Cloud replaces data centers, edge replaces cloud and data centers ….. that’s somewhat true and then again not. Marc Lueck, CISO EMEA at Zscaler, is looking for a new definition or even a better term. Because at the moment, the term gives the impression of security, which no longer exists in IT in this way.
Language has its own power. Although words used to describe things or circumstances change over time, they often have a strong influence on our actions and thinking – and continue to have an effect long after the word has been introduced. In contrast, the rapid development of IT technology has led to extreme changes in various terminologies.
Where expressions are retained, it is not always for the right reasons. A good example is the term data center. It is based on the idea that data is stored and protected centrally. With the advent of the cloud, both the term and the mindset it has shaped need to be corrected.
A False Sense of Security
Since the beginning of the cloud revolution, it has been possible to observe how the traditional data center has become less important as more and more applications and services are moved to cloud environments. As a result, data is no longer centrally stored in this relic of the past.
However, the storage and security practices around data centers lead one to believe that all of this data can be treated as a single entity for protection and access. Building on this thought model of the fenced perimeter, IT protected everything within a defined perimeter. In the age of the cloud, this concept no longer exists.
However, the word data center continues to be used in everyday IT communication, and along with it, protecting a perimeter area is still considered a sensible approach to security. Such an approach gives a false sense of security and can lead to project failure because secure access to data in cloud environments must be adapted to the new circumstances.
The trend toward the cloud is influenced by another factor: the ongoing pandemic has acted as a catalyst for the accelerated shift of applications to the cloud. As a result, many companies have embraced technology faster than ever before. Since working in the corporate office has become the exception, numerous organizations across a wide range of sectors have been forced to provide their employees with access from the home office.
Original plans were thrown out the window and cloud initiatives were brought forward. Applications and data were moved out of the centrally secured perimeter at an accelerating pace as a critical factor in continuing business operations. However, the terminology and associated mindset remained.
Many enterprises around the world are currently undergoing major transformation projects by embracing the trend toward digitization and moving away from their data centers. But the security infrastructure is often retained, even though it has become ineffective.
Some Are Tripping Themselves Up
Enterprises continue to rely on their existing hardware stack of security modules designed to protect data centers to protect access to new cloud architectures. In doing so, they are hindering themselves from realizing the full potential of the cloud.
A combined infrastructure consisting of a multicloud setup alongside traditional data centers is an incredibly complex construct and costly to manage. In addition, a legacy approach to security can be a barrier to any innovation.
A hub-and-spoke approach forces traffic through the same long paths it had to take before cloud adoption. Yet many companies still choose to continue running their traditional infrastructure alongside innovative technologies. At least until they gain full confidence in cloud-based capabilities. Sometimes, that complete shift into the modern era never happens.
Transformation in Terms of Security
Although digital transformation is inevitable in itself, how companies embrace change affects whether the transition goes smoothly. The advent of the cloud means there is no longer a central location where all data is held for security review. Organizations need to redesign threat posture and risk assessment from the ground up.
Around cloud environments, however, there is uncertainty about the implementation of security and access control features. At its core, a successful cloud transformation must not only be about moving data to cloud environments but also consider a perimeter-less security architecture. The challenge is to achieve equally strong data protection for cloud environments through other means that are adapted to the new flexible ways of working.
Regardless of where data and users reside and what network they use to access their applications and services, IT must regain sovereignty over the control function of all data flows. A cloud-based management console that manages all rules and access rights can help. This allows companies to dive into the world of Zero Trust. Such a comprehensive approach helps bring back the challenge of decentralized IT environments, mobile workers and diverse workloads.
The Role of Zero Trust
Without Zero Trust, a known identity – be it a worker, a workload or a trusted device – gains complete access to a network, not just the application or data it needs to work with. This puts both the network and all other applications and devices at higher risk. This is a problem companies have faced since their employees are increasingly working from home.
The classic consideration of the protective wall around the data center has automatically deemed the employee and their device as trustworthy. If the data center is now just one of the places alongside multicloud environments that employees access, then the network becomes less important.
That’s why companies need a system that no longer classifies their employees as trusted when accessing the Internet or applications within the corporate network. This trust must be established based on identity and context.
The principle of least privileged access helps to bring about a change in perspective. Authenticating a user based on their access privileges greatly increases security and, at the same time, usability. Enforcing access for each individual transaction or connection can even increase security exponentially.
Ultimately, this means that software-defined policies securely connect the right user to the right application or service – rather than the entire network. A single secure cloud platform sits between users and the Internet, inspecting all traffic to the device rather than opening the entire network to the Internet.
Zero Trust replaces the traditional network security model in this way, ensuring that each employee and device can only see and reach what corresponds to their assigned privileges. Indeed, following the introduction of Zero Trust, IT departments have recognized the positive impact that direct and therefore fast access to applications has on employee satisfaction.
The ongoing adoption of Zero Trust and cloud infrastructure speaks to the declining importance of the term data center. The cloud enables companies to use innovative services that simultaneously weaken risks and increase agility as well as efficiency. It is likely that the cloud environments and collaboration tools that companies have turned to during the period of great demand for home working will be retained in hybrid working models in the future.
It remains to be seen, however, how long the term data center will remain entrenched in the minds of those responsible for modern IT architectures. Perhaps they should start looking for a new term.