Webinar Recording

Accelerating Your Digital Transformation: Secure and Successful Cloud Migrations

Log in and watch the full video!

The use of cloud services is one of the key enablers of digital transformation - accelerating time to value, providing more access to powerful IT resources in a more cost-effective manner and removing the management costs associated with commodity services. However, these benefits come with some risks. Migrating your business applications to the cloud without creating security vulnerabilities, unnecessary risks to your data and ensuring compliance, is critical for a successful digital transformation.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Good afternoon, good morning, or good evening, depending on where you are and welcome to this KuppingerCole webinar on accelerating your digital transformation. in this webinar professor Avishai Wool, and me, Mike Small, will talk you through how to securely transform your digital, go through your digital transformation. So once again, thank you very much for joining us. And especially if anyone is joining us from the US and that you are coming in to join our webinar rather than the inauguration of the next president of the United States. So, in, in KuppingerCole, we do a lot of virtual events. Then on this slide, you can see some of the things that are coming up in the near future, and we hope that you will be interested enough to come and join one of these. And in terms of the, the, the webinar itself, we will be muting all of the participants during the presentation part, the slides will be recorded, and you will be able to get access to a podcast or to some kind of recording of these, the whole event from 24 hours from now that there is a little question and answer area, which you can see on the control panel.
And if you have any questions, please, will you type them in to that panel. And at the end of the webinar, any questions we will go through and either myself, or I will try to answer.
So in this, we're going to kick off with Mike Small, I'm going to go through what all the essential steps that an organization should need to go through in order to securely and effectively transform their digital systems. And this will be followed by a session, a set of slides by professor Wool on how AlgoSec products can indeed help to achieve those aims. And then we will finally end with a set of questions and answers, and hopefully we will have 10 to 15 minutes left for questions and answers. So now let's go into the meat of the presentation. Now it's interesting to kind of set a context for this because we roamed in KuppingerCole a number of different virtual events and real physical events on cybersecurity and related topics. And then in November, 2020, we run a cybersecurity leadership summit, which was attended by CIS owes and various other people.
And during this, we did a poll of what were the top things that organizations and sea level in those organizations were concerned about. And all here, you can see what those three topics were. And indeed, it's interesting that the first one was zero trust. And this seems to be something that after 10 or 11 years, since it was first invented by this chump from Forester, a suddenly made a comeback, and everybody is being finding that the vendors are promoting zero trust. And what I would say is that as an analyst, I constantly find myself with two lines of people in front of me, one, all the vendors who want to sell me that the new product is the next best thing since sliced bread and a set of end users who don't really understand it and not know what to buy. And that then the next thing is to do with how organizations come secure, that increasingly heterogeneous it environment.
And this is sort of hybrid cloud security and not surprisingly given the COVID Corona virus pandemic that is going on the third thing we're securing the remote workforce and all of those issues or issues that are incredibly relevant to the subject of this webinar, which is to do with digital transformation. And what basically has happened is that the COVID epidemic has accelerated the programs that were going on inside the various organizations to go through some form of digital transformation. And this was around how they can use the, the, the systems that they have to get closer to their customers. When in fact, the, those customers can no longer come in the ways they used to like so many people for the last nine months, I have been under lockdown and I've had to do my shopping online. I've had to do my meetings virtually and like everyone else I've been working from home.
And so the priority for organizations to survive has been to support those needs. And that actually is dependent upon the use of cloud services. So how do you support all of these things and what are the issues that come out from that? Well, it may well be that the survivors sort of the organization depends upon undergoing this transformation and the, the CTO or whoever within the organization that is driving that is under the pressure of survival. If we don't do this, the business is going to go, we all no longer going to be able to, to work. But that does not mean to say that the compliance and security concerns have gone away. This new way of working means that the chief information security officer officer is asking, well, if we're now going into D we're doing things in this different way, how does this alter our security posture and the risk and compliance officers are saying, well, we have to do it, but how does this map on to our obligations?
Are we still able to meet these obligations? Now, when you listen too many of the security vendors, what you find is they will give you lots of nitty gritty detail about how it is that the cyber criminals into cyber adversaries will intend to get in. But from a business perspective, what really matters is what is the impact and how does this come about? And it really comes down to, are you able to control access to all your systems, applications, and data? And once you move into this hybrid heterogeneous online world, there are as well as all of the old threats there are. And that whilst you may believe that your existing controls all going to bait such as factory, they will not be because they may be ineffective for the new vulnerabilities that this different way of working brings them out. And the consequences of this is that the cyber adversaries are more likely to be able to get into your systems and to lead, to compliance failures through data theft, through data breaches, that they may be able to perpetrate fraud and loss of intellectual property on your organization, or indeed loss of business continuity.
