Hybrid clouds are gaining momentum among organizations and enterprises, both large and small. Research company Gartner reports that 90 percent of companies will have moved to hybrid cloud infrastructure by 2020. Cloud computing services expenditure is expected to reach $68.4 billion in that same year. These projections make perfect sense. After all, the model combines the accessibility of a public cloud with the focused services and specialized security provisions of a private cloud. A hybrid cloud infrastructure can provide the adaptability that businesses need to compete. The big question is, how do you secure it? vArmour provides innovative answers.
Meeting the Security Requirements of a Hybrid Cloud
With more resources that need oversight, a hybrid cloud infrastructure presents more challenges when it comes to data network security. The protection requirements that an organization needs are variable. Bridging visibility, policy and compliance gaps across environments are vital.
Founded in 2011, vArmour delivers solutions that simplify security policies and strategies for Hybrid Cloud Applications. The firm provides consistent policy across public and private platforms for hybrid cloud enterprises. vArmour does this in three steps: analysis of applications and their communication behaviors at scale, policy computation and validation of security policies and their impact and protection through enforcement by leveraging cloud controls, mapped to compliance.
vArmour —Providing A Better Approach to Cybersecurity
Most of the world’s data centers are built in such a way that if one part is compromised, the threat can spread to the rest of the system. Targeting anomalies like many data network security programs do might not be that effective. Instead of looking for threats, vArmour discovers and defines every application communication process and policy workflow needed to conduct business. Everything outside of those definitions or “guard rails” could be flagged as illegal. The centralized management structure from vArmour segments off data into individual workloads. Each one is completely protected from each other. Even if data is compromised, the activities of an attacker would be limited.
I had the opportunity to discuss hybrid cloud protection and other cybersecurity concerns in an interview with vArmour’s bold leaders. CEO Tim Eades and SVP and Chief Cybersecurity Strategist Mark Weatherford both shared their insights on the risks and impact of security for businesses with hybrid cloud infrastructure. They also got into detail about how vArmour helps protect enterprises from cyber threats.
John R. Miles: Bold Business has written a number of articles on the impact of cybersecurity and its risks to different industries. What do you think are the largest exposures facing companies today?
Tim Eades: My personal belief is that attacks have exploded because the attack surface has exploded. You have mobile, IOT, SaaS etc applications more distributed than ever before with more people accessing than ever before. The CIO and CISO are now having to play a more critical role than ever while driving a digital transformation and doing it securely. The regulations at the same time are getting tougher with consequences becoming more severe. This is great if you are a consumer since it drives accountability to the enterprise to lock down critical assets. Fines on the enterprise are the highest they ever have been.
Mark Weatherford: I would categorize it differently and change the word from exposure to risk. The landscape of adversaries is changing a lot, too. A few years ago you could bound the adversaries by category but today they are much more sophisticated. It is getting harder to tell difference between a nation-state and an individual with a laptop and wifi access. We used to be able to define fairly distinct swim lanes around a CISO’s responsibilities but it’s become much more complex.
There are now over 300 pieces of legislation on Capitol Hill that deal with the complexity of cybersecurity and privacy. The legislation is also a threat to private companies because of the unintended consequences. CISO’s today spend so much time dealing with regulations and regulators that it has become difficult to do their job.
John R. Miles: We recently published an article on unintended consequences of new technology. Have you seen real-world examples of this occurring?
Tim Eades: Absolutely. Developers and companies are moving very quickly to develop new capabilities as they thrive for this “digital business goal” but with agility comes risk. They often look at security as a tier 2 requirement and thereby miss the sight of the security aspect and how a potential bad actor might utilize their application in a way that was never intended which can create chaos for a company.
Mark Weatherford: Technology has become so ubiquitous that it literally touches all aspect of your an organizations architecture and connected devices with access to the business.
John R. Miles: I have been friends with Marc Benioff, co-founder of Salesforce.com, for well over a decade. The formation of cloud computing is largely attributed to him and was introduced as a more secure way of doing business. Where do you specifically see the exposures in cloud computing, and what are the things businesses need to be concerned about?
