Adaptive Segmentationmicro-segmentation November 4, 2014

Security That Works Anywhere: Illumio at AWS re:Invent

Mukesh Gupta,


Q: What was your experience at last year’s AWS re:Invent?

A: What was most remarkable last year was seeing all of the AWS customers and getting a true understanding how much traction they’ve gotten in the AWS cloud. It really drove home to me that the public cloud has momentum and even big enterprise customers are starting to use it; it’s growing really fast.

Q: What are some of the technologies that you’re most excited to see at AWS reinvent?

A: I’m most interested in the companies that are talking about their experience in moving to public cloud and why they could or couldn’t do it. I want to know what they’ve been worried about after they’ve moved. What are their challenges and how are they solving them?

When I walk around the show floor, I’ll definitely have my eye out for anything in the security space. One session I’m interested in checking out is Coca-Cola’s. They’re going to share the challenges they faced and the solutions they came up with while migrating hundreds of applications from on-premises to AWS. Also, Intuit will be presenting a new discipline called DevSecOps that sounds interesting.

Q: Why is Illumio participating in AWS?

A: Just about all large organizations have cloud instances in addition to their data centers, we think there is an opportunity to have a more in-depth security discussion. AWS has been great about adding features to its security groups, but most of the customers are hybrid—they’re usually starting with their own data center and moving partially to AWS. Creating a unified security approach between the cloud and company data centers has proven to be challenge for organizations.

Illumio was built from the ground up to address this challenge. DevOps is very focused on automation, orchestration, auto scaling, keeping things really fluid, and deploying and updating the applications really fast. And then security just slows them down.

Our approach to security mirrors the DevOps continuous delivery model.  

Illumio aligns the security model with DevOps speed, so they can move as fast as they want to and still maintain a high security posture. The Illumio PCE, or Policy Compute Engine, continuously adapts security in real time with policies written in natural language. This means security teams can define things once and as applications are deployed and changed, they don’t have to do anything—security just keeps moving along with the applications.


Q: Why visit the Illumio booth?

A: We’re going to showcase how Illumio delivers security that works anywhere, with no dependency on the infrastructure.  We’re going to focus on highlighting four major benefits of Illumio’s technology:

  1. Write policies using natural language. Illumio lets security teams define policy in natural language, just like application developers do. They don’t have to worry about the VLANs and IP addresses. They simply need to describe relationships—for example the web talks to the database, and the load balancers talk to web—and then Illumio takes care of it from there
  2. Security that works anywhere. Once these security policies have been written, applications can be migrated across service providers. You can start in AWS and add Azure to it. You can start in a private data center and go to AWS. Because the security policies are independent of the infrastructure—they are aligned with your applications—you don’t have to worry about security.
  3. Security that auto scales. The Illumio PCE, or Policy Compute Engine, translates the natural language policies and then adjusts and adapts as computing resources change, in real time. Applications can scale up or down, migrate, or change without requiring security policies to be rewritten.
  4. Illumination. Illumination mode allows security teams to visualize and understand their application topology, build and test security policies, and then build enough confidence that it’s not going to break anything.

Illumio will be showcasing its technology in booth No. 1355 at AWS re:Invent, held November 11–14 at the Venetian in Las Vegas.

Adaptive Segmentationmicro-segmentation
Share this post: