Event Recording
Panel - Accelerating Digital Transformation with Secure Cloud Access
Log in and watch the full video!
Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.
I have an account
Log inRegister your account to start 30 days of free trial access
RegisterSubscribe to become a client
Choose a package
Let's directly jump into our panel and welcome my three panels I have from the virtual stage today, which are Matt Beski, who's senior director of product management at, for truck, which are SES app CSO, Europe of Palo Alto, and arrived, met who's AVP, EA of so welcome to you. And I I'd like to ask everyone of you to give a very short intro of yourself, maybe quickly describing what you're doing exactly, and also how you, what you're doing, maybe fits to the topic we have for the panel, which is accelerating the children transformation with secure cloud access. So let's get started maybe Matt Serge and then Ry.
Sure. Martin, thanks for the introduction. I'm Matt Brazinski. I'm the senior product manager here at, for drag, and I've been in identity and access management and security for the past 20 years. And I'm just amazed at how much it continues to evolve and how it's become more and more prevalent and important to make sure you have a secure identity. As the perimeter is falling and applications are moving to SAS and SAS services. You no longer have a security defense around along those lines. You also see many more things needing identity. So for me, it's exciting to be in this space as you see the evolution of identity and how it infiltrates all digital types of transformation in the industry.
Okay, Sarge,
Thanks. So SAB I'm chief security officer for center, but Palo Alto networks tried to be, you know, CSO in a security company, which is, which is a really interesting and tough experience beforehand. I worked for the, for the last 13 years at one of the leading financial institutions building and leading cyber defense group. And I think identity as such and in general, security is changing very much towards identity based security, simply because, you know, in this complex decentralized role, we have to be aware at any point in time where the identity is is at, at, at the moment, what is the identity is trying to do? How is it behaving in order to distinguish between malicious identity and not malicious identity? So thanks for being here.
Okay. And alright.
Yes. Thank you very much, Martin. My name is Ray Mait. I'm VP for bit glass in EME, a I've been in the industry for 30 years and I guess it's very interesting to see how the, the technology curve, if you like changes all the time. So if you look back sort of, you know, into the nineties, really, that's when we were sort of building perimeter to lock down our, our networks and that's carried on really for the last sort of 25 years. And we're now going through a rapid phase of change where, where to do business. You've got to involve the cloud. Most companies have gone to the cloud and they have some sort of hybrid bottle at the moment. And the challenge is, is how do you lock that environment down now you've lost your perimeter and, and that's hopefully where I'll be adding some value to the discussion today. Thank you, Martin.
Okay. So now let's directly get started. I'd like maybe to start with a question which is more on, where do you see organizations with, with businesses? Most of them currently declare cloud first strategy. Reality is that software cloud first just shifting a little bit of workloads up to the, to, to, to a data center. So shifting some virtual machine somewhere in the private cloud data center and then call it cloud. So on the other hand, I see as a little bit of a shift momentum with the pendulum swing a little bit back with more edge computing, etcetera. So maybe to you, the question from, from what you observe in, in the industry, and you all have your insights into organizations, where are we with full or hybrid cloud or back to the edge or whatever, maybe arrive you start and then Sega and Matthias.
Okay. I I'll start. And just, I'll just give you observations of what I see when I'm talking with prospects. So number one is I don't believe there is any organization which is not hybrid. So it's, it's virtually impossible to stop the cloud usage within, within your user base. So they've Al they've also, I guess, many, many companies that they've invested so much time and effort if you like in creating VPNs in this, in this secure perimeter that they see, you know, they see the, the security challenges, but I think they underestimate how fast they need to change to be able to, to actually secure their organizations. So, so the issue really is, is huge investment in, in a, in a perimeter. They know that the, that the business works better when their employees are accessing various different applications in the cloud, outside of the network, we have a situation now where most employees are forced to work outside of the network. So how do you bring the happy medium of allowing them to access corporate data, which is, which is restrictive, which they don't want to be shared, but allowing them to do their jobs and use applications outside of the corporate network.
So it is, it is, it is really about bringing together a, a cybersecurity, which has been built for old parameter based security with the, the reality and the demand of the business. So certainly what are your observations here?
