Point of View From Valtix CEO and Co-founder, Vishal Jain
When enterprises first experimented with the cloud, developers using what the cloud provider made available for security was fine – it was an experiment. When enterprises started lifting and shifting apps/workloads, it was acceptable to lift-and-shift security – using old approaches but applied to the cloud (i.e., virtual appliances).
But looking at cloud, re-factored or born-in-the cloud apps and workloads, all of the existing approaches become cumbersome at best and broken at worst. They miss out on cloud agility, scalability, enterprise security capabilities, and multi-cloud support.
More and more, I have the same conversation with cloud security architects at our prospects and customers. Piecemeal security architecture built over the last 5-10 years slows down the business, and is less secure than a more integrated approach. For example, working with a Fortune 1000 data-as-a-service company, we found that security tools negatively impacted customer account provisioning – taking many more hours than it should. The result: poor customer satisfaction and a negative perception of security with business leaders.
Organizations have knit legacy approaches together, resulting in an unsustainable solution. Ultimately, this will result in a competitive disadvantage when their competition gets security in the cloud right.
But why are network-based controls so important for cloud security?
- The network is the common ground – it’s the only thing that touches everything, enabling visibility and control for any app architecture
- The network is high-leverage – gains the most visibility and control with the least amount of disruption for the largest number of apps/workloads
- The network is central to regulations and standards – Policy and compliance (e.g., PCI, HIPAA, corporate standards) are already geared towards network-based controls (e.g., firewall, WAF, IPS) – in some cases specifically naming network-based controls explicitly in the regulation or standard.
For many organizations, the combination of unsustainable operations and a competitive imperative has them looking for a fresh approach – a blueprint for secure cloud networking.
What’s Needed? A Change in Thinking About Security and Networking
The old way of thinking of networking and network security as separate “boxes” or as functions that organizations implement separately and discretely doesn’t work in the cloud. Sure, it can be done expensively and with a lot of pain operationally, but the bigger issue is that managing networking and security in silos isn’t secure. Network security absent a degree of control over networking, nearly guarantees significant gaps in the ability to secure cloud apps and workloads. If the cloud network can change independently without the network-based security adapting (or even seeing), gaps open up over time.
The lack of integrated networking and integration of cloud constructs are prime reasons the traditional NGFW virtual appliances don’t work well in the cloud. In the cloud, networking is no longer static like it used to be in the datacenter. And why Palo Alto Networks even went to the extreme of releasing its Cloud NGFW despite many flaws in its architecture.
Conversely, there are many “intelligent” cloud networking vendors claiming that they are security solutions. The reality is, they pay lip service to security – providing basic firewalling or requiring the purchase of yet another security solution to augment. This addresses one aspect of lift and shift, but the security problem remains.
We recently replaced a leading multi-cloud networking vendor at a large installation because this particular vendor wasn’t built for cloud scale, and like other cloud networking vendors didn’t truly deliver security.
Thinking of networking as a critical component of cloud security is the change in thinking we see enterprises making. To put it another way, it’s a security flaw to separate networking from security in the cloud. Unless coupled, even a minor networking change could mean all of your best-intentioned security controls quickly become bypassed. Secure cloud networking brings together these once separate functions into a single homogeneous cloud service.
Secure Cloud Networking Has Three Parts – Security, Cloud, and Networking
To effectively secure cloud apps and workloads using the network, there are three major areas of function that must come as an integrated system:
- Security – the full suite of security capabilities enterprises have come to depend on – otherwise, why bother with any of this?
- Cloud – integration with cloud constructs, but most importantly, the ability and agility to scale and change with apps and infrastructure without intervention
- Networking – capabilities mean that security can be effective, typically across clouds, without expensive manual intervention.
That brings us to the blueprint. A single approach to secure cloud networking is essential for enterprise to secure cloud apps and workloads sustainably, at scale, with a single approach to operations across multiple clouds.
Valtix Is the Secure Cloud Networking Platform
With the idea of a single workflow and single policy across multiple clouds, Valtix has built a platform for Secure Cloud Networking. Using a combination of cloud-native approaches (SaaS control and management, distributed PaaS data planes), Valtix integrates a cloud-native approach to security with relevant control over networking to ensure effectiveness of that security. Organizations can deploy a single workflow, single policy platform across multiple clouds and multiple security functions that maintains itself without regular manual intervention to scale or adapt to change.
Using this approach to Secure Cloud Networking, Valtix serves:
- Cloud folks with cloud native agility and operations
- Security teams with enterprise capabilities and strong policy; security effectiveness by integrating connectivity/networking
- Networking teams by facilitating integration of networking and security – removing needless headaches
We believe this type of approach to Secure Cloud Networking meets enterprise needs in dynamic cloud environments now and going forward. The integration of cloud-native constructs and automation with cloud network security and multi-cloud networking enables enterprise-grade multi-cloud security at cloud speed and scale. Which is what customers have been talking to Valtix about and we’re happy to deliver. Thanks for reading!
