Adaptive Segmentationmicro-segmentation December 20, 2019

Secure Data Center and Cloud Transformation: Gartner IOCS Highlights

Sam Rastogi,

Last week, I attended the Gartner IT Infrastructure, Operations, and Cloud Strategies Conference in Las Vegas. The key theme of the show was "Enabling the future for IT Infrastructure – Everywhere." Gartner talked about how Infrastructure and Operations (I&O) teams are changing to enable the business to move faster and quickly deliver new applications and services anytime, anywhere.

Gartner mentioned that Public Cloud and IoT (as well as availability of 5G networks) are influencing how workloads will be deployed in the future. Data and applications will become increasingly distributed and hosted at the edge – where it is needed, saving bandwidth and minimizing response time – in the data center, and in multi-cloud environments. The infrastructure is now extended everywhere since enterprise-generated data and applications will be created and processed inside and outside the data center and in multiple clouds.

As a result, organizations will continue to embrace the idea that "hybrid cloud is here to stay" for the foreseeable future or at least for the next six years! A report we recently released arrived at the same conclusion, with 71% of respondents saying they rely on data centers and often multiple clouds working together.

What was Gartner saying about security?

I attended a couple of sessions from Neil MacDonald, Distinguished VP Analyst (@nmacdona), where he talked about how organizations can better protect their application workloads and cloud native applications.

In the session, "Strategies for Securing Workloads and Information in Public Clouds," Neil explained different approaches for securing cloud workloads across Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) environments. He talked about how today’s dynamic workloads are ephemeral as they move across on-prem and multi-cloud environments and require effective security measures like Cloud Workload Protection Platforms (CWPP) to deliver consistent workload protection regardless of locations or size in order to properly secure IaaS environments. Per Neil, the better CWPP vendors have built-in support across all major public clouds and also work well within on-premise data centers. He highlighted Illumio as one of the CWPP vendors for micro-segmentation. He also pointed out how organizations can benefit by deploying whitelist technology to enable effective micro-segmentation or granular enforcement for workloads across East-West traffic and in multiple public clouds. 

The following day I attended another session, "Security Patterns and Best Practices for Securing Cloud Native Applications," where Neil focused on a few approaches organizations should utilize to secure cloud native applications across container and serverless deployments. He again highlighted Illumio as one of the CWPP vendors for containers that support hybrid deployments. Beyond that, Neil talked about how these vendors should have a robust set of APIs for automation into DevOps and orchestration and provide flexible subscription licensing models.

I also attended a joint session from Sanjit Ganguli, VP Analyst, and Josh Chessman, Sr. Director Analyst (@joshchessman), "Network Operations and Security Operations: Shared Use Cases with Common Tooling." It was an interesting session that compared the common shared tools and requirements for network operations and security operations teams. Sanjit talked about the silos between both teams and how the convergence of common network and security operation tools is already happening today – and is forecasted to grow significantly: Over the next three years, 30% of network and security operations teams will have aligned security and performance goals up from 1% today.

Sanjit coined the term "NetSecOps" to describe the common workflows between network and security operations teams. Josh Chessman addressed three common tools for NetSecOps, which included Network Traffic Visibility, Network Configuration Management, and Secure Access Service Edge (SASE). Illumio was mentioned as one of the vendors for Network Traffic Visibility. Sanjit commented that network and security operations teams should use shared tools for overlapping network visibility use cases such as network performance monitoring and diagnostics, network traffic analysis, and micro-segmentation to quickly troubleshoot, identify the root cause of network or application problems faster, and enable effective security enforcement across the network.

So What is Illumio's Point of View?

I spoke with a number of attendees at the Illumio booth in the expo hall.


They were interested in learning about Illumio’s different approach to segmentation – at an architectural level – by decoupling security segmentation from network infrastructure. To learn more about this approach to segmentation, please read Katey Wood’s blog post, "Divide and Conquer: Why It’s Time to Unlock Security From The Network."

Ultimately, security is a key business enabler for organizations who are on a journey towards data center and cloud transformation. Illumio is a part of this journey and helps prevent the spread of breaches and achieve regulatory compliance through real-time application dependency mapping and security segmentation that works in any data center and cloud environment (AWS, Azure, GCP, etc.), giving you:

  • Consistent security across all of your application workloads – bare-metal servers, VMs, containers.
  • Security that follows your workloads across on-prem data center and multi-cloud environments.

Micro-segmentation is a key approach to enable effective protection of your applications hosted on-prem or in the cloud, as well as your cloud native applications in the public cloud. Our unique approach makes segmentation easier, faster, less risky, and results in lower overall cost to deploy and manage security across your hybrid cloud environments.

Adaptive Segmentationmicro-segmentation
Share this post: