Cloud Hosting

The cloud has left us all massively exposed. And, according toNetFoundry CEO Galeal Zino, who spoke at a NetEvents roundtable in January, secure networking needs to be a software function.

In a distributed computing world, it makes sense to take the cloud as close as you can to the customers. The downside is that every time a network expands and changes shape, there are huge growing gains and stretch marks as a result.

The expansive hyperscaling of the cloud has been great for developers, but a nightmare for the people who have to manage the supporting network and secure all the joints. Every interface, gateway and firewall has to be accounted for by some network manager or security expert, and sadly their security job is a lot harder and more fiddly than it is for a developer to spin up a server. All those new virtual servers multiply the attack space for criminals. Its as if they are building whole new estates without locks on the doors or windows.

The good news is that NetFoundry has solved this problem and now it needs channel partners to present the solutions to their clients.

It has an eclectic list of prospective partners value-added resellers (VARs), systems integrators, and every kind of service provider (such as managed, comms, and infrastructure), so options for partnership are quite varied. The unifying quality is the belief that the cloud has to be secured at inception.

Zino is excited that secure networking has turned into a software function.Monolithic applications have been broken down and put in into containers, microservices, and lambda functions, so it only makes sense to do the same thing to the network, Zino says.

That means you have an opportunity to orchestrate secure networking, the way you orchestrate software, and thats really exciting, he adds.

The so-called shift left in the industry heralded a new massively distributed and very fast world that has left secure networkingin the dust and every cloud user massively exposed. Still, never mind the threat, what an opportunity!

Zino is very excited at the prospect because hes invented the answer: Weve reinvented secure networking to fit this hyperconnected world.

So, what is the shift left? We must move networking and security into the heart of the development delivery lifecycle, or its too late. Otherwise, I dont believe in this kind of hyperconnected massively distributed world were talking about, says Zino.

NetFoundry is working with ARM and CapGemini to secure connected cars with what it calls confidential compute with SSA confidential networking.

We designed the solution from the ground up. We put security and networking right into the application, says Zino. Its a lot simpler in the green field.

Edge computing will be hard to secure though.You need an environment where you can iterate and experiment, says Zino. Therefore, you need a certain cost and simplicity. Im not sure were there yet for the edge or that mainstream developers can tinker at the edge. I think the cost and the complexity arent quite there, but we have made tremendous progress.

Zino adds that security should be sold as an enabler.Securitys traditionally been an obstacle to velocity and agility. The magic of cloud was that as a developer, or an engineer or a business person, I could go to AWS, enter my credit card, and have access to world-class compute, rather than submit a ticket to IT. So, AWS and Azure democratised computing, he says.

That doesnt sound like democracy, where everyone gets a say, but there are still rules for proceeding with decisions, such as elections every four years. Democracy moves slowly. What AWS did was allow everyone to ignore the rules, which is arguably closer to anarchy.

Still, as Zino points out, innovation flourished. But now IT has to put secure networking into the hands of the coders and into the heart of the development delivery lifecycle.

Then they can innovate, whether its edge, cloud or both. So thats what Im looking for, says Zino.We call it application-specific networking, right? You put the capability into the application code to generate a secure-by-design overlay, specific to its session.

The SolarWinds incident last year proves that attackers are spoilt for choice in the world of the cloud.

The only way youre ever going to prevent those attacks is to shift left and put secure networking into the heart of your development lifecycle. Its the only way, and I believe that log for SolarWinds opened our eyes to that, says Zino.

The size of the blast radius needs to be minimised, Zino continues, saying that its time to put wide-area networks (WANs) in a museum.

The WAN needs to be retired, needs to be killed, needs to go away. We need to go the opposite direction, he says.The WAN gives them [the hackers] the connectivity and the path to get the data and infiltrate it.

So theres an argument that we need to minimise the blast radius, because were always going to have vulnerabilities and theyre always going to get exposed to some extent. The only way to do that is to kill the WAN and have an actual secure-by-design architecture quite the opposite of the One Ring to rule them all-type approach, he adds.

I think I know what he means, but Im sure you will understand a lot better than I do.

View post:
Security has to be at the start of every cloud conversation - ComputerWeekly.com