Indeed, only yesterday, I received an email from all of the organizations that I have booked tickets with. This is a local organization that is a school of music. And they wrote to me saying, we've suffered from a ransomware attack. Can we had to pay for the ransom? And the cyber adversaries are very kindly given us the backup data and promised us that we haven't, they haven't stolen it. And we, I had to write this email to you because all the privacy laws exist. So that is the kind of difficulty that you really, really want to avoid. And unfortunately, many of the smaller business are in fight. Those that are most vulnerable to those problems. Now this hybrid world also makes everything more complicated because when everything was under your control, when it was all on premises, when you, you felt that your skills as security people, so we're being properly implemented, then you felt in control.
But in this difficult world of this hybrid world, you find that you have multiple providers of the services. Those multiple providers will be offering services at different levels. So the IAS service is providing you with compute and storage, your office productivity tools, and your CRMs will be hosted applications and so forth. And so you still have to secure all of that. And of the, all of these different multiple providers AB implementing the same objectives for cybersecurity. They will be using multiple control sets to do it. And you really don't have control over the exact way in which as a cloud service provider does things. And furthermore, you then have confusion over who is responsible for what, and often these services have been bought on the belief that the service provider is going to do everything. And in fact, they don't, there is a clear, shared responsibility model, which many people are not fully aware of. However, just with my story of the, the, the, the, the school of music that was using a third party to provide this services, they all the ones that ended up as the data controller, writing to me saying that your data has been put at risk. So they are the ones that are liable. So you need to waken up and pay attention because that's, what's going to happen.
Now, how do you deal with this? Well, one of the big problems is that so many, all those were trained on how to do security, but not necessarily on how to govern it, because when you buy your services from a third party, you no longer are in control of how it's done, but you have to make sure that the third party does it properly. And that is called governance. And in order to, to do that in a sensible way, you need to go through a series of stages. You have to understand what the risk is. You have to understand what you actually want from that service provider and so forth. But if you do it properly with that element of governance, if you can define your requirements clearly and ensure that the service provider provides them, then you're a long way along the line to actually achieving what you need.
And one of the critical approaches that will help in this world is the approach of zero trust. And professor of a shy will, will in fact be talking about how he's going to his products, help you to implement that. Now that approach will therefore make sure that in the, in the face of these new threats, you help effective controls, which are managing the vulnerabilities. And this leads you to an assurance about how you comply with things that you protect your data, and that you prevent things like malware that could, could impact on that. Now, in order to achieve this, there are these two key capabilities. One is zero trust, and there is much, I'm confused fusion over what the zero trust really is, but in a, in effect, what this is talking about is that your making sure that you understand what matters I E you understand your risks, that you understand how important those risks are, and therefore what policies you will adopt to those risks, and you then will control who or what can access those different resources or assets.
And that's, it sounds quite simple, but in fact, it's actually far more complicated than you might think because the world is not made up as it was perhaps sometime in the golden past with a protected intranet that you could be sure of because everything is interconnected. And as you can see on here, you, you're not only dealing with the people, but you're dealing upon systems connecting to systems, and it's getting even more complicated with the internet to things. And so it isn't as simple. The saying, if it is inside my buildings, then it's secure. It just isn't like that anymore. You have to know them, the identity of the person and the identity of the theme and the route that they are coming in and control them. And so the key thing to do to understand with this is that you must never trust anything, always verify, but that still is based on understanding your risks and taking a risk based approach, which is based on some kind of overarching policy, because come up attempt to control every single thing at a granular level individually, you need to have some kind of overarching model that you use to assign individual rights, which will then control access to every, by everyone and everything, and not only access inwards, but within and people.