Well, I think in our two points, perhaps, first of all, to comment on, on Rife's, you know, statement that he's saying, there's, there's really like a multi-cloud world. And I think this is, you know, we should have multi-cloud being, being law for security, right? Because even, even the big cloud providers are multi-cloud because they're doing acquisitions and they have to understand how to secure this other companies. I think that's, that's pretty clear. Second, how could this environment be secured? Well, it's a big deal because for most of the companies they have now, not just one, you know, on premise environment, they're fundamentally a completely, a new environment in the cloud, which has to be secured differently because of the abstraction of it, because of the different ways, how as well to, to manage all that. And then the second, you know, third force pillar, you are getting as well, potentially some other clouds being introduced as well. Right. So I think really stepping a couple of steps back and trying to understand how do really going to cope from strategically from business architecture. Point of view with this environment is fundamental at that point in time, rather than trying to be react as we've been in the security industry for the last 10 years.
Okay, Matt.
Yeah. So, I mean, I'll echo everything that, that was already said. And, you know, we just did an identity live webcast at, for truck where 86% of our, our respondents said that they plan on being in a hybrid or a multi-cloud environment for the next five years. Right. So there's a lot of people out there that think they can get to the cloud right away. And that's just not the case. And, you know, we see our customers wanting to leverage the cloud to do, to gain all those quick business agility, introduce new things, stuff along those lines. However, if you don't have a, a unified security policy or an identity management solution that can enable those applications quickly organizations, aren't able to reap the benefits that these SAS offerings have. So what we're really seeing is that there's people who are now planning, how are we going to secure our environment for the next five to six years? This isn't like a, a temporary stop gap thing. It's something we have to plan for to be in, in existence for a while. So we're seeing a lot of the same things and identity is central to that, right? It's no longer about the VPNs. It's no longer about the firewalls, as much as it is around who are you, what are you doing and are, and should you be doing that at this time?
Okay. So I think we all agree on that most business will remain hybrid. And what I'm also saying for, for quite a while, some businesses under really a couple of businesses will remain hybrid forever. So if you have a manufacturing, then, then you have some parts which always will be in some way on premises. You might call it edge and, and give it some, some shiny broad name and, and declare it as some sort of cloud. But in some ways we in between, and it's at least hybrid. And I think that is the reality for many businesses. And so, so when we look, look at this from a, from a security perspective, which other the ways, so, so Matt always brought, already brought up digital identity as an important element. So what are the elements you see as, as essential to securities hybrid and also far more volatile environments than in contrast to what we did earlier. So maybe Sega you start and then we move forward.
Oh yeah. I think, you know, I can answer to that question like for the next two hours, but I think just to be short, really, first of all, we should start with culture and mindset that that's really important to be able to understand. And I've talked about that in my talk that security has not just focused on production systems, but more on development. You know, UT processes security by design shift left. All those principles are really, really important. First of all, to ensure that the speed and the pace of DevOps multi-cloud can be tech off from the, from the beginning on, I think second, we have, you know, considering this multi-cloud environment, we have a couple of pillars where we have to establish a baseline, a centralized baseline and centralized identity based policy is, is definitely, you know, one of the, of the steps forward to do that.
And on the second, you know, the second layer understanding also, how do you really enforce this policy across of, of your multi-cloud environment in a consistent way? So policy is code the sort of principles are becoming very important, but also trying to understand how you're going to leverage the existing controls to do that. So I would like to challenge a bit, you know, the comment that the firewall was dead. I don't think it's really the case simply because we are going to live with our on premise environments for the next 10 years. And what's happening on premise. The it landscape is growing right? The, the shadow it sometimes up to 60, 70%. So fire was just one piece, one control, you know, among other controls have to take into consideration.
I think, I think there was, was the saying firewall is that, but clearly the role of the firewall is changing and other things are, are getting more and more important. And, and I also would say that the, that the place where the firewall resides in some ways changing. So we see a lot of endpoint security where firewalls are playing its role. We see it around the edge where, where firewalls play, and also honestly, for, for the areas which we need to protect. And we still have our private clouds, all the other things, clearly they are in some way, they are still parameters. And without firewall, we would have a huge problem. I I'm absolutely convinced because it's one, one of our layers of defense. No doubt about it, right. Your perspective on that.
