Solid security foundations are essential underpinnings for modern digital enterprises, but IT security has arguably had a siege mentality since the dawn of the internet. Unlike a goalkeeper or defense in front of a stadium of supporters no one sees the historic saves - IT security are only visible and exposed when there is a breach.
After the year of the hack, security is now firmly top of a lot of lists of business imperatives. Many business IT systems are historical Rube Goldberg contraptions with layer upon layer of integrations and workflows, protected behind firewalls and DMZ's from the outside world.
Last week I spent several hours with Illumio's founders and senior people at their silicon valley HQ exploring their recently revealed security approach, and believe they have created an extremely important development to simplify and enable more secure digital information and data flows.
NOCs (Network Operations Centers) are the internet equivalent of watchmen's eyes and ears looking out from the walls of mediaeval castles, making sure no one gets past the ramparts.
Instead of just guarding the perimeter Illumio take a far more granular approach, essentially taking security to an 'atomic particle' level by monitoring every entity, its context and any anomalies about who is attempting to access it and why. The core Illumio assumption in our ever more challengingly porous security world is that everything is untrusted until 'adaptive security' has verified integrity. Greatly simplifying, this is achieved with intelligent agents monitoring relationships and entities.
I've spent more hours than I want to remember negotiating modern digital strategies with security and legal people, and the internal dynamics between IT Infrastructure and IT Security are also very often strained. Alan Cohen, Illumio's Chief Commercial Officer and successful serial entrepreneur since he left Cisco (where we first met) describes the scenario inside all too many IT departments as Application Developers being the Department of 'Go', Infrastructure as the department of 'Slow' and Security as the department of 'No'....
Meanwhile modern business drivers and goals are piling on ever greater pressure to be increasingly agile so something has to give, and to be fair to the guys watching the endless break in attempts on their NOC screens, in most instances they have been holding the fort admirably in increasingly difficult circumstances. there is no question that hacking is getting much more sophisticated. Illumio may be what's needed to break up the security logjam and solve headaches across the organization.
Illumio aims to solve three existing problems beyond reducing the attack surface area:
- Every enterprise wants ever greater flexibility to run applications anywhere, anytime
- There is an urgent need for greater speed
- Today's security apparatus has no context whatsoever
To achieve this, 'VEN's' (Virtual Enforcement Nodes) acting like antennae are attached to each entity, and constantly interrogate workloads to report back telemetry to a Policy Compute Engine ('PCE').
The PCE has a graph database of every single thing in the environment supplied by these reporting mechanisms and knows the context around each entity, each of which are coccooned within their own little 'firewall' or security bubble. The VEN attached to each entity is programmed for state and context and won't respond to calls for access unless these attributes align.
To achieve this state across an enterprise it is first necessary to first untangle the historical spaghetti ball of connections and dependencies across an enterprise system; the Illumio ASP core services workflow sequence is as follows.
First Illumio 'Illumination' allows you to map your entire IT topography to understand and visualize applications and workload relationships. This is essentially a graphical map of the entire spaghetti ball and in and of itself is a very valuable exercise revealing what is connected to what (and often why...or why it shouldn't be...).
Next the Illumio process allows you to label everything and then create security policy in plain English - a white list of labels and relationships defining 'what is supposed to happen?'. If it's not explicitly described it's not going to be allowed, so any anomalies or attempted hacks will also send out an alert. This is a multi dimensional not a hierarchical model of dependencies.
It is then possible to model and test security policies, and to identify and alert on threats behind the firewall (my comment: a typical example is data jumping from dev to prod, which has proved immensely costly in the financial sector more times than they care to admit).
The next stage of services is enforcement. Policy is applicable anywhere: data centers, private and/or public clouds and will adapt to change through continuous policy computation.
New VM's inherit policies as the system expands: if you have described a policy once, as it is expanded it is repeated and applied.
Finally once up and running 'secureConnect' encrypts data in transit between any/all workloads or entire applications, enables policy driven encryption anywhere and creates on demand IPsec connections.
External mainframes and other 'outside' systems will not allow VENs to be attached so they are applied to data for label and context as it enters the enterprise workflow of the Illumio protected environment.
For the non security person (me) this is quite dry, but incredibly valuable as it has the potential to free up enterprises security constraints to allow modern digital workflows and contexts to be introduced. The challenge for Illumio will be to be seen as the salvation for security staff huddled in a fetal position around their data and unwilling to change anything without absolute certainty that this new fangled approach won't compromise their already besieged castle.
Governance & security policies along with practical oversight are ever more essential before you can get to implementing modern digital business and cross enterprise and partner strategies, leaving many companies hamstrung by bewilderingly complex legacy IT systems and unable to move forward until they have demystified and streamlined what they have.
After much publicity and damage caused by hacks and until now very little new development around Network Operations it is refreshing to see this new approach from Illumio. I know from recent client meetings hackers are rapidly getting more sophisticated - it's good to see security also getting more sophisticated and agile...