Well, don't seem to realize that it's not only the connection to the cloud services that matters. It's not only the connection into your organization that matters, but it is the connections within your organization because the cyber adversaries find their way in wherever is the weakest spot. And once they have gotten, they will then attempt to use the privilege of that access to get somewhere else. And so that also takes into the critical element of this, which is the implementation of least privilege access is absolutely essential in order to be sure that you have secure things. And people don't always remember that this principle came from the papers around Multex in the 1970s. So the second thing that you need is to show that you are compliant and providing visibility of what is being implemented in terms of security controls, critical to good governance. If you can't actually implement it yourself, the only chance you have, but knowing that it is being implemented correctly is by being able to see the effective, the controls that exist and whether or not they are effective.
And that means being able to see the events that are occurring, to be able to see the state of the controls as they are set to analyze that, and to be able to look up for anomalies versus what should be there and what should be happening so that you can produce reports that attest your governments, as well as giving you confidence and assurance that everything is working correctly. And so this visibility and compliance is a critical step. And to do it, is that what you are looking for is this visibility that we talked about, or both activities under the state of controls, that being able to make sure that all of these controls across all of these devices across all of these users across all of these systems delivered in all of these different ways are consistent and neat with what your policies say that you can find anomalies both in existence and inactivity.
So you can rapidly take remedial election, and you are able to produce reports that not only may, it can be used to demonstrate compliance to your auditor's, but can also give you a warm feeling of assurance that things. Okay. So in terms of bringing it all together, you need to have some kind of centralization, because if, if you look at all of these different ways in which the services are being delivered, all of the spaghetti of the network that exists and, and so forth, you need to be able to bring it together. So you need some kind of bringing together all of your management of these policies and events, which gives you this overall governance. And so in order to secure your digital transformation in this hybrid world, there are five critical steps. The first is you have to understand what your risks are, and that really comes down to understanding what is valuable to your organization so that you can make sure you prioritize your protection, all the things that are most important that you then based on your risk appetite are going to set a set of policies where you're going to have a consistent approach to looking at removing vulnerabilities, controlling access, protecting assets, and detecting anomalies, as well as responding to incidents.
You need to have a very clear understanding of how the responsibilities are shared between you and the service providers, and make sure that you meet your obligations, as well as assuring through this governance process, that the providers meet theirs and then use best practices to implement zero trust and use use the capabilities that are provided by the services. Because often the cloud services provide lots of functionality to secure them, which people don't use or go onto ware and control access, protect your assets, and detect and respond to the threats. And finally monitor performance continuously to make sure that you are able to see where you are to make sure that you're not getting worse and ideally to continuously improve things. And so in summary, in the age of COVID-19 digital transformation depends upon you securing your hybrid. It and digital transformation has become the vital tool that is enabling organizations to survive in this coronavirus epidemic. And zero trust is an essential element of that security, but this hybrid estate increases the complexity of management and the key approach to this is to how a proper governance based approach based on policies, and to look for tools that will help to bring together all of the various systems for which you are responsible. So with that, I'm now going to hand over to professor Abishai wall over to your professor
And hello everybody. I hope you can see my screen and professor and happy to be with you today. Mike said this at the beginning, but let me remind you if you have any questions, just shoot them in the chat and we'll try to get to them at the end or if throughout, if I can respond. So by all means ask, okay, so here's what I have prepared for you for this afternoon or morning, wherever you are securing digital transformations, I'm going to focus on network security. And so just to remind ourselves, the modern customers network it's hybrid, just like Mike said, they've had for many years, you've had for many years on premise traditional data centers, but these days you probably have them virtualized and you have additional network security controls in your virtualized data center, like VMware NSX or Cisco ACI, and also many organizations are moving towards the public cloud to infrastructure as a service providers like Amazon and Microsoft.
And the trend is very clear applications and their data are moving from the traditional data center out toward the public cloud. Now, this slide I borrowed from Amazon, this is their view of how network security works in the cloud. And this relates to what might call the shared responsibility model. So this is Amazon's view of the shared responsibility model. You can see at the bottom here, all the services that Amazon provides and their words say that they are responsible for securing this part, this storage, the databases, the regions, whatever, everything above that in light blue and green, that's yours. Okay. That's your application, your platform, identity management, operating systems, firewall, configuration, et that's on you. They don't do that for you. You have to do that. And statistics, yeah. Tell us that 97% of Cod security breaches happen because as customers make mistakes, or this is a fake statistic, but it's still true.