Yeah, it's interesting. So I totally agree with the identity based contextual based role access. And it's quite funny to, to, to, to, to, to step back maybe 10 years, because we went through this scenario once before in the networking world when we actually dived into wireless. So I spent seven years with Aruba networks where we developed identity based contextual, contextual access. And I guess where we are at the moment or where we are in, in, in, in the CASBY world is very much applying that contextual access around, you know, about users and taking that and, and building policies around that contextual access. So, so those users are allowed to access certain systems from certain locations, with certain devices, with an deep device, or with a, with a, B Y O D device, but will be given certain security perimeters based on, on their contextual access. And, and that solves a lot of problems. And, and I guess it, it solves problems with, with cloud access, if you're going through a proxy, but if that same solution then supports VPN technology, which is non HTTPS. So we can actually access mainframes on site through a firewall, we then have a cloud based solution that actually does actually fit the hybrid market very well. Indeed Martin.
Yeah. And I, what I found interesting, you know, you, you're Richard sending vendors from three different market segments. So we have Palo Alto, big glass Palo Alto known from next generation firewalls, for instance, and a lot of things more than that today, but last with the CASPI fraud from an identity perspective. But I think you have two common nominators at least the one is context. And the second is policy. So across all of these things, it's always about the context. So when I go back to, to, in the history of Palo Alto with next generation firewall, it was bringing the context into the equation. Caspe you talked about context, identity met already brought up the, the context. I think these are two, two elements, which are really essential. And, and by the way, I, I have, I have a strong belief. We need to do more with policies because at the end policies are simple to describe and we can enforce them and, and translate them to each.
And every level we can say, okay, this is the policy. These people are allowed to do that or that or not. And then we can translate it into let Claire was firewall rules. We can translate 'em into Casper rules. We can translate them into our vacation rules. So if we, if we come to the way we handle and use policies and consolidated, and I think that's good goes back, what, what you arrive said arrives that, that, that is something that where we can make huge progress across all these areas. And we need all these elements from my perspective in security, maybe Matt bring in your perspective, and then we are already close to the end of the time we have for this panel. And wow,
Wow. This was a, a great conversation. You know, know one of the things I wanna talk about Martin, you mentioned the edge clouds and, and how are they gonna impact? And I, I think there's a lot to be said about doing security at the edge is as, as has already been discussed, you know, we now have such an explosion in scale of identities that need to be managed between I T between, you know, the, the human devices. Now, everybody has mobile devices. They don't have laptops anymore. People are doing moral, their mobile devices. Every microservice needs an identity. Kubernetes containers need an identity. There's just an exponential growth in, in identities to be managed and to be able to scale effectively and not introduce a ton of latency, you need to be able to apply those policies and decipher that context on the edge without having to go back to that central, that central identity server, that central identity policy engine.
So as, as we, we look forward, edge computing is gonna be much more important in being able to provide and apply security there. I, I also think with the, a advent of 5g, you know, consumers and, and employees just, aren't gonna settle for latency. And when you look at what's gonna happen over the next horizon in, in 2021, I think you need to start thinking about how COVID has shrink your digital transformation timeline, and how are you gonna be able to provide the best experience for your consumers on an online experience? I think this is an opportunity for up and coming providers. People that might not have a huge physical presence as, as commerce shifts to, to online, but it's also a, a challenge for people that are used to doing their business in person. How are they gonna be able to provide that same experience and build that same brand awareness online? So I really think the edge in being able to provide that great experience without latency is gonna really become important as 5g picks up and, and people are using their mobile devices so much more.
Yeah, I think we will see a lot of, lot of change. So to, to wrap this up or to come to an end of this panel, maybe every one of you could give a, a very short single recommendation, what he feels is most important. So for accelerating the true transformation with secure cloud access. So really a very short, concise statement, right. And that, and their game.
Yeah, sure. So I think if, if you know, you, you are looking at, you know, if, if you've accepted the fact that you're gonna be going cloud, you need to look at security before you even embark on that journey. I mean, it, it's, it's, it's a OUS journey, but if you have the, this security wrap down in terms of identity, you know what you're gonna do, you know, what policies you're gonna use then I, I think you could make a better, better stab at digital transformation,
Matt.
