BLOG / Illumio

We Should Have Done This Years Ago: A History of Decoupling

authorOctober 14, 2019

Breaking up isn’t always hard to do. Sometimes things run their course, and a relationship outlives its usefulness. Our only regret is not realizing it sooner!

Remember toll plazas?

We used to have to pay tolls in cash to collectors at checkpoints on highway and bridges. It was a terrible bottleneck. Highways are there to get you where you need to go quickly. Tollbooth checkpoints are the opposite of quick. They just slow everyone down.

Enter E-ZPass! Now an RFID chip in a plastic box on your dashboard seamlessly pays the toll for you from the privacy of your car. 

RFID and the Internet of Things decoupled toll collection from highway tollbooths. There was a more efficient way to do things. The same holds true for using the network to perform segmentation. It’s the wrong place to do the job, especially as more compute moves outside the network (or the software-defined network) to the cloud.

The network, like the highway, is designed to move packets quickly, even routing around local outages. Segmentation has the exact opposite goal: isolate communications across the network. Just as using the physical highway infrastructure to collect tolls creates traffic jams and defeats the purpose of rapid passenger delivery, trying to do segmentation with network infrastructure can break your applications and even your network.

The upshot: as the pace of business accelerates and becomes more automated, there is a need for segmentation to become automated – and that requires decoupling from the network. 

Decoupling application development and delivery

It’s not a new idea. In IT, we’ve seen multiple waves of infrastructure innovation that has enabled us to deliver applications quickly at scale:

  • With server virtualization, we decoupled the operating system from the physical layer, slicing up the server into multiple virtual servers, allowing more than one OS per machine.
  • With containers, we decouple applications from the OS or the VM.
  • With storage virtualization, we’re presented with a logical view of distributed physical storage assets.

What about how we’ve evolved in building applications? It used to be that you had no choice but to DIY from the ground up. Now, we would no sooner start from scratch in creating an application than we would choose the “cash only” toll lane on the highway or ask Netflix to mail us a DVD for a movie we can stream with one click.

Three things have radically changed the notion of how we build software, abstracting layers of complexity to give us more functionality and speed:

  1. Open Source ecosystem: Now when you look to build an application, you see how much you can get off the shelf because it's already been done by others. Think back to the ’00s when SharePoint was mushrooming as the corporate intranet for storing content and website search exploded. The profitability of enterprise search spawned the pre-Gmail or Gdrive entry of Google into the enterprise with its Search Appliance in 2002, Microsoft’s $1.2B acquisition of FAST Search and Transfer in 2008, plus HP’s $10.3B acquisition of Autonomy in 2011…and eventually its $8.8B spin-off in 2017. What do companies like Netflix, Twitter, and Amazon (and maybe even yours) now use now for search? Open Source-driven alternatives like Apache Lucene, Solr, and Elastic. Why reinvent the wheel?
  2. APIs let us acquire functionality available elsewhere and connect to apps in a quick, standard way. Developers can leverage fully functional, distributed processes created and maintained by others through APIs. Why duplicate effort?
  3. Finally, cloud services, provide the function you consume remotely without doing any compute – often through APIs. Why not move towards more distributed, modular functionality?

So now when we want to create new application functionality, we actually don’t build or maintain as much of it ourselves – we’ve decoupled application functionality from software development. Open Source, APIs, and Cloud Services made it possible to scale that process much faster and more reliably, because you can use cloud services, go through an API to get to them, and leverage open source software to build your app – producing deep, rich functionality in a short amount of time.

This is why we talk about monolithic applications becoming more distributed and modular: we’re abstracting functionality to speed it up, decoupling the logical from the physical, and optimizing and centralizing administration.

Decoupling segmentation from the network

Illumio takes a similar approach in decoupling segmentation from the network. You no longer need to rearchitect your network, re-IP everything, cross your fingers and pray that neither the application nor the network breaks with enforcement. Illumio allows you to unlock segmentation from the network:

  • Deploy via software that provides logical visibility across your environments (even outside the network).
  • Design policy based on business logic and natural language rather than IP addresses.
  • Leverage a build/test/enforce model for implementation rather than risking network downtime.
  • Enforce policy beyond the network path across cloud, containers, and dynamic applications – wherever they run.

When you try to get everything out of one platform, it often doesn't give you the best results. But if you think about it, many times (in life and in technology) when you decouple functionality or different problem solutions from an underlying platform, you actually run the platform better and get faster solutions.

Illumio customer Plantronics decoupled for this very reason:

“Every time we added another virtual machine or another service, we had to reconfigure our security, which meant a huge amount of time spent on static security configurations within a very dynamic environment. Illumio represents a transformational approach to providing security for the cloud.

When we became familiar with Illumio’s solution we got quite excited, because of its ability to set the right profile, and then as more machines come and go within our cloud, Illumio grows with them and eliminates all of that static configuration time – all the while providing even more protection than we were seeing with other solutions.”

Thinking about making the move? Try our Test Drive or attend our webinar on decoupling segmentation from the network.


Related articles

Assume breach.
Minimize impact.
Increase resilience.

Ready to learn more about Zero Trust Segmentation?