A quarter of organizations are struggling to maintain strong, consistent security policies across corporate data centers and multiple cloud environments. This is the finding of a recent research report by Enterprise Strategy Group, an integrated IT research, analysis, strategy, and validation firm that provides actionable insight and intelligence to the global IT community. While 25% might seem high, the figure is not too surprising since the report also found that 70% were using separate controls to manage their cloud and on-premise environments.
Given the well-known operational differences between traditional security controls—firewalls, network access control lists, VPNs, etc.—and cloud alternatives, it hardly seems surprising that, in porting applications to the cloud, organizations have inadvertently created a great deal of complexity throughout their security infrastructure. Now, they have to figure out how to manage security policies cohesively across their on-premise and cloud environments.
How did it come to this?
The unwelcome journey to cloud-security complexity
ESG analyst, Jon Oltsik, observes that the complicated situation was created as soon as organizations embraced the public cloud. Security teams were simply expected to adapt existing network security policies to cloud deployments to ensure that the policies were consistent with the existing on-premise infrastructure. While management expected the adaptation to be straightforward, the reality was far more challenging. Oltsik describes the nature of the problem as “a technology mismatch as security controls built for physical and virtual servers were too inflexible to service the public cloud”.
To overcome the mismatch, organizations began learning and utilizing cloud-native controls and associating policies with them to create a custom security infrastructure for their cloud deployments. However, this approach created an entirely new set of problems. Security teams now had to maintain different controls across different infrastructures while trying to ensure consistent application of security policies across all of them.
The result became today’s growing sprawl of complexity, forcing security teams to build and maintain security policies across multiple disparate cloud platforms in addition to on-premise environments and virtual servers. This state of security-policy affairs is clearly unsustainable and detrimental to any organization’s security posture. No surprise that ESG’s research found that 70% of organizations plan to unify security controls across all server workloads, both public cloud and on-premise resources, over the next two years.
Consistent security for all
The good news is that the goal of unifying security controls is achievable. By employing the proper network security policy management (NSPM) solution, IT, cloud, and security teams can gain clear, holistic visibility across all network environments – on-premise and private and public clouds – enabling unified management of all on-prem firewalls and cloud-security controls. Security policies can be applied consistently from a single pane of glass using a uniform set of commands and syntax without requiring disparate management tools for different deployments.
An advanced NSPM solution goes beyond unified management in heterogeneous environments. It also empowers security teams to automate and orchestrate change processes consistently across a complex mix of security controls, eliminating the risks that arise from error-prone and inefficient manual processes.
Complexity is the enemy of security
The hybrid environments that organizations are increasingly creating introduce plenty of complexity into their networks – and even more into their security posture. But by utilizing a central NSPM solution that provides complete visibility and unifies and automates security controls across the entire network, organizations can simplify their security management, making it accurate, efficient, and responsive.
As Jon Oltsik of ESG observed: “The future of network security is all about central policy management.”
Receive notifications of new posts by email.