Stories from the Field: Hybrid is the new normal

How do organizations go about managing their cloud and on-premise environments holistically?

I recently sat down for a Couch Talk session with our Product Marketing Manager, Yitzy Tannenbaum, to discuss my experiences working with hundreds of companies globally across a range of sectors, and how their approaches to security compare and contrast with each other. We discussed the changes I’m seeing in enterprise security, and how these diverse organizations manage security across their complex network environments. Here are some of the highlights from our chat.

Cloud computing touches everything…

Every single customer I work with has decided to move to the cloud in one shape or another. Some of their business applications are being migrated from the perimeter of the traditional data center to the cloud and software-defined networks (SDN). Traditional campus, on-premise network is gradually shifting to cloud or hybrid deployments. These hybrid deployments require complex policy sets, furthering the need for network security policy management solutions.

…and this makes security more complex

Traditional cloud vendors such as AWS and Azure incorporate built-in security controls at a low or even no cost, and they are very effective – up to a point. However, we do see organizations introducing traditional third-party firewall vendors typically at the Virtual Private Cloud (VPC) or VNet level to achieve higher level filtering and control. This is what those firewall vendors are good at – providing the higher degree of control required to segment between larger networks or VPCs within the cloud environment.

This means that organizations are juggling a combination of native, cloud and on-premise security controls, which are managed by very different people with very different interests and, traditionally, working at very different speeds. The cloud, as we know, is hugely dynamic and moves at a breakneck pace.

Getting control of security

As such, we are seeing organizations begin to change their security resourcing. Many of our clients now have dedicated cloud security teams in place, while others have pushed the security control sets to DevOps personnel – the teams which are responsible for pushing new code into the cloud. However, this can risk a ‘Wild West’ style scenario, whereby the teams who have a vested interest in connectivity in the cloud – in order to enable their applications – are also the teams responsible for security control sets.

From there, the risk becomes obvious. DevOps personnel who may not have a security background may be less likely to manage cloud security in ways that line up with overall organizational governance. This why traditional security teams are so keen to gain visibility into the cloud, so they can regain control.

So, a major networking and security challenge for today’s organizations is breaking down these effectively siloed processes whereby cloud and DevOps personnel are making changes in the cloud very quickly – perhaps by approaching the APIs and the cloud providers directly to make those changes.

However, the connectivity which needs to take place in the on-premise environment, to ensure that all applications continue working, are still happening via cumbersome manual traditional firewall change processes. This can easily result in connectivity failures for applications that span on-premise and cloud environments – in our May 2019 survey of cloud security challenges, 42.5% of respondents had experienced a network or application outage, and the leading cause was operational or human error in managing security devices. This is why organizations are increasingly looking for solutions such as AlgoSec’s which give a holistic overview and control across all of these environments, from a single platform.

Enterprises need the ability to look at cloud, on-premise, and SDN in one place, and understand the connectivity provision for key applications across all these environments in one go. They cannot interface with different processes and different technologies. It’s too cumbersome and complex.

Stay tuned for my next blog with stories from the field, covering what the typical day looks like for IT and networking staff in large organizations!

Interested in learning more? Click HERE to watch the full CouchTalk video with Kyle and Yitzy.