And so really the shared responsibility reasons, absolves us very little in terms of what we need to do as, as users. This is our data. It's our systems. We can rent computers from Amazon, but we still need to configure and, and protect them. And what we do with Elvis, like we care about the networking, the firewall, and filtering around the data center and around the cloud, the state. So that's our focus. That's what I'm going to be talking about today to get us there. It was a motivating example of what we need to worried about in 2021. Let's look at everybody's favorite attack, vector ransomware, which if you've been following the news lately, you can see that it's everywhere.
So how does ransomware work? Basically it has a few steps. It starts by a first victim, computer being infected. Somehow you get to a malicious email, you visit the militia site. There are many ways to get your computer infected. And once that happens, once that first victim computer is infected, then the malware, it goes into a new, basically it encrypts the local file system of that and whatever network file shares, it can reach. And then it starts to move laterally, move sideways. It jumps from computer to computer over the network, looking for other computers to install itself on and whatever finds another victim computer to install it so far, then it does. So, and if this vicious cycle goes on long enough, eventually something important is going to get encrypted. And the system is going to the organization, systems are going to start shutting down.
And if the criminals have their way, then you're going to college, pay the ransom, and then they actually usually deliver the decryption key and get you back to the work. Otherwise, you know, they're not providing a very good service or the anyway, this is how it works. And what I want us to do focus on is this move laterally parked. Okay. The first where the victim comes, the first victim computer is infected. That's, that's difficult to protect because users can be tricked in many, many different ways, but all the other steps, those we can do something about. So here's what it might look like, right? You have suppose you have your first infection infecting a computer of a user working from home. Everybody's a mode of work these days, just like Mike told us in, in COVID-19. And then the working from home employee connects to some cloud-based application that they need to use.
Like, you know, maybe they have to clock their hours and that connection maybe allows the malware to jump into the state. And then from there, it jumps to another area and eventually it might get to the financial database. And then the attackers really have one because they, they got you where it hurts. Okay. Now the point I'm trying to make here is that this first step is probably not under the organization's control. This happened because somebody over here, the employee in this case made a mistake or was tricked or who knows what, but all these lateral movements that step 1, 2, 3, et cetera. These are steps that go across the organizations networks. These are our networks, and we should be able to do something about this.
So this is where micro-segmentation comes in. It's all about reducing the attack surface and micro-segmentation is really very, very closely tied to zero trust that Mike talked about now, zero trust is a broad term. It's, it's really a philosophy. It's not that technology basically says that no traffic, no communication, and no individuals should be trusted regardless of whether they're outside or inside or whatever don't trust. Okay. When we look at network security and we're considering micro-segmentation, then micro segmentation is actually an implementation strategy of zero. Trust is the modern equivalent of by default deny. Okay? So you organize your network in a most micro site. You meant fashion there, boy, and you were implementing zero trust at the networking level. It doesn't mean you're done. You have other things that you need to do, but it's a very efficient. And what do you mean? I really want to think about when you're looking at micro-segmentation is, you know, this is a blueprint.
You have to organize your network into multiple segments so that you can control internal east-west traffic. And once you define your segments, then you need to activate traffic filters for all traffic crossing, these segments inside each segment, you allow traffic to go unfiltered, but when traffic, so it goes from segment to segment. You want to deploy some policy and then you don't have to write policies to restrict this traffic. So it's not anything it's only things that are necessary for them. And to put this in a slide, this is what it looks like. Same path of lateral movement that we saw before. But now every place where we have a jump from area to area, to area in the network, we put traffic filter and we deploy policy. And if we can do that, we can restrict the blast radius and ensure that traffic that is malicious doesn't manage to go from anywhere that it wants, if it's restricted to where it lands.
And so the PowerPoint is really easy. It looks, it looks really simple. I mean, what's the problem and putting on a few icons on the slide in reality, not so easy. Okay. This is not new. This, this idea has been around for years, but it hasn't been deployed very widely because it's not really that easy to do. So let's think about the standard excuses. Okay. Why wasn't it done you know, 20 years ago? Well, the reason is that in traditional data centers to do this kind of segmentation is challenging. If you use, let's say traditional firewalls, virtualized, or standards to do this micro-segmentation then typically you need to do things like reassign. I get addresses, change, routing, defined villains, maybe God forbid, layout new cables. It's difficult, it's expensive. So it's hard work. And therefore people have not done this in massive amounts, but even though everybody should know that it's a good idea.