Yeah. I, I agree a hundred percent that you have to bake security in, and I think it's even more so that you need to think of security as an enabler, so that as you're going through your digital transformation, you can quickly and easily apply security and policies to all the new services that you wanna put out there, so that you're going to achieve that business agility and those lower costs that, that you're looking for. So to me, think of security as a business enabler and how you're gonna have one policy set across your, your cloud and your own premise and multi-cloud environments. Okay. Start again.
Well, I think, you know, pretty, pretty clear recommendation from my point of view, we.
Sure. Martin, thanks for the introduction. I'm Matt Brazinski. I'm the senior product manager here at, for drag, and I've been in identity and access management and security for the past 20 years. And I'm just amazed at how much it continues to evolve and how it's become more and more prevalent and important to make sure you have a secure identity. As the perimeter is falling and applications are moving to SAS and SAS services. You no longer have a security defense around along those lines. You also see many more things needing identity. So for me, it's exciting to be in this space as you see the evolution of identity and how it infiltrates all digital types of transformation in the industry.
Okay, Sarge,
Thanks. So SAB I'm chief security officer for center, but Palo Alto networks tried to be, you know, CSO in a security company, which is, which is a really interesting and tough experience beforehand. I worked for the, for the last 13 years at one of the leading financial institutions building and leading cyber defense group. And I think identity as such and in general, security is changing very much towards identity based security, simply because, you know, in this complex decentralized role, we have to be aware at any point in time where the identity is is at, at, at the moment, what is the identity is trying to do? How is it behaving in order to distinguish between malicious identity and not malicious identity? So thanks for being here.
Okay. And alright.
Yes. Thank you very much, Martin. My name is Ray Mait. I'm VP for bit glass in EME, a I've been in the industry for 30 years and I guess it's very interesting to see how the, the technology curve, if you like changes all the time. So if you look back sort of, you know, into the nineties, really, that's when we were sort of building perimeter to lock down our, our networks and that's carried on really for the last sort of 25 years. And we're now going through a rapid phase of change where, where to do business. You've got to involve the cloud. Most companies have gone to the cloud and they have some sort of hybrid bottle at the moment. And the challenge is, is how do you lock that environment down now you've lost your perimeter and, and that's hopefully where I'll be adding some value to the discussion today. Thank you, Martin.
Okay. So now let's directly get started. I'd like maybe to start with a question which is more on, where do you see organizations with, with businesses? Most of them currently declare cloud first strategy. Reality is that software cloud first just shifting a little bit of workloads up to the, to, to, to a data center. So shifting some virtual machine somewhere in the private cloud data center and then call it cloud. So on the other hand, I see as a little bit of a shift momentum with the pendulum swing a little bit back with more edge computing, etcetera. So maybe to you, the question from, from what you observe in, in the industry, and you all have your insights into organizations, where are we with full or hybrid cloud or back to the edge or whatever, maybe arrive you start and then Sega and Matthias.
Okay. I I'll start. And just, I'll just give you observations of what I see when I'm talking with prospects. So number one is I don't believe there is any organization which is not hybrid. So it's, it's virtually impossible to stop the cloud usage within, within your user base. So they've Al they've also, I guess, many, many companies that they've invested so much time and effort if you like in creating VPNs in this, in this secure perimeter that they see, you know, they see the, the security challenges, but I think they underestimate how fast they need to change to be able to, to actually secure their organizations. So, so the issue really is, is huge investment in, in a, in a perimeter. They know that the, that the business works better when their employees are accessing various different applications in the cloud, outside of the network, we have a situation now where most employees are forced to work outside of the network. So how do you bring the happy medium of allowing them to access corporate data, which is, which is restrictive, which they don't want to be shared, but allowing them to do their jobs and use applications outside of the corporate network.
So it is, it is, it is really about bringing together a, a cybersecurity, which has been built for old parameter based security with the, the reality and the demand of the business. So certainly what are your observations here?
Well, I think in our two points, perhaps, first of all, to comment on, on Rife's, you know, statement that he's saying, there's, there's really like a multi-cloud world. And I think this is, you know, we should have multi-cloud being, being law for security, right? Because even, even the big cloud providers are multi-cloud because they're doing acquisitions and they have to understand how to secure this other companies. I think that's, that's pretty clear. Second, how could this environment be secured? Well, it's a big deal because for most of the companies they have now, not just one, you know, on premise environment, they're fundamentally a completely, a new environment in the cloud, which has to be secured differently because of the abstraction of it, because of the different ways, how as well to, to manage all that. And then the second, you know, third force pillar, you are getting as well, potentially some other clouds being introduced as well. Right. So I think really stepping a couple of steps back and trying to understand how do really going to cope from strategically from business architecture. Point of view with this environment is fundamental at that point in time, rather than trying to be react as we've been in the security industry for the last 10 years.
