It's true that our industry is often overwhelmed by new and very capable solutions addressing many problems that we all face during our day-to-day business operations. That's why the right business strategy and making commitments to address them will make or break our long-term goals. This includes resiliency or cybersecurity which together adds up to become our business continuity. While we all possess certain amount of knowledge and experience from operating distributed and complex cloud environments, the expansion of the cyber world provides challenges forcing us to evolve our current methodologies, architectures, and processes. Even though certain products come and go, a new and clear philosophy emerges in the era of the cloud and cybersecurity that many fail to notice. An urgent need for business agility promotes infrastructure as a code rather than in-house built and maintained solutions. Even though the cloud automation and orchestration brings a great advantage, we are now recognising a new level of additional value delivered by a large amount of innovative online services available at our fingertips in the expanding cloud ecosystems and supporting it marketplaces. Thanks to that, we learn to appreciate that our true business value lays in actionable data and modern set of algorithms working in our favour. Finally, we accept that our technical world is becoming too complex for our minds to handle and we slowly but surely introduce and embrace the era of man and machine in which we support ourselves with intelligence sourced from the emerging world of machine learning. Even though it seems like a lot, It’s hard to imagine that this is only a beginning ..of the beginning!

We are often being supplied with marketing material that aims to persuade us that "our solution is better than theirs". Often only supported by high-level statistics and distributed by undefined sources aiming to ..well scare the audience! Nobody, however, mentions that by employing the basic cybersecurity safeguards properly in our cybersecurity strategy, we will cover up to 90% of our risks immediately! Do you know that encryption and separation are the main disruptors of Techniques, Tactics, and Processes (TTP) used by the bad guys? Do you know that by covering the basics we push the bad guys to work hard and therefore we disrupt their workflows while forcing their unusual behaviour making them easier to spot and eradicate? This is important as the average dwell time as pinpointed in 2018 equaled about 100 days. This means that an average business requires around 100 days to notice an intruder in their environment. As the topic of this article focuses on workload separation, let us first take our magnifying glass and compare the old and the new way of thinking to highlight the obvious gap!

The old world!

In the old world, we simply used network separation with dedicated hardware, VLANs, VRFs, VPLS, subnetting, or even NATing to deliver network security. This is misusing technologies that were not designed to mitigate the modern cybersecurity risk, but rather to speed the network communication up.

On the compute side, we again delivered the hardware separation that was superseded by virtual machines and now containers or server-less architectures. Even though the topic of cybersecurity is on the top of the agenda of every business, we keep treating it as a tick-box exercise. None of the aforementioned solutions aim to deliver a consistent, scalable and clear cybersecurity architecture for the future.

How will mixing and matching these techniques together make us better if we focus on a number of complex technologies requiring manual and often disjoined complex business processes? It’s exactly here where we are clearly losing focus on what's really important - the data and applications! In concept, we build tall and thick walls, narrow the entry points, we strategically place the locked doors around and manually control our safeguards with a top-to-bottom approach. Our security is tight! We are safe! Now.. how do we get in? How do we monitor, integrate, correlate or scale this level of complexity?

Whisper: Let us break the rules that we created as they are unmanageable! Just don't tell anyone, will you? Don't worry I will lock the doors after I'm finished! I promise!

The new world!

Imagine a world of highly complex applications, compliant data easily flowing between workloads distributed across locations and users. Now wake up, as this is the new cyber world we are entering today! It's time to open your mind to a modern set of solutions, and even more importantly, allow our mindsets to evolve! In order to understand what will happen next, we need to evolve our understanding of technology and focus on application and retooling simplifying our architecture and boosting automation! The world of modern Cloud and its Cybersecurity accelerated by the era of Software Defined Networking provides a clear answer! We need to understand that the infrastructure decoupling from the application is a reality. In today’s ear, being late here does not only mean as slip in our current strategy, but being two steps behind the next wave of innovations heading our way. This means that we need to focus our efforts at the end-point as that's the only element that will stay consistent in the era of the hybrid cloud. This strategy allows us not only to successfully maintain our old workloads but also merge and bring it to the cloud while securing its agile evolution.