Fast forward a few years, not to 2021, but let's say to 2010 or 2015, we now have software defined data centers. These kinds of environments come with filtering capabilities that are baked into the networking fabric. So if you have such a data center, you don't really need to do all of those, all those hard things, you can configure your network and deploy filters using software defined controls. So it's basically code and clicking your mouse a lot easier than what it used to be. So those old excuses are gone. And in fact, pretty much all the modern data centers, whether they are virtualized on premise or whether they are in the public cloud, which is today's topic, have these capabilities. If you go to Amazon, if you go to Michael, you're already paying for filtering capabilities. They're there. If you rent their computers, you also got the benefit of using their security controls and you should, and these security controls are included in the price.
You don't need to do anything besides configure that, but having the technology doesn't mean you're done. You still need to configure it. You need to use it and you need to use it, right? So now we're onto the next set of challenges of how do you do this? How do you approach this? There's such a project when you're moving to a cloud-based environment. All right. So the challenge I want to bring to your attention is that you need to write children's policy. Suppose you figured out that you can use the platforms filtering capabilities, and you can write rules saying, what do you want to allow and what you do not want to allow? So what are the rules that you're going to write? What's the filtering policy going to look like? Fundamentally this policy needs to allow all legitimate business traffic and nothing else. Okay.
So to do this, you just need to know the intent of all the legitimate traffic in the data center. So you can write the policy to allow, I mean, imagine you have your traditional data center and you want to move some applications from your data center to the cloud, and you want to secure it. Once it's in the cloud, you need to be able to write the policies for the cloud environment. And for this, you need to know what traffic you have in the data center and what it's for. And then you can write the rules to allow it in the new environment. Okay, fantastic. So obviously, you know, you and all other organizations have perfectly accurate records of all the application flows that are running through your data center. And if you and maybe, and it's probably also all machine-readable, so you don't even have to type it up, it's just there.
And therefore you just import this into your Amazon estate, then you're done, right. Well, maybe you belong to such an organization. And if you do well done for the rest of us, not so clear, most organizations that I'm familiar with don't have such wonderful record keeping and they have some kind of data center that does things. And there are businesses working just fine. But if you look at all the network flows running through the data center, it's quite unclear what they're for and what each of them are, is doing. Why it's there, what's it? What is a particular connections intent? So what is necessary in order to go through this process of transforming the environment to a cloud-based environment is first of all, to detect all these flows, there are tools do that, going to get the very long list, thousands or hundreds of thousands of connections saying IP to IP with boards.
Then, you know, you have to take all this information and annotate it and add your application name. This is what I do call the intent. Why is this flow there? And then you're probably going to find out that you have too many of them. If you want to use that amount of information and maybe back into a security policy that you can deploy into a filter, you're going to find out that there's too many. You cannot deploy a hundred thousand tiny thin rules into an Amazon security group will not allow you to do that. There's a limit of, I don't know, 200. So you can't, you cannot just take this raw data and use it. You have to massage it first. You have to aggregate it and optimize all these thin flows into a smaller number of fat flows that are, there are a few know I told them that you can actually deploy is as a filtering policy.
So this takes some know-how and, and we at algosec can help you do this because if you take a data source that provides this list of things flows from, let's say from a net flow source, which you probably have, or if you use something like Cisco Tetration or, or garden core or other tools that allow you to discover the rules and network traffic and provide it into algorithmic auto discovery. Then we have our own algorithm that first of all, annotate, Agra, Oregon, and I sent him into business services and then optimize them from thin flows to fat flows, which can then be imported into the August after the system. And from there, they could be managed and deployed to the filters. And if you follow this type of process, then you end up with micro-segmentation know-how you know what you have, and then you can manage it much more effectively with this.
I want to show you a couple of tiny little demos to make it real. So let's first look, we'll get a use case of discovery of intent. This is now gonna say after the system, there's a nice button here called automotive discovery. Look on that. You get what I call all these thin. This is coming from NetFlow, coming from somewhere VMware or router or packet, or we get thousands of these IP to IP with service, et cetera. What do you do with them? Well, what we do with them as we organize them into equal business services, we can say, oh, among all of them, thousands of connections, some of them have relationships. We find that the particular IP address and the destination of one connection and the source of another. So they might be connected and that it's close in time. So we correlate them.
We have our, a magic sauce to do that, and we can identify automatically what's related to what. And then we import that into actress and aggregate the Finch flows into fat flows. Like you can see here, we have multiple addresses in one fat flow, and it gets into an application in the application portal. You give it a name. You say, this is not just a random set of connections. This is commercial banking. Now it means something you can associate some contact information and you've learned a lot. And now you can actually take this and migrate it to the cloud. Should you decide to do so? Okay. Now the next step is how do you manage and maintain these policies in an ongoing fashion? It's all nice and wonderful that you capture the intent of traffic today, but tomorrow the application developers are going to come out with a new version and it's going to change, right?
