Adaptive Segmentationmicro-segmentation November 17, 2014

Five Things We Learned at AWS re:Invent

PJ Kirner, CTO and Founder

Along with 14,000 of our closest friends (including several dozen Illumio customers), we headed to Las Vegas last week for the Amazon Web Services’ re:Invent conference. The cloud jamboree did not disappoint.

Celebrating an estimated $5 billion business (that is roughly doubling every year), Amazon’s Infrastructure-as-a-Service business—as well as Microsoft’s Azure offering and Google’s Compute Engine—presents a strong alternative to premises-based infrastructure. Over the weekend, we thought about five big trends re:Invent highlighted for the industry.

The Illumio booth at AWS re:Invent 2014

1. The Cloud Is Turning Infrastructure into a Rentable Commodity

The traditional rationale for AWS has been fast, agile, and cost-effective infrastructure with only a few mouse clicks. This trend continued last week with the announcement of the new Amazon Aurora database, and support for container technologies such as Docker. For us, though, the real enterprise move pivoted on a series of capabilities that help businesses recreate much of the IT function, including AWS Service Catalog, AWS Key Management Service and, most significantly, AWS Lambda, a service that dynamically runs code in response to a event.

What this means for many applications is that infrastructure is turning into a service that can be rented on demand. It is increasingly simple and fast to rent infrastructure for a specific time with a few mouse clicks. But just as a car service—even one as easy to use as Uber—does not economically replace car ownership for many transportation needs (e.g., daily commute over a specific distance or using a delivery vehicle), Infrastructure as a Service is not a pin-compatible replacement for many applications at scale, but an augmentation.

2. Security: DevOps Is Coming for You 

The next wave of security heroes is coming, and they have a DevOps background.

Security was not the main theme of the event, but it was an important crosscurrent in many discussions. We met hundreds of developers and solution architects in our booth, and most were pleasantly surprised to learn security could be part of their orchestration tool set, effectively embedded in the application life cycle from the beginning, versus being added afterwards. With Illumio, deploying security in cloud environments is as fast and agile as using Chef, Puppet, or Ansible. The Illumio Adaptive Security Platform (ASP) model mimics the software development life cycle, with all changes tracked—with comments, owners, and timeline—just like source control

Developers are obsessed with the speed and performance of onboarding new applications. By making security part of that paradigm, they will become passionate advocates of an adaptive security approach. The next wave of security heroes is coming, and they have a DevOps background.

3. Do You Understand What Is Inside Your Cloud? 

In the classic Capital One credit card advertisements, a band of muscular Vikings or an intense, focused Samuel L. Jackson asks “what’s in your wallet.”

Increasingly, as more critical data moves into cloud services, developers and architects want to have greater visibility and understanding of application interactions in their computing environment. This is doubly important to an enterprise when it does not own or truly control its infrastructure. 

4. The Public Cloud Begins with the Enterprise Data Center 

Dan Zelem, chief technology officer of Johnson & Johnson used his time during the opening keynote to state: “We’re going all-in on a hybrid cloud strategy for J&J.” 

Well beyond the cost and complexity of maintaining separate security regimes for the enterprise and the cloud is the risk of opening more attack surface.

Several days on the tradeshow floor underscored that most companies will have the vast bulk of their computing resources within their own data centers for some time to come, even as they move to services like AWS.  We came to an important conclusion based on dozens and dozens of conversations:

Few companies want to separate security approaches for the enterprise and cloud. Well beyond the cost and complexity of maintaining two security regimes is the risk of opening more attack surface. 

The enterprise would prefer one approach that works equally in both environments.

5. The New Boss Had Better Not Act Like the Old Boss

One of the rallying cries of any new IT vendor is how they end proprietary “lock-in” to a given technology. In reality, as a new class of technologies and vendors rise and an older generation falls, it reminds us of the Who’s song “Won’t Get Fooled Again”:

“Meet the new boss
Same as the old boss”

If the current moment in computing means people can pay for what they use based on value and differentiation, technologies like security that underpin the openness of this movement are likely to be very valuable. 

Overall we found AWS re:Invent exciting for what it brings to our industry and we will be back next year.

Adaptive Segmentationmicro-segmentation
Share this post: