KNect365 is part of the Knowledge and Networking Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.

Informa

Why Cloud Security can't be a DevOps Afterthought

Mirantis, a leader in the OpenStack ecosystem recently announced commercial support for OpenContrail. As part of the OpenStack ecosystem, OpenContrail provides components for network virtualization, an SDN controller, a virtual router, an analytics engine and northbound APIs.

The goal: An open, standardized stack that developers can write to.

Sneddon says a major driver for that standardization is a shift in decision-making away from network teams as DevOps culture takes hold.

“You have an app team that's designing an application to run on a certain type of cloud, and that's going to dictate a lot of infrastructure,” he said. “Sometimes the server team and the network team aren't the ones that make the final decision on how those things get deployed. They're getting pulled in — sometimes at the last minute — to hear, ‘We've already made these decisions. How are you going to solve for the IP address management and security rules and things like that?’”

Screen Shot 2017-10-05 at 16.02.55

Juniper encourages its partners and networking customers to build relationships with DevOps and lines of business leaders before they’re blindsided. To do that, CIOs and their teams need to accept that the network must add business value.

“The SDN solutions are really how we get there,” says Sneddon. “We can say, hey, here's a really powerful networking platform that answers all the concerns of the network engineering team and has all the right knobs, widgets and visibility and security policy functions, but is abstracted and simplified in a way that the dev team can take advantage of.”

If demonstrating business value isn’t a compelling argument for networking pros to change how they architect, the experiences of companies that have had to deal with rogue cloud projects should be. Sneddon says he regularly sees network admins run up against a flat VLAN, or another topology that compromises security but was easy to spin up to supply a sandbox for DevOps.

“It’s one thing to say, ‘The cloud guys can do whatever they want to within this bubble of network authority,’” he says. “But if that thing moves into production, suddenly running one contained bubble isn't going to scale and isn't going to give them the connectivity they need.”

It’s when teams go back and try to shim security in that problems arise.

“You can’t implement a security policy after the fact because it breaks everything,” says Sneddon. “So yeah, the tension is real.”

hybrid-cloud

Multi or Hybrid? That Tension’s Real, Too

One area no one disputed at the Summit is that private clouds are not being displaced by AWS, Azure, Google Cloud or any other public IaaS platform. In fact, Patrick Weeks, GE Digital Healthcare’s senior director of digital operations, said his company’s remotely managed private cloud has delivered more than $30 million in annual savings and a 49 percent reduction in IT’s on-premises footprint.

Online-shopping site SnapDeal, which moved from public to private cloud, realized a 78 percent infrastructure cost savings.

What’s less agreed-on is whether we’re on path to a hybrid future, where workloads run on fairly homogenous infrastructures regardless of where the hardware sits, or whether the future looks more like today — a mix of platforms, container types, VMs, bare metal and even a few mainframes.

Sneddon is in the multi-cloud cloud camp and, in fact, says the argument over private versus public is largely dead.

“For the most part, especially in newer applications that are being developed now, I don't see people arguing over private or public,” he said. “The future is ‘all of the above.’ A big theme at the summit this week is how Docker and Kubernetes and OpenStack coexist. The big challenge, then, is ‘OK I have this little microservice applet running in a Google Cloud, but there's a data mine back in that IBM mainframe that I need to access. How do I how do I do that securely and how do I do that dynamically?’”

Juniper’s answer is Contrail for SDN and its recently acquired machine learning and telemetry platform AppFormix for visibility and analytics — Sneddon calls multi-cloud the “killer use case” for the Contrail 4.0 release that will be shipping soon with support for Kubernetes and Docker.

“It’s a really powerful tool to start to make multi-cloud a reality and get out of the silos of ‘there’s my Docker cloud, there's my OpenStack cloud, and the two shall not talk,” he said.

While SIs and IT teams are cobbling together custom and an in-house developed APIs, that leads to lock in.

Screen Shot 2017-10-05 at 16.02.55

As to Appformix, Sneddon says it will help Juniper move up the application and server monitoring stack by leveraging machine learning and automation. He also previewed correlation and analytics data generation advances in the Junos telemetry interface, with the goal of one visibility platform.

Why should partners and customers stick with an old-school networking provider as they move into cloud?

“I've seen networking focused startups come and go in the SDN space,” said Sneddon. “The ones that stick around are the ones that approach it from the IP layer, understand fundamental networking principles and can apply them to this new world. We know how to manage millions of endpoints because we do it every day.”

Screen Shot 2017-10-05 at 15.58.10

Cloud Security Summit will be hosting the above session on Security in a Multicloud World, the following points will be explored:

  • Moving to multiple clouds brings better versatility and availability, provided you don’t overlook emerging security issues around data loss, compliance violations and more.
  • Integration issues: How the lack of standard service agreements and APIs prevents seamless integration between multiple clouds.
  • No standardization of methodologies, services, instance sizes, performance or other attributes between public cloud vendors.

download brochure

Get articles like this by email