So what do you do then? Well, I will say works with that as well. And here's what happens. This is, again, the app is view a where you can see all the flows, supporting a particular application. This is a different one billing application right now. It has two flows and you can edit them. You can say, no, I want, I want more, I can add additional. I can add a third flow here, allowing the invoice server to talk to the customer database, using Postgres QL, and hit save changes. I'll go sec identifies the exact difference between what was there before and what is now desired and sends that off for implementation, sends that off as a change request to the networking team. So these are other people that are in charge of making it happen. Now, if we switch gears and look at what those people will see, well, they will see that AlgoSec says that they need to modify a few devices to allow this request.
And you may wonder, how does I was like, no, why did we identify these three devices and not others? So we have this nice find out why, if you click on that, you see really the power of the AlgoSec system. What we see here is really the results of what we call the traffic simulation query. We actually simulate what this desire traffic will go through in terms of networking. If it actually makes it sweet to the network. So it's going to start from this green flag, and then it's going to travel in these different directions across this is across the, on this case, the Microsoft Azure area. And then it's going to reach some internal network and it's going to meet a bunch of devices along the way that are going to filter it. There, there, there are some security groups in the Microsoft Azure environment that are filtering this traffic.
And then there are going to be filters in the data centers. We can see end to end whether the traffic is allowed or not. We can see that some of these systems have a green border in which means that they're allowing this like with ethical traffic, but there's at least one that's blocking it, this ACI device in the data center. So to allow this traffic, we need to modify just that and not the others. And algosec is there to assist you in doing so. First, there's a risk check to make sure that we're in line with the governance requirements that Mike told us about before. We need to make sure that this hypothetical change is not going to break any kind of regulation that we're supposed to be adhering to in this case, no risk to detected. So we can just go ahead and approve this.
And once it's approved, now, we actually have to implement it wherever it needs to go. And Elvis helps the engineers do this as well, where I'll go say creates a work order indicating to the engineer exactly how to do this. Using the language of the device, that's going to be implementing the filtering and using all the existing definitions that are already there saving a lot of time in that. And in fact, Elvis like has this incremental devices button where you click on that, I'll go sick users. The devices API is and pushes the changes into the device, completely closing the loop and making sure that it really works as can.
And with all of them, that'd behind us. Let me just summarize and say that micro-segmentation is really key to tight network security, especially when you're moving towards a cloud-based environment. It's truly crucial. And having the technology software defined networking or the cloud infrastructures, filtering capabilities is an enabler. It's crucial, but it's not enough. It doesn't mean that all your challenges are gone. You still own the responsibility of configuring these capabilities and using them so that they fit your business. And in order to do that discovery of intent and segment definition, and initial policy definition, those are all important steps to be able to use the filtering technology that's available to you. And once that's done, then you're in maintenance mode. You need to worry about east-west traffic and north, south traffic and changes to it that happened every, every week. And I can help you with that as well. And with that, let me hand it back to Mike. And if there are any questions that you have at all now is a good time to ask them, thank
You very much, indeed. Professor wall. That was a very interesting, so now we have the opportunity to have some questions. So if any of the participants would like to ask any questions, please, will you use the question and answer tool to do that? So, in, in the meantime, I mean, there, there are a whole series of very interesting points that you were making there. And so one of the things that is, is clear is that while the, the, the technology and, and the, this heterogeneous hybrid world we're living in introduces new challenges. So what do you think, what would you say are the most important challenges that come from this heterogeneous hybrid cloud-based world?
Well, I would say that having new controls makes the lives of the operators much more complicated. Maybe the people are trained and know how to use their traditional firewalls. And now they need to support Lou constructs, whatever is available on Amazon and Azure. And these are a similar in concept, but not exactly the same. And you need to, you need to know how to operate them so that it takes expertise. And from a governance point of view, really from the auditors or the governance point of view, you don't need to care whether the environment is protected by technology a or B. You just need to know that you're protected and you need to be able to see the whole picture at once using technologies that give you a uniform view of this state and not just point solutions showing you what you're doing here and here and here separately. You want to see everything in one place using the same language and without the need to get into the specifics so that you can show, let's say your ISO auditor, that you're really in control, and you don't have to get to the level of device a or device B.
