Cloud, SDN and micro segmentation: my predictions for the year ahead

Exactly what to expect in 2018 is virtually impossible to predict, but here are some key themes that I expect to drive important advances in infosec in 2018.

Multi-cloud usage will grow

Most organisations have already adopted the cloud in some form:  according to RightScale’s State of the Cloud Survey, 95% of enterprises were using cloud in early 2017.  The survey also revealed that 85% of enterprises have a multi-cloud strategy, up from 82% the previous year.  Of those enterprises with a multi-cloud strategy, 58% were using hybrid cloud;  20% using multiple public clouds; and 7% multiple private clouds.

I believe that multi-cloud usage will continue to grow, with enterprises having increasingly hybrid environments, composed of a mix of on-premise networks together with public and private cloud deployments.

But as our recent ‘Hybrid Cloud Environments: The State of Security’ survey showed, organizations are facing major security challenges when migrating applications to hybrid cloud environments, and managing those environments post-migration.  These problems result from a lack of visibility into their environments, and from the complexity of managing a wide range of security tools and policies consistently.

As such, enterprises will need to utilize solutions that can automate security policy management processes holistically across their on-premise, public and private cloud environments – from application discovery and migration, to change management and decommissioning.  This will help to ensure that security, compliance and business agility is never compromised.

SDN’s agility continues to evolve

The adoption of software defined networks (SDNs) by enterprises is set to continue: IDC predicts the SDN market will continue to grow at over 25% year over year to 2021. And with good reason, as it delivers multiple benefits to organizations. These include stronger security, with SDN’s advanced data center network segmentation capabilities; and the ability to make rapid network changes when they are needed, such during or in response to a security incident.

I believe this ability of SDN to offer fast, agile and intelligent deployment of connectivity – such as when migrating a new application, or when isolating or re-routing network traffic if a problem occurs, will be another important emerging use case over the coming year.

Of course, the flexibility offered by SDN means that managing security across software-defined environments can be complex, making it hard to get complete visibility and control over them – which in turn runs the risk of human errors being introduced. I blogged recently about these issues, and described four key tips that can help to address them.

Mapping will be critical for effective micro-segmentation

We mentioned above that microsegmentation is a key security strategy for SDN-based data centers.  But deciding exactly where to place the boundaries that separate those microsegments isn’t always easy – careful mapping of the existing application flows within the data center is needed before the segment borders can be determined.

There are VMware NSX- and Cisco ACI-specific tools that can help with this process, but in multi-network, multi-vendor environments, the process can quickly become very complicated. As such, the ability to accurately discover and map application connectivity flows across hybrid environments will become critical if organizations are to reap the full benefits of agility and security from their SDN deployments. We’ll cover this subject in more detail in future blogs.

It will be interesting to see how these predictions will unfold over the year, but in the meantime, let’s hope for a more secure year ahead.