Welcome to the WEI Tech Exchange Blog

Manage Cloud Migration Security Concerns with Illumio

Written by Jay Cardin | May 28, 2019 12:45:00 PM

Across industry lines, there’s a trend of enterprises moving their applications to the public cloud. The cost of cloud computing and storage have dropped significantly over the past few years, and IT leaders are seeing the value of not owning physical infrastructure.

Security Concerns Are the Top Priority When Considering A Cloud Migration

While this transformation provides business with financial advantages, security still takes the top priority in deciding to take steps toward cloud migration. Some of the biggest current challenges, as identified by Illumio, are as follows:

  • Security policies need to be reconfigured when applications migrate to public cloud.
  • Virtual private clouds (VPCs) used for isolating applications and application tiers increase management complexity and introduce delays.
  • Manual modifications to security policies for application changes across private data center and public cloud increase the risk of errors.
  • Rudimentary security solutions offered by public cloud providers do not offer the enterprise-grade security controls available in private data centers.
  • Public cloud providers offer different security solutions limiting application portability to other providers.
  • Security solutions lack visibility to workload context and cannot adapt to application changes. Business is slowed down by security changes.

 

Illumio Offers A Solution to Cloud Migration Security Concerns

The key to migrating workloads into the cloud is to eliminate the constraints imposed by networking without compromising security and controls.

The Illumio Adaptive Security Platform (ASP) solves this problem by attaching security and controls at the workload, eliminating the need for VLANs and zones, and allowing workloads to be migrated to the cloud without a choke-point. This architecture provides application isolation without tying security to the network infrastructure.

Illumio ASP delivers enforcement at the workload via the Virtual Enforcement Node (VEN). The VEN is not in the data path, but enforces policy instead using the instruments that exist in the operating system – specifically IP Tables for Linux, and Windows Filtering Platform.

Policy is computed using the centralized Policy Compute Engine (PCE) which receives context information about workloads as telemetry from all of the VENs. The PCE uses the relationship between different workloads when determining the enforcement's to be applied.

With Illumio ASP, an organization that moves its application to a public cloud can use the exact same security policy that was in place in its own private data center. This ensures a uniform approach to security for all workloads and in all locations.

Here are four ways that Illumio ASP helps enterprises with cloud migration.

1. Granular Security That Moves with Workloads

Illumio ASP provides enforcement at the individual workload rather than using the network or artificial gateway inside of a cloud service provider. This allows enterprises to create a protection profile around a workload, or set of workloads, inside their existing data center or in a public data center. Or they can split tiers of an application between their data center and a cloud provider. This gives the enterprise complete control over where and how its applications are deployed without having to worry about security controls.

2. Context Aware Security Enforcement

Illumio ASP is fully context aware. It understands the context of each workload, which ensures that the PCE gets the right security answer every time. A flexible, multi-dimensional labeling mechanism defines a workload based on its role, the application that it serves, the environment it runs in, and its location.

The Illumio PCE maps the labeled workloads with the policies provided by the individual VENs. This allows security policies to be resilient to changes to applications or the underlying network infrastructure.

Because the security is attached to each workload, the need to rely on gateway devices to enforce workload and application security is eliminated. If any legacy techniques are in place, Illumio ASP can still be used with full functionality.

3. Operations at The Speed and Scale Of Application Infrastructure

Illumio ASP allows an enterprise to operate at speed, meaning it doesn’t have to configure and deploy a gateway device that may have non-deterministic scaling characteristics. Illumio ASP offers predictable performance since it is instrumenting capabilities that are already in the kernel. It can scale to hundreds of thousands of workloads.

4. Security with No Dependency On IT Infrastructure

By enforcing security on the workload, Illumio ASP completely decouples security from the underlying network infrastructure. An enterprise does not need to re-architect or change its existing segmentation technology or network topology – it can simply integrate Illumio ASP and allow its separation technology to provide connectivity and forwarding fabric.

Contact WEI for Custom Cloud Security Solutions

Illumio, the leader in micro-segmentation, prevents the spread of breaches inside data center and cloud environments. If your enterprise is considering making the leap to public cloud, let the experts at WEI help. When it comes to delivering or obtaining the right set of cloud services, WEI routinely pairs industry best practices with top-flight technologies and its own brand of innovation. The result? The right cloud-based solution at just the right time for any enterprise. Contact us today to get started.