Yeah. So, so from the perspective of the products that you have, you're saying that this, this works as well with the kind of firewall, or shall we say software defined network appliance in AWS, or as your, as it with Cisco?
Yes, that's exactly right. That's kind of the whole point.
Yes. And that starts a really a critical thing. And, and so do you believe that organizations are properly implementing the, the segmentation within the clouds that they are using?
Well, I would say that after their own devices, absolutely not. It's, it's been the case that in a hundred percent of customers where they deploy an algosec solution and, and get our commentary on, on what they have, we always find risks. We always find misconfigurations very common. It's so common that I've never seen an environment where we didn't show significant risks. Once we deploy our, our, our solutions. It's just human nature. It's a, there's so much to control that people either out of unawareness or out of laziness or assumption that it's somebody else's problem, just misconfigure things. And these things, these kinds of misconfigurations can be really, really expensive in terms of damage. So, yeah, the state of network security in general is, you know, not good and always up for improvement.
Is, is it possible to manage temporary firewall access with an integration of a Pam last, a privileged access management tool?
Well, I would say that not exactly type solutions, primarily control log-in credentials, I mean, typing in user password and so on and, or some other authentication mechanisms and Pam puts policy around that. That's very important. It's not the same as what I'm talking about. This might be useful when you want to control access management access to a firewall. So if you have a old school type firewall like a Cisco or a Juniper that you connect, you're using the command line, then Pam would be a reasonable path to control access of the administrators, to the firewall, modern firewalls, and certainly firewalls that you find in the cloud don't work like that they're all API based. You can't just SSH into them and start typing commands. You have to authenticate using their web user interface, or if you wanted to do it programmatically, then you need to authenticate using some other mechanism. This is what our software does. So if that's the environment that you're working with, Pam is the solution to a different problem, let's say.
Yeah. Okay. Thank you. So FedEx, if you want to add any supplementary questions, please feel free to, to do that. If you've not had a sufficient answer anyway, it's possible that a professor will, could get back to you later afterwards. And, and so looking at other things now, obviously if you go to all of the big vendors of the, the sort of network equipment that you find like Cisco and so forth and checkpoint, so do they actually provide a enough and what all they doing, or how are organizations, or how do they think they are using these things to protect the public cloud access?
Okay. So the products that you mentioned and many others from Alta, from Juniper, from 49, they're all excellent products. And, you know, they've, they've had years and years of experience in, in creating solutions to filter. And pretty much all of them have offering that are specifically for the cloud. So you can deploy a checkpoint device within your Amazon or within your Azure environment. You can deploy a Palo Alto as well, and fortunate. They all have cloud ready solutions that you can deploy in your cloud and, and many organizations in fact do exactly that. And this is on top of, or in addition to the native controls that the firewall, the, the platform vendor offers.
Now, since you have, you have both at the D at your disposal, you should really make an informed decision of which, which you want to use in which, in which scenario, broadly speaking, the controls that you get from the platform vendor are sometimes basically free. You already paid for them with a subscription. So you may as well use them on the other end. They're typically less sophisticated than the level of capability from a feature perspective that you get from an traditional firewall vendor, like checkpoint, Juniper, Cisco coordinate, et cetera. So it really is a choice of, you know, features versus that versus cost and comfort. What are you more familiar with in terms of managing, but these are, these are the quiet types of questions that you need to be asking yourself, how am I going to do protect my environment? Should I use the, the built-in controls? Should I bring in a third party firewall on top of that, everywhere, somewhere, just at least parts of the network. How am I going to deploy them? How are they going to interact? So these are all important questions for you to consider.
Okay. So I think we're now within a minute of, of ending. So perhaps what I w what I would like to ask you is to say in your final comments, what are the top things that you would advise people to, to go back to their organization and do, having listened to this web webinar? What are the top top things they should do?
Well, if they're, if organizations are moving, if you're moving applications to the cloud, then you need to discover, you need to understand what you have. You need to understand what controls are going to be at your disposal in your target platform. And you need to plan this project so that when you end up with a system cloud-based system, it's, it's as secure or even more secure than the environment that you have in the old school. And you can achieve this. It's quite doable. But if you don't think about this, you think that it's just magically going to happen. You, you might put yourself at risk of appearing on, on the front pages of media as being hacked, and, and nobody wants that. So it can be done securely. It can be done in a reasonable way, but you need to think about this planet and do it properly with all the controls in place, educate yourself, you know, listen to webinars like these and, and do your homework before you go and jump in.
Okay. Well, thank you very much, professor wool, and thank you very much to all of the participants for joining, and I wish you all, a good health and a successful rest of your day. Thank you very much, everyone. Thanks, bye.