Tim Eades: Marc is a great guy, and Parker his co-founder and I are very close friends. Salesforce.com took off as the market went from application service providers to software-as-a-service. We’ve now seen the explosion of the public cloud with the rise of AWS, Google Cloud Platform, and Azure. When we meet clients today, all of them have applications in more than one cloud platform. This is in addition to their private cloud. You also have highly regulated industries that are moving to the public cloud for better ability and cost, but with the regulatory controls of a private environment. So, you have to balance moving fast against security and control. vArmour provides them with a common set of policies so that application can be locked down regardless of where they reside.
John R. Miles: What is a hybrid cloud environment and why is it more difficult to protect?
Mark Weatherford: Essentially you have two types of clouds – public and private. Traditionally organizations have had their own data center where they build their own private cloud but public clouds from Google, Microsoft, and Amazon have become very popular because of their ease of entry, flexibility, and lower cost. A hybrid cloud is where you have a presence and workloads in both public and private clouds.
A lot of companies have applications or systems they do not feel comfortable moving to public clouds. So, they maintain that footprint in a private cloud.
Tim Eades: The trend started with all the things that need to move scale up and down fast went to public clouds but then it expanded to more mainstream applications. You do not have the agility in your legacy environments.
John R. Miles: How does that relate to the genesis of vArmour and the problem the company is trying to solve?
Tim Eades: By providing customers with consistent security policy regardless of the underlying infrastructure, we secure the application wherever it resides, make it simple, make it scale and meet the ever-growing requirements but also those of the regulators. We provide the ability to automate much of this which makes it simpler for the security team.
John R. Miles: I am seeing a growing list of companies that do behavior-based pattern recognition in IOT environments? Do you see those products as viable and how does vArmour complement them?
Tim Eades: We are looking at application communications within the data center and cloud. vArmour highly leverages machine learning to understand the application traffic that is occurring around your critical assets such as a database. By doing that, and integrating with other sources of telemetry, we can say this is a database and this is what normal application behavior for it looks like. Many IOT solutions don’t touch critical assets like databases, but where they do, we can integrate with them as an incremental source of telemetry. We partner with IOT companies and complement them.
John R. Miles: I saw you do DevSecOps? When you say this, what does it mean?
Mark Weatherford: As Tim mentioned earlier, DevOps is basically a process of agile code development that lets the developer get it out very quickly. It is the agile and quick iteration that makes it such a profound change. Secure coding has always been a problem but a few years ago we realized we could integrate security into the DevOps process. Netflix has been a leader in integrating security coders into the development process. DevSecOps is a process of putting security engineers and security testing directly into the software development process. As security issues are identified, they can be fixed in real time.
Tim Eades: The security operations center of the past were reactionary in purpose. Therefore, the only way they could operate was to leverage correlation techniques into an incident and event manager to look for patterns to make a decision. What we do is integrate security policy into the development process, therefore, weaving application security into application development processes.
John R. Miles: How is your broader solution different from other competitors?
Tim Eades: We find some competitors have a security solution on a single cloud or single infrastructure technology. But, if you are an enterprise today you have assets in a variety of clouds across a very diverse infrastructure and the challenge becomes how to get consistent application security policy across all of them. vArmour differentiates when you have (or want to have over the coming years), application assets in different public and private clouds.
John R. Miles: What is Layer 7 visibility and for our business readers, explain how this aids the performance of a business?
Tim Eades: Layer 7 is a technical term referring to an application. We focus our business on understanding and securing applications because we believe applications are the center of gravity for a business. Our application knowledge allows us to connect the security problem to the application owner whether it be billing, medical records etc.
John R. Miles: Can you provide some examples of real-customer impacts where your solution has had a positive impact in thwarting an attack and data network security?
Tim Eades: I was in a conversation with a CISO with a large bank recently where we protect their payment gateways. We were able to detect and prevent a significant attack. The customer was able to come to our office and share this with our engineers. These moments really provide a great compass for our employees to understand what we do and its importance.
Making Strides in Hybrid Cloud Infrastructure
Investments in vArmour prove that the company’s technology has great potential to disrupt the future of enterprise security. Its current roster of clients already includes the world’s largest banks, telecom service providers, government agencies, healthcare providers, and retailers. Last April, vArmour also announced record results for its fiscal 2018 year. The company quadrupled billings and tripled revenue. Tests have also proven that the system is effective in protecting the most important parts of any network or cloud. These accomplishments suggest that for years to come, vArmour will remain as one of the leading companies in the cybersecurity space.