate blind spots by discovering the entire multi-cloud estate.
- Intelligent Automation: To automate the entire firewall deployment lifecycle and complex traffic routing.
- A Unified Data Plane: To ensure consistent security inspection for all traffic moving between applications and across clouds.
- Centralized Management: To define and enforce one uniform security policy from a single point of control.
Foundational Visibility Through Comprehensive Discovery
Highly effective security starts with a complete, contextual map of your environment. Our security fabric begins by automatically discovering and mapping your entire multi-cloud estate.
- Deep Asset Discovery: Deep Asset Discovery: The fabric discovers all assets across your cloud environments, starting with applications—including VMs , Kubernetes clusters, and even AI applications and LLMs —and extending to the underlying network topology of VPCs/VNETs, subnets, and cloud-native gateways. This provides a single, unified view, eliminating the blind spots that exist between different cloud environments.
- Actionable Insights: This discovery process creates a dynamic topology map that provides immediate operational and security insights. It allows practitioners to visualize traffic flows and identify unprotected workloads, enabling them to add protection with a single click.
Comprehensive visibility across traditional and AI workloads is the foundation of effective risk management.
Fully Automated Deployment and Orchestration of Software Firewalls
Once you have a complete map of your environment, the next challenge is deploying consistent security controls at scale. To address this, we have automated the most complex and error-prone part of cloud network security: firewall deployment and traffic steering. Our solution provides fully automated deployment and lifecycle management for our software firewalls.
- Zero-Touch Firewall Lifecycle: Our solution provides fully automated deployment and lifecycle management for our software firewalls and integrated multi-cloud mesh gateways, moving beyond basic Terraform scripts to handle the entire process. This approach reduces the 20+ manual steps typically required for firewall insertion down to an automated workflow.
- Intelligent Traffic Redirection: The fabric's intelligent orchestration abstracts away underlying cloud-native networking complexities. It automatically programs routes to steer traffic from all workload types—including VMs, containers, and AI models—through the software firewalls for full security inspection.
While deployment is automated, configuration beforehand is simplified through an intuitive console.
Unified, High-Performance Data Plane
With security controls deployed consistently across your clouds, the focus shifts to securing the traffic that moves between them. To achieve this, our architecture provides a unified data plane that is independent of any single cloud provider. We build an automated network mesh that securely interconnects your application environments.
- Secure Network Mesh: We build an automated network mesh that securely interconnects your application environments. This ensures consistent security inspection for all east-west and cross-cloud traffic flows.
- Advanced Networking Capabilities: Our fabric introduces critical networking capabilities such as the creation of end-to-end macro-segments. This enables a consistent Layer 3 segmentation strategy across your entire multi-cloud footprint.
With one-click, a secure multicloud security fabric is installed across public and private clouds, ensuring immediate and consistent protection.
Centralized Configuration and Management via Strata Cloud Manager
With the fabric deployed and interconnected, the final architectural pillar is unifying configuration and management. The entire security fabric is governed from a single point of control, Strata Cloud Manager (SCM). SCM allows you to define and enforce one uniform security policy across the entire fabric.
- One Uniform Policy: SCM allows you to configure and enforce one uniform security policy across the entire fabric. These policies can leverage rich context, including user, device, and application identity, to enable enterprise-wide Zero Trust.
- Simplified Day-2 Operations: We provide a suite of advanced management tools designed for complex multi-cloud environments. Practitioners can also gain cross-cloud session insights, and use a drift detector to identify risky configuration changes. These capabilities dramatically reduce troubleshooting time and effort.
What’s Next?
Understanding your specific risk posture is the critical first step in securing complex multi-cloud environments. We invite you to sign up for a complimentary risk assessment with our CLARA tool to gain a data-driven view of your multi-cloud attack surface and quantify your security risks.
