In recent years, a number of cloud architects have proclaimed the demise of network security with the adoption of the public cloud. Yet, network security persists in being one of the largest markets in security and is an area where each of the major cloud service providers (CSPs) have launched significant new offerings over the past few years. It shouldn’t be a surprise that the network remains critical to security, even in the cloud.
The network provides a universal control point providing the enterprise with leverage in securing everything, regardless of the workload/app's architecture. Many enterprises moving to the public cloud may have thought network security would be superfluous – after all, the cloud provider owns the network, so network security is handled by the CSP – but something interesting happened instead.
How has cloud migration complicated network security?
The move to the cloud signified the realization of a dream business folks have had since the inception of IT – stop caring about the underlying enabling technologies (i.e., infrastructure) and only focus on the application. Moving workloads to the public cloud enabled that focus to an unprecedented degree. Instead of focusing on securing the infrastructure, organizations were able to focus on the app/workload and its functionality and security – patching, locking down access, etc.
But as cloud grew at a blistering pace, cloud architects were reminded of a few truths:
- Scale can make even simple tasks hard – like patching vulnerable workloads or managing across multiple clouds.
- Placing defenses in the network was never really about securing the enterprise or data center network – it was just the easiest place to put them to secure workloads.
- Cloud providers secure the network, but they don't care about what's running on the network. That's your business.
For cloud and data center security, the network is the common ground
As organizations move from few to thousands of workloads, somewhere along the way, simple patching of vulnerabilities became difficult. Recent surveys have suggested that vulnerabilities like Log4j took months to patch, which with the rapid development and automation of exploits, highlights the need for defenses outside the app/workload.
Defenses outside the app/workload can be applied in a variety of ways (compute, network, container), but the need has become front and center for cloud architects. While it depends on the application architecture in question, the network has a couple of things going for it:
- It's the only place to put defenses that work for every application architecture (list) – everything touches the network - which means it's the one place to put defenses that enable a consistent approach across public cloud-hosted apps and workloads.
- The network is cost-effective. Many workloads of different types can be served by a few enforcement points. And those enforcement points, in a cloud-native approach, can be managed in much the same way all of the cloud infrastructure is – automatically and cost-effectively.
How do you ensure network security in the cloud?
While CSPs will go to great lengths to secure their networks, that’s never been what organizations care about. Most organizations only care about securing workloads and data. This is why network security has a slight change in mission – it’s not about securing the network; it’s about securing workloads.
In addition to the modification in mission, there's also a change in execution needed – organizations in the public cloud can't abide by a security capability that uses a management and ops model from the data center. In other words, virtual appliances designed to secure networks and managed on a box-by-box basis aren't going to work where operations are designed around everything-as-a-service. Sure, appliance providers will supply duct tape and zip ties to stand things up in a cloud environment, but it's not a resilient approach that enterprises can rely on.
What’s needed in a modern multi-cloud environment is an automatic, cloud-native capability that enables strong security approaches like zero trust. With a number of announcements from the major cloud providers over the last year, it’s great to see recognition of the need for network security in the cloud. Now, with greater recognition of the need, the cloud network security market seems poised for a breakout year of growth in 2023 as more organizations evolve in their cloud journey.
Vishal Jain is the Co-Founder and CEO of Valtix.