Simplicity, Courtesy of the CloudJune 24, 2015
Simplicity is the holy grail of the technology products of our time. “Can’t it just work?” is the prayer of end users everywhere. Simplicity is also at the epicenter of the Cloud revolution. The days of complex and risky enterprise software implementations are now fading from our memories.
Pioneered in the area of business applications, a small startup, salesforce.com, has challenged enterprise software giant, Siebel Systems and its alliance with system integrators and their army of consultants. Salesforce.com primary message was “no software” – a promise of “business value” without the “technology hassle”. At first, only businesses with few sales people adopted this new platform. Setting up a “real” customer relationship management system was simply beyond their capabilities. Over time, enterprises with large sales teams and mission critical customer data have placed their trust in salesforce.com. Siebel was acquired by Oracle for $6B, and salesforce.com has recently entertained a $50B takeover offer.
Simplicity had won.
Many technology companies had followed the path blazed by the early Cloud leaders. Every realm of enterprise IT, from business applications to infrastructure, now sports a cloudy overcast. I had the privilege of working at Trusteer, an IBM company, which had pioneered Cloud-based financial fraud prevention. The Cloud enabled fraud prevention at a speed, agility and effectiveness that were unimaginable just few years prior. The customers experienced only the “value” not the “product”. Simplicity had won, again.
Closer to the world of IT infrastructure, we are witnessing an arms race between first-mover Amazon Web Services and challengers Google, Microsoft and IBM to dominate the data center of the future. Cloud-enabling the full technology stack (compute, storage, network) is on its way as software virtualization devours proprietary hardware/software platforms and spits them out as Commodity Of The Shelf (COTS) hardware running agile software. This all-new software-centric stack is placed into an elastic Cloud platform where is can rapidly evolve and transform to meet emerging business needs.
The IT industry as a whole is forced to think Simplicity. Legacy contracts to run complex networks with a hodgepodge of products “owned” by locked-in customers are crumbling in the face of a swift change in the IT landscape.
How could Simplicity courtesy of the Cloud look like for IT Security? I see five impact areas: plumbing, management, software, intelligence and expertise.
Network security plumbing is complex and mission critical. For the most part it sits “in line” and can seriously disrupt the business if it fails or maxed-out. Fault tolerance, disaster recovery and high availability are just some of the considerations. The Cloud encapsulates the plumbing , and the underlying platform scales elastically, as more security capabilities are delivered and more users need to be secured. This is one of the key challenges with the current appliance-centric approach where the customer “owns the product” – what we dubbed the “appliance straightjacket”.
Managing this physical infrastructure introduces another point of failure. Network topology must be understood, and policies created to match it. This is a weak link that leads to misconfigured and outdated rules that could result a disruption in service. Organizational changes, like M&A, introduce new equipment and the need to merge incompatible systems. With plumbing hidden and independent of a specific physical location, the Cloud isn’t subject to organizational boundaries. Policies can be fewer and service standardization can be achieved faster and easier than product standardization.
Security software must be uniquely adaptive. Rapid shifts in attack vectors require security capabilities to evolve or die. One of the hallmarks of Software-as-a-Service (SaaS) is rapid adaptability. It simply can’t be matched by solutions that bind software and hardware together in multiple locations where the customer owns the product and the responsibility to keep it up to date. Outdated software makes networks vulnerable but even a dashboard full of bright red vulnerability scan results still requires an overworked admin to take action (sometimes many times over) to keep a security solution up to date.
Intelligence is the other side of the adaptability coin. Intelligence provides the insight to adapt security solutions to defend against emerging threats. When buried deep inside customer networks, this information has little value. Shared across multiple organizations in the Cloud, threat intelligence access is simplified so it can be quickly analyzed to detect new attack patterns and techniques. Yes, some are concerned about data privacy, but measures can be taken to anonymize data. Without sharing threat intelligence, we are crippling our own defense as nation-state and other actors increase the speed and sophistication of their attacks.
The Cloud also creates an opportunity to share expertise. Security vendors and service providers can apply teams of experienced experts to analyze threat intelligence and create countermeasures. It is virtually impossible, even for the largest organizations, to match that capacity which can be used to support hundreds or thousands of organizations. Shared expertise brings to bear the largest amount of skills at the highest utilization and lowest possible cost.
The Cloud enables enterprise IT to rethink and ultimately recreate a network security architecture that is simple, powerful and can effectively provide secure business productivity for organizations of all sizes.
Cato Networks will lead this Cloud-driven transformation. If you want to build the next big thing in network security – join our team. Or, if you feel your enterprise network security architecture needs a new vision – join our Beta.