Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

As Enterprise Cloud Grows, So Do Challenges

Parenting teaches many lessons, including that difficulties get more complicated as kids grow up. Here's what to look for in a partner to share the "big-kid problems" of distributed cloud.

Joshua Goldfarb, Field CISO

January 15, 2024

5 Min Read
A little girl with a teddy bear stares out to sea, sitting on a stone on a cold beach, wrapped in blankets
Source: winter via Alamy Stock Photo

COMMENTARY

As the saying goes, "Little kids, little problems; big kids, big problems." Indeed, as children grow up, the complexity of the problems and challenges they encounter grows significantly, as does the seriousness of the advice and solutions they need.

I'd like to examine how we can learn an important security lesson from this principle. How so, you ask? I believe that if we look at the growing needs of enterprises as they mature and evolve their application and application programming interface (API) delivery and security strategies, we'll find that important lesson.

Enterprise Environments Grow Up So Fast

Although we may not have realized it at the time, enterprise environments used to be relatively simple — at least compared with what they are like today. Then they began growing in complexity. Perhaps we expanded to a private data center or colocation facility. Maybe we moved some applications to a particular cloud environment. Then maybe we moved a few more applications to a few additional cloud environments (while retaining some applications in our legacy environment, of course).

Before we knew it, we were no longer "little kids." We found ourselves with "big kid" problems. All of a sudden, we had an extremely complex enterprise environment. Development, deployment, management, operations, maintenance, security, compliance, and many other functions became much more complicated than they had been previously. But the resources we had to stay on top of this new, complex world largely remained the same.

This is where many enterprises find themselves today: living with a distributed cloud covering hybrid and multicloud environments. So what can be done? How can enterprises manage this level of complexity at scale? One way is to work with a strategic distributed cloud platform partner — one that can grow with you, bringing a platform approach and adding functionalities, management options, and security capabilities as you need them.

It is in this spirit that I would like to examine five points to consider when looking for a strategic distributed cloud platform partner.

1. Can I Manage a Multicloud Environment?

Perhaps you feel confident that you have your environment under control. Maybe you have only one cloud environment to go along with your on-premises environment. The first question I would ask is: Are you sure that is really the case? If the answer to both questions is yes, then I would ask the next question: What happens when additional cloud environments are added? If you think that won't happen, you may want to reconsider. I have seen many enterprises surprised by this.

If you haven't planned out how to centrally manage, operate, maintain, and secure a hybrid, multicloud environment, you may want to start. You may be headed down a path toward big-kid" problems, and you may want to work with a strategic partner that can help you here.

2. Do I Need Help With Vendor Consolidation?

Many security teams have vendor consolidation on their priority lists for this year. It makes sense. With complexity growing and security budgets relatively stagnant, managing an overly lengthy list of vendors and solutions doesn't seem to make a whole lot of sense. Have you considered the help that a distributed cloud platform provider can provide?

In addition to helping you manage, operate, maintain, and secure your hybrid, multicloud environment, perhaps they can also help you leverage additional platform functionality to replace various point solutions you have scattered around. It is worth several architectural design sessions with your trusted partner to find out.

3. What Happens in the Case of Mergers or Acquisitions?

Just when an enterprise may think it has everything more or less under control in the environment, it may merge with or acquire another company. As you might imagine, this adds considerable complexity and requires folding in those new environments under the already complex enterprise environment umbrella.

If you aren't working with a trusted distributed cloud platform provider when this happens and instead are managing various different environments individually, this already tedious task can become simply arduous. This seems to me to be another important point to consider.

4. Can I Handle the Pressure to Innovate?

Nearly every business has become a technology company in recent years. The reason is simple: In order to remain competitive, businesses need to be innovative and push ahead to meet customer and market demands. Applications and APIs are the means by which this happens.

Managing and securing those applications and APIs is never simple, particularly given the pace of advancement, but not having a strategic approach to managing and securing the distributed environments in which those applications and APIs live makes it exponentially more difficult. Pressure to innovate creates a sense of urgency around centrally managing and securing applications and APIs.

The last point I'd like to discuss around this topic, but certainly not the least important, is the evolving threat landscape. In recent years, defensive capabilities have improved around a number of different threat vectors. The attackers have not given up, of course.
Rather, they have doubled down, often researching new attack techniques and investing heavily in retooling to be able to compromise their desired targets.

Keeping up with the rate of attacker evolution is not something most businesses can do. Simply put, they need to be focused on their respective lines of business. That is where they are experts, and that is where they know how to generate revenue.

Businesses cannot simply throw their arms up and give up. Thus, having a strategic partner with teams focused on and dedicated to researching and countering the evolving threat landscape becomes critical.

Time to Settle Down With a Partner

When we look back at our time as little kids, our problems then seem relatively simple compared with our problems now. Now that we are big kids, we need to solve problems and address challenges across complex hybrid and multicloud environments. For most enterprises, working with a strategic distributed cloud platform partner can be helpful and can produce a significant return on investment in reduced complexity, simplified management, and improved security.

About the Author

Joshua Goldfarb

Field CISO, F5

Josh Goldfarb is currently Field CISO at F5. Previously, Josh served as VP and CTO of Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team, where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh's blogging and public speaking appearances, he is also a regular contributor to Dark Reading and SecurityWeek.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights