Last week, Cisco announced publicly that it intends to acquire Valtix. For Cisco, the acquisition of Valtix supports and is aligned to the Cisco Security Cloud vision for providing protection across multicloud environments with a seamless experience. This is super exciting for us, validating all of the work we’ve done with customers, investors, and partners – and validating all of the late nights and weekends too!
It’s a milestone on a journey that started 5 years ago, with our three founders looking at cloud and security, and seeing where it was going to go. We knew that after the initial, “throw out all of the rules, this is cloud” euphoria, enterprises would get serious about protecting their applications and workloads. In fact, we knew every enterprise would inevitably end up in not just one cloud, but multiple.
While we can take some credit for having foresight, there were MANY learnings and pivots along the way – namely that while enterprises wanted strong security, they also didn’t want to give up all of the advantages they had in the cloud (e.g. agility, predictability, cost, and automation).
Learning #1: Multi-Cloud Consistency and Cloud Agility Are Essential
The nature of cloud adoption in the enterprise was a little messy. Different business units went in different directions; developers went and did their own thing; and IT organizations bridged from existing infrastructure. Siloed security is bad security. As it came back together, enterprise cloud architects grappled with how to consistently secure AWS, Azure, GCP, and OCI (and private clouds too!) from a multicloud security perspective, which became a burning priority.
Valtix was always built to support multiple clouds. But that alone is not enough – enterprises have demanded a cloud-native way to achieve consistent enterprise-grade security. Support for all of the clouds also meant agility and support of each underlying cloud’s constructs for networking, security, and automation.
Learning #2: Visibility in the Service of Security
An important early learning that we had was around visibility – as we enabled network security enforcement points around the environment. Visibility was a focus for many enterprises, due in part to the messy adoption of cloud – first, an organization had to understand what they had. But not all visibility is created equally. Our learning was that visibility in the service of security was different from other types.
Learning #3: Every App Must Be Assumed Vulnerable
Another big learning for us, and really the entire industry came as a result of Log4j last year. Prior to that, many organizations assumed that what the cloud provider did to secure their own environment, app security, and identity management, good enough was good enough.
Log4j woke the industry up – highlighting the gap in the shared responsibility model. Security and cloud folks realized that even in the cloud, security controls outside the app were needed. It’s at that point that we saw a huge influx of conversations about how to use cloud security architecture to mitigate exposure via apps that were now assumed vulnerable.
Learning #4: Strong Security and Strong Networking Must Unite in the Cloud
The other thing we learned was the importance of networking to security. In the datacenter days, security operated within a relatively static network. In the cloud, networking is much more dynamic. Dynamic cloud networks can easily and unintentionally impact security effectiveness.
Our work with customers highlighted the importance of a degree of visibility and control over networking to ensure the continued effectiveness of network security. This understanding underpins our strategy and focus – what we called secure cloud networking in our recent blog. While some will say that strong security and weak networking is sufficient, others flip it around to claim weak security and strong networking can get the job done. Valtix and Cisco can now say that strong security AND strong networking are critical to securing enterprise apps and workloads in the cloud.
Why Does This All Matter?
Valtix takes a modern, multi-cloud approach to solving cloud security challenges. It centralizes and consolidates network security by provisioning distributed enforcement points across Microsoft Azure, AWS, Google GCP and Oracle Cloud Infrastructure – managed from a SaaS based and easy to use control plane. It allows customers to protect multi-cloud deployments at enterprise scale, but with a cloud-native experience.
Why is this all important? Cisco and Valtix are completely aligned on strategy and the market needs. Through Cisco, Team Valtix is primed to have an even more massive impact as an integrated component. I couldn’t be more excited about the union.