The public cloud will continue to grow in 2020 and multicloud strategies are fast becoming the norm for businesses. Cloud vendors are working hard to connect their cloud solutions to each other, which will make it much easier for customers to spread their workloads and data across different clouds that are tailored to particular workloads. Containerization is likely to continue to flourish in 2020, and serverless computing is also likely to continue to grow.
This week, CloudHealth by VMware has made another prediction for cloud computing in 2020 with respect to security. The traditional east-west firewalls that have been adopted by many businesses to prevent hackers from moving laterally after gaining access to the network have served their purpose and have helped to ensure that when a security incident occurs, its severity is reduced.
These east-west firewalls have proven popular due to their low cost and ease of implementation, but they do have a high maintenance overhead, which is far from ideal. An alternative, which is likely to gain traction in 2020, is the use of virtual private clouds with app-centric cloud governance. Rather than use east-west firewalls to prevent lateral movement, app-centric cloud governance applies security policies and access controls to individual apps.
Applying security policies and app controls for every single app may not sound too appealing, but it is actually far less work than it may seem. Policies are typically mapped by isolation zone, application type, and other criteria and can be simply managed and maintained through the use of tags. This approach will provide the same level of protection as east-west firewalls, but has a lower management overhead.
Cloud providers have started offering app-centric governance solutions, but the offerings are currently rather limited and public cloud providers are not yet offering app-centric governance solutions that are suitable for hybrid cloud or multicloud environments.
For instance, Microsoft Azure offers a Cloud App Security service to subscribers to its Enterprise and Mobility Security program, but this service is only suitable for Azure customers, not for use in hybrid and multicloud environments. Google has a decent offering – Apigee – which does work on multicloud environments, although it is not possible to apply policies to automatically block unwanted requests. Instead it works retrospectively, and users must manually block, flag, or allow requests after receiving alerts.
The CloudHealth solution is a far better option, as it allows governance policies to be applied to multiple clouds at scale. Agents are deployed to ensure compliance with policies and users are given total visibility into sign-in, use, and admin activities. The solution can be configured to act like Google Apigee and work retrospectively, but it also supports automated app-centric cloud governance and users can set customized actions to prevent policy violations. Further, the platform can be used to enforce both app-centric and network-centric governance policies, which is a major advantage over the application-level governance solutions currently available from public cloud providers.
The ease of app-centric governance using the CloudHealth platform is likely to see many businesses abandon east-west firewalls in 2020 and opt for public clouds with app-centric governance.