Okay, Matt.
Yeah. So, I mean, I'll echo everything that, that was already said. And, you know, we just did an identity live webcast at, for truck where 86% of our, our respondents said that they plan on being in a hybrid or a multi-cloud environment for the next five years. Right. So there's a lot of people out there that think they can get to the cloud right away. And that's just not the case. And, you know, we see our customers wanting to leverage the cloud to do, to gain all those quick business agility, introduce new things, stuff along those lines. However, if you don't have a, a unified security policy or an identity management solution that can enable those applications quickly organizations, aren't able to reap the benefits that these SAS offerings have. So what we're really seeing is that there's people who are now planning, how are we going to secure our environment for the next five to six years? This isn't like a, a temporary stop gap thing. It's something we have to plan for to be in, in existence for a while. So we're seeing a lot of the same things and identity is central to that, right? It's no longer about the VPNs. It's no longer about the firewalls, as much as it is around who are you, what are you doing and are, and should you be doing that at this time?
Okay. So I think we all agree on that most business will remain hybrid. And what I'm also saying for, for quite a while, some businesses under really a couple of businesses will remain hybrid forever. So if you have a manufacturing, then, then you have some parts which always will be in some way on premises. You might call it edge and, and give it some, some shiny broad name and, and declare it as some sort of cloud. But in some ways we in between, and it's at least hybrid. And I think that is the reality for many businesses. And so, so when we look, look at this from a, from a security perspective, which other the ways, so, so Matt always brought, already brought up digital identity as an important element. So what are the elements you see as, as essential to securities hybrid and also far more volatile environments than in contrast to what we did earlier. So maybe Sega you start and then we move forward.
Oh yeah. I think, you know, I can answer to that question like for the next two hours, but I think just to be short, really, first of all, we should start with culture and mindset that that's really important to be able to understand. And I've talked about that in my talk that security has not just focused on production systems, but more on development. You know, UT processes security by design shift left. All those principles are really, really important. First of all, to ensure that the speed and the pace of DevOps multi-cloud can be tech off from the, from the beginning on, I think second, we have, you know, considering this multi-cloud environment, we have a couple of pillars where we have to establish a baseline, a centralized baseline and centralized identity based policy is, is definitely, you know, one of the, of the steps forward to do that.
And on the second, you know, the second layer understanding also, how do you really enforce this policy across of, of your multi-cloud environment in a consistent way? So policy is code the sort of principles are becoming very important, but also trying to understand how you're going to leverage the existing controls to do that. So I would like to challenge a bit, you know, the comment that the firewall was dead. I don't think it's really the case simply because we are going to live with our on premise environments for the next 10 years. And what's happening on premise. The it landscape is growing right? The, the shadow it sometimes up to 60, 70%. So fire was just one piece, one control, you know, among other controls have to take into consideration.
I think, I think there was, was the saying firewall is that, but clearly the role of the firewall is changing and other things are, are getting more and more important. And, and I also would say that the, that the place where the firewall resides in some ways changing. So we see a lot of endpoint security where firewalls are playing its role. We see it around the edge where, where firewalls play, and also honestly, for, for the areas which we need to protect. And we still have our private clouds, all the other things, clearly they are in some way, they are still parameters. And without firewall, we would have a huge problem. I I'm absolutely convinced because it's one, one of our layers of defense. No doubt about it, right. Your perspective on that.
Yeah, it's interesting. So I totally agree with the identity based contextual based role access. And it's quite funny to, to, to, to, to, to step back maybe 10 years, because we went through this scenario once before in the networking world when we actually dived into wireless. So I spent seven years with Aruba networks where we developed identity based contextual, contextual access. And I guess where we are at the moment or where we are in, in, in, in the CASBY world is very much applying that contextual access around, you know, about users and taking that and, and building policies around that contextual access. So, so those users are allowed to access certain systems from certain locations, with certain devices, with an deep device, or with a, with a, B Y O D device, but will be given certain security perimeters based on, on their contextual access. And, and that solves a lot of problems. And, and I guess it, it solves problems with, with cloud access, if you're going through a proxy, but if that same solution then supports VPN technology, which is non HTTPS. So we can actually access mainframes on site through a firewall, we then have a cloud based solution that actually does actually fit the hybrid market very well. Indeed Martin.
