Our perspective on the latest Google Cloud announcement
Last week, Google Cloud Platform and Palo Alto Networks announced a GCP IDS based on Palo Alto Networks VM-Series. Also last week, Microsoft announced Azure Firewall Premium – which was in preview since February. We’ve now seen Azure, AWS, and GCP announce major network security developments. Does this mean that the three big cloud players are in the network security business? That they are going to drive innovation in netsec? No.
In previous technology regimes, infrastructure players didn’t drive security. Nor will they drive it here. The cloud players’ goals are simple – get more apps running in the cloud. What it does mean is that enterprises, driven by security and compliance, are demanding network security in the cloud. Therefore, cloud players need to remove this barrier to getting more enterprise apps into the cloud. So these developments aren’t strategic or differentiated, but a direct response to customer demand as enterprises shift apps to the cloud.
Drawing a conclusion from all of these developments – network security matters:
- The network is the common ground – the high-leverage point for all apps
- The network enables defense-in-depth and keeps threats away from apps
- Customized security in each app isn’t always possible, isn’t always consistent, and isn’t always cost-effective
At Valtix, we exist because we see the relevance of network security for cloud apps. And we saw the importance of doing it as a cloud-native service – otherwise, it’s just virtual appliances, which forgo many of the benefits of the cloud.
The irony of some of these approaches is that they are going backward (AWS is cloud-native, but basic firewall), GCP using virtual appliances. Palo Alto, the leader in network security appliances, not only needs a CSP to make their appliances feel cloud-native but also has stepped back from a tenet that defined their market – the inline approach being key to the next generation firewall (FW+IPS). Finally, given that most traffic worth securing is encrypted, that’s a bit of a gap as well – kudos to Azure on that one. But there is an open acknowledgment across all of these developments that netsec is important to enterprises in the cloud.
We see this in our business, more and more organizations return to the importance of the netsec function while acknowledging it needs to be re-implemented in the cloud. Every past major technology transition required a re-implementation of netsec – as the function continued to matter, but the implementation needed to change (e.g., Internet apps -> web apps broke firewalls, needed application identification beyond port/protocol). In addition, there is a huge day-to-day ops advantage of doing this as a cloud-native service. Furthermore, while there are those who view compliance as a checkbox, there are many organizations that actually expect their compliance spend to deliver security and visibility value beyond a checkbox. Finally, and this is where the cloud players look to companies like Valtix – most organizations intend to deploy apps in multiple clouds.
The bottom line is that netsec matters in the cloud, but so does the implementation – it has to be in the cloud too. I talked about this in a TechTarget article back in May: cloud-native, multi-cloud, full network visibility driving the deployment of netsec controls, encryption, and a single policy across functions. All still true, and will be so until the next generational shift in technology. There are now 3 cloud-native firewalls as a service: AWS, Azure, and Valtix. GCP/Palo Alto isn’t inline (and isn’t a firewall), so of the 3 – AWS is firewall-only for AWS, Azure is a broader set of firewall functions – for Azure, and Valtix is broader still – discover/deploy/defend across all of netsec – but is multi-cloud.
All of these cloud provider developments are a strong acknowledgment of the fact that netsec matters as much as it ever did, and it needs to adapt to the cloud world. We agree. As far as choices for enterprises, it’s pretty simple: if you are exclusively compliance-oriented and single cloud, each of the cloud providers now have cost-effective options. If you care about security or are multi-cloud, you should probably request a demo.