Stay Connected

KuppingerCole on social media

Related Videos

Analyst Chat

Analyst Chat #106: 2021 - A Retrospective

Paul Fisher and Matthias present their very subjective summary of a really special and, in particular, especially challenging past year, 2021. They cannot do without the word 'pandemic' after all, but they also try to reach a first perspective on the year 2022 from the past 12 months.

Analyst Chat

Analyst Chat #74: The Influence of PAM on WfH, and its Influence on PAM

Building on the first three podcast episodes of this series with Annie and Shikha, Paul Fisher and Matthias turn their attention to the Privileged Access Management aspect in the context of WfH and its Cybersecurity Threat Landscape. They look at the role PAM plays in the particular WfH…

Analyst Chat

Analyst Chat #73: Cybersecurity Vulnerabilities of Remote Work

Shikha Porwal and Matthias Reinwarth have a coffee conversation over the security risks of working remotely. They talk through the vulnerabilities of a home network, and touch base with the pandemic related end point security threats, employee behavior and finally, Zero trust.  

Analyst Chat

Analyst Chat #72: WfH Global Technology Trends 2021

Annie and Matthias continue their conversation on the COVID-related trends in 2021. They conversate about different technology and internet usage trends, and also mention some potential topics that will become more prominent in the future as a learning from these trends.

Analyst Chat

Analyst Chat #71: Cybercriminal Behavior in the COVID Era

While the world tries to cope up with the on-going pandemic, cybercriminals have got their hands on a gold mine. Annie and Matthias sit down again to chat about the overall picture of cyberattacks, including COVID-related lures.

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00