Yeah. And I, what I found interesting, you know, you, you're Richard sending vendors from three different market segments. So we have Palo Alto, big glass Palo Alto known from next generation firewalls, for instance, and a lot of things more than that today, but last with the CASPI fraud from an identity perspective. But I think you have two common nominators at least the one is context. And the second is policy. So across all of these things, it's always about the context. So when I go back to, to, in the history of Palo Alto with next generation firewall, it was bringing the context into the equation. Caspe you talked about context, identity met already brought up the, the context. I think these are two, two elements, which are really essential. And, and by the way, I, I have, I have a strong belief. We need to do more with policies because at the end policies are simple to describe and we can enforce them and, and translate them to each.
And every level we can say, okay, this is the policy. These people are allowed to do that or that or not. And then we can translate it into let Claire was firewall rules. We can translate 'em into Casper rules. We can translate them into our vacation rules. So if we, if we come to the way we handle and use policies and consolidated, and I think that's good goes back, what, what you arrive said arrives that, that, that is something that where we can make huge progress across all these areas. And we need all these elements from my perspective in security, maybe Matt bring in your perspective, and then we are already close to the end of the time we have for this panel. And wow,
Wow. This was a, a great conversation. You know, know one of the things I wanna talk about Martin, you mentioned the edge clouds and, and how are they gonna impact? And I, I think there's a lot to be said about doing security at the edge is as, as has already been discussed, you know, we now have such an explosion in scale of identities that need to be managed between I T between, you know, the, the human devices. Now, everybody has mobile devices. They don't have laptops anymore. People are doing moral, their mobile devices. Every microservice needs an identity. Kubernetes containers need an identity. There's just an exponential growth in, in identities to be managed and to be able to scale effectively and not introduce a ton of latency, you need to be able to apply those policies and decipher that context on the edge without having to go back to that central, that central identity server, that central identity policy engine.
So as, as we, we look forward, edge computing is gonna be much more important in being able to provide and apply security there. I, I also think with the, a advent of 5g, you know, consumers and, and employees just, aren't gonna settle for latency. And when you look at what's gonna happen over the next horizon in, in 2021, I think you need to start thinking about how COVID has shrink your digital transformation timeline, and how are you gonna be able to provide the best experience for your consumers on an online experience? I think this is an opportunity for up and coming providers. People that might not have a huge physical presence as, as commerce shifts to, to online, but it's also a, a challenge for people that are used to doing their business in person. How are they gonna be able to provide that same experience and build that same brand awareness online? So I really think the edge in being able to provide that great experience without latency is gonna really become important as 5g picks up and, and people are using their mobile devices so much more.
Yeah, I think we will see a lot of, lot of change. So to, to wrap this up or to come to an end of this panel, maybe every one of you could give a, a very short single recommendation, what he feels is most important. So for accelerating the true transformation with secure cloud access. So really a very short, concise statement, right. And that, and their game.
Yeah, sure. So I think if, if you know, you, you are looking at, you know, if, if you've accepted the fact that you're gonna be going cloud, you need to look at security before you even embark on that journey. I mean, it, it's, it's, it's a OUS journey, but if you have the, this security wrap down in terms of identity, you know what you're gonna do, you know, what policies you're gonna use then I, I think you could make a better, better stab at digital transformation,
Matt.
Yeah. I, I agree a hundred percent that you have to bake security in, and I think it's even more so that you need to think of security as an enabler, so that as you're going through your digital transformation, you can quickly and easily apply security and policies to all the new services that you wanna put out there, so that you're going to achieve that business agility and those lower costs that, that you're looking for. So to me, think of security as a business enabler and how you're gonna have one policy set across your, your cloud and your own premise and multi-cloud environments. Okay. Start again.
Well, I think, you know, pretty, pretty clear recommendation from my point of view, we.
Stay Connected
How can we help you