Virtualization Technology News and Information
"Elastic Security" is Key to Securing a Multi-Cloud World
Written by Dr. Ratinder Ahuja, CEO, ShieldX Networks

What we all witnessed in the last few years is that as enterprises adopt multi-cloud architectures for agility, they are seeing immediate value for themselves and for customers in day-to-day business operations. However, one area that remains stagnant is security. Unfortunately, the security industry is behind the curve when it comes to cloud innovation-- which creates several problems, namely:

  • The emergence of an expanded attack surface, also called the East/West security problem for the multi-cloud
  • A lack of visibility and control along the multi-cloud axis
  • An increased security Total Cost of Ownership -- IT reduced Total Cost of Ownership by leveraging clouds 
  • Domination by the concept of "containment" rather than "enablement"

These problems are difficult to solve because traditional network-based security appliances are a poor fit for the era of cloud computing, as they lack performance, scale, automation and orchestration and often become a hindrance to the agile promise of the cloud.  Worse, in the multi-cloud world, security teams are even more divorced from the infrastructure and application teams that treat compute storage and network as code. Meanwhile, security deployment is still by and large a manual operation.

An ideal security solution to these challenges would be to enable "elastic security" -- the same thing IT teams want from cloud computing.  With an elastic security methodology, organizations can discover assets and present them in a business application or risk view to the security team. In addition, teams have the ability to suggest and capture the security intent and desired posture of the security team. By transforming that intention into actual policy and controls across the multi-cloud environments with full automation and orchestration, organizations will be able to keep intent consistent as the cloud environments inevitably scale and change.

To make elastic security work in the real world, it is up to the user to indicate the desired security intention, which includes:

  • Detecting threats inside virtualized datacenters comprised of workloads on virtual switches that may be dynamically configured
  • Protecting the data center from public cloud links using access control and threat propagation
  • Microsegmenting, on demand and elastically scaling, any sets of workloads that appear in Azure 
  • Providing threat prevention, malware prevention and data loss prevention
  • If internet-facing, providing appropriate access control

As we move forward in the cloud era, security needs to focus on defining the appropriate security intent and have cloud generation systems that transform that intent into actual policy and controls with automation and orchestration. This approach would dramatically increase our security posture and reduce Total Cost of Ownership. 

Unlike the old way that produced "restriction and chokepoints," the new way enables elasticity, nimbleness, and flexibility in computing. Ultimately, an elastic security approach would mean security is the easiest thing you do in the cloud.


About the Author


Ratinder leads ShieldX as CEO, drawing from a career as a successful serial entrepreneur and corporate leader, bringing with him his unique blend of business acumen, industry network and deep technical knowledge.

His previous three founded startups, Internet Junction, Webstacks and Reconnex were acquired by Cisco Systems, Extreme Networks and McAfee, respectively, where he subsequently served as Chief Technology Officer and Vice President of the Mobile and Network Security Business Units. His knowledge of innovation and emerging trends in networking, network security and data loss prevention are derived from years of industry experience. Dr. Ahuja holds a BS in Electronics & Electrical Engineering from Thapar University, in India and a Masters and Ph.D. in Computer Engineering from Iowa State University. Dr. Ahuja has been granted 37 patents for security-based technologies, and has presented in many public forums including the Content Protection Summit, IC3, IEEE Computer Society, McAfee FOCUS and the Cloud Expo.
Published Monday, October 08, 2018 7:35 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2018>