Recently, CSPM vendors have started partnering with CWPP vendors (here & here). This highlights enterprise demand that we at Valtix have seen as well – it’s necessary to understand what workloads you have and how they are configured, but the next step for many is to actually protect those workloads. In this blog, we’ll talk about the evolution of thinking about security in the public cloud and how that has impacted implementation, and further – how Valtix is now in the sweet spot for the growing demand for cloud security from enterprises.
Because of the way many organizations initially adopted the cloud (distributed and experimental), most organizations struggled to figure out what they had in the public cloud and how it was configured. As cloud efforts became more centralized – or at least more coordinated – the first step for many was to gain visibility and understanding of resources and risk. So Cloud Security Posture Management (CSPM) was top of mind as enterprises wrapped their arms around their cloud deployments. But it wasn’t just a nice-to-know effort, as once understanding was gained about the posture of a given workload, the expectation was that something would be done to secure it. And CSPM enabled enterprises to identify and fix vulnerabilities and misconfigurations faster (bringing shift left to security patching and config).
At the same time, widespread vulnerabilities like Log4j/Log4Shell reminded enterprises of a lesson learned in the on-prem world – it takes a while to patch stuff. The more stuff you have, and the more critical its availability is, the longer it takes. The takeaway for many was that defenses outside the app are necessary in the cloud. This is the dynamic that many enterprises are dealing with and the dynamic these partnership announcements are attempting to take advantage of.
The Network Is the Common Ground
The most universal place to put defenses and controls is the network – without exception. Every app or workload touches the network, regardless of the underlying architecture involved. Security and defense at the network can protect everything in an enterprise environment.
The on-prem way of thinking would have enterprises placing virtual network security appliances in cloud environments. But many organizations we’ve spoken with have tried to do just that and failed as appliance-based network security has two issues: first, the appliance model of management fails to fit well into cloud operations. Second, appliances were designed for a relatively static network – which isn’t the case in the cloud.
Doing security well at the network requires addressing both of those issues. First, any security capabilities in the network have to operate in concert with the cloud management model – agile, auto-scaling, and service-based. Second, network security has to have a degree of visibility and control of networking – without it, that dynamic networking environment can quickly eliminate any assurance that workloads are being protected. All of this must happen while delivering best-in-class security capabilities (decryption/encryption, access control, threat prevention, app protection, etc).
This is what Valtix does. Focusing on protecting cloud workloads and data in the most universal, cloud-native way possible. We think it works better than knitting together less-universal approaches from multiple vendors. Our customers do too.