Modern segmentation

Let's go back to the main subject and discuss the modern separation while utilising the mindset described above. Often it's the startup community that brings the answer to our problems and that's the case today as well! Today we bring an independent opinion on the evolution of segmentation delivered by the cloud security company from sunny California; illumio (www.illumio.com). Here's why it matters to you!

Do you recognise the following scenarios?

1. Distributed segmentation

Problem:

Unfortunately, point A is unable to communicate with point B.

Traditional answer:

Let's troubleshoot it! Let's schedule a meeting, bring the problem owner, connect the application, database, network, and security guys together. Check the ACLs on both applications, hosts, then firewalls, switches, (hopefully not routers?), run pings, netcat, open ports level by level. Oh wait, the security engineer is concerned, we need to escalate it to security architects as we might be opening the workloads to other applications unnecessarily! Is that affecting our security standards or compliance? Time is against us and we don't even know if we are troubleshooting in the right direction! Maybe we can "allow all" for a second to test it? Let us call in the Project Manager as the problem is too complicated...... again, again and again!

illumio answer:

As illumio understands and classifies all the live application flows, it can easily check if the policy is violated. Since the application separation is enforced on the end-point, there's no need for network security to be involved. As the application security policy is clearly visible and documented, consistency and reporting are evaluated and maintained throughout the whole solution. Furthemore, with the right amount of additional orchestration, the developer could troubleshoot the problem on his own.

2. Cybersecurity consistency

Problem:

Somebody opened a port on a critical part of the infrastructure

Traditional answer:

"It wasn't me!"

illumio answer:

illumio maintains and computes all the distributed security policies in one place and allows for custom adjustments if required while providing reporting on all covered security policies ..automatically.

3. Application flow management

Problem:

How do you manage your application flows? How do you correlate, test, review and enforce your application flow?

Traditional answer:

"We don't, but we plan to get there ..one day!"

or

"Excel sheet.."

or

"Netflow, syslog, ACL drop count ..and 3 different system that Bob knows... but he is not in today"

illumio answer:

illumio consumes dynamic end-point data from external systems automatically, allowing for simplified labeling and maps all the distributed application flow graphically for ease of use. It consumes a predefined security or autogenerates policy and suggests its own solutions in a single GUI based system for simplicity.

4. Business continuity and compliance

Problem:

We need to apply a critical update to our security policy, but the application is so complex that we are too concerned to deploy it without an in-depth and manual analysis of all dependencies as we don't know how it might affect our uptime and compliance.

Traditional answer:

Meetings, delegations, escalations... fingers crossed!

illumio answer:

Add or edit existing distributed security policy and run it automatically in the test mode in production to safely analyse all business outcomes before enforcing it through the live environment.

5. Critical patch management

Problem:

High/Medium severity level vulnerability discovered! Patching is required immediately as business-critical applications are affected!

Traditional answer:

Patching planning is required. System owners to be consulted. Schedule to be confirmed. Meanwhile, time is ticking away!

illumio answer:

As illumio platform integrates with vulnerability assessment tools, it's able to consume the data and suggests a security policy narrowing the exploitation vectors through smart application flow management and distributed access control. It’s clearly not resolving the core problem, but adds up to the dynamic tool box of safeguards that can be employed in critical situation to mitigate and manage the unexpected cyber risk.

Conclusion

Based on all information above, in our experience and opinion illumio deliverers a true value in the space of cybersecurity and software defined communication to any business willing to truly enhance its cloud operations, provide simplified visibility, unified cybersecurity policies operations while enhancing business compliance. As the solution is truly built for the cloud era, it will withstand its evolution and grow along with it rather than be challenged by its pace. The level of automation and effortless integration with third-party makes it agile, open and adaptable. It will support you during the day-to-day operations and will allow you to add greatly required speed in moments when you need it the most! We value it's simplicity and user-friendliness a lot too! It is clearly built for the future and since the future is now, it receives a stamp of approval and recommendation from the Revoluti0n.com as it fits our spirit along with our vision of the emerging cyber world!

Don’t believe us? See it in action on your own!

illumio… where have you been all my life? ☺️