Tufin: Securing the Cloud Journey

This guest blog was contributed by Yoram Gronich, SVP of Products and Engineering, Tufin.


Today’s networks have expanded beyond on-premise to include cloud and hybrid deployments. The question of whether or not to move to the cloud is a dated one - it’s now which clouds, and how many.

While enterprises seek to balance agility and security throughout this process, they need solutions that give them visibility into the overall network, as well as the power to control and enforce security policies across the board. At the same time, they’re also faced with a labor shortage, constantly evolving compliance requirements, and the need to work with the technology of multiple vendors in parallel.


The larger the environment and number of variables involved, the more essential automation becomes to address these challenges. Automation can help manage a seemingly unmanageable situation, while still offering cloud, network and security teams the ability to drive efficiencies and reduce risk across their heterogeneous environment.


Optimizing the Cloud


The reasons companies have chosen a multi-cloud approach for their organization are many, but the most common one is to increase the speed of their operations, gaining a competitive advantage. Cloud services can speed time-to-market of new products and solutions, improve customer service, and help enterprises respond faster to changes in their industry, good or bad. Increasing proactivity and lowering response time to market shifts and customer needs has proven to be the biggest benefit of the cloud.


The problems begin, however, when this speed is limited by security and compliance requirements.

Making Security Work


No one will argue that security is unnecessary. The problem is that teams often see security as hindering their ability to realize the full benefits of working in the cloud. When success depends on speed-to-market and the ability to continuously change and update a product or solution, needing to stop for regular security or compliance checks can destroy your market advantage and de-motivate your development teams. And when network and security teams take too long to review and approve changes (or send back adjustments), it’s easy to see where the belief that the security and compliance process should be circumvented or avoided comes from.


The cloud does indeed bring challenges - but the answer cannot be working around security and compliance requirements, nor can it be to turn back the clock and invest in fewer cloud solutions. The way to maintain speed, and therefore a competitive advantage, while still providing network and security teams control over the environment and what goes live is to embrace security automation.


Historically, enterprises have deployed additional firewalls and switches to secure the network; and more recently, undertaken network segmentation. But undertaking these approaches in a manual manner can easily add additional management complexity and expenses to the bottom line, negating the market advantage and cost savings that were the reason for moving to the cloud in the first place. Not to mention, when you add complexity in this way, you expand the attack surface and the possibility for misconfigurations to occur.


Centralized Policy and Automation Handles Complexity


Agility or security doesn’t have to be an either-or decision. By embracing the combination of a centralized, consistent security policy with automation, you can ensure all of your cloud implementations are held to the same security standards - without adding additional complexity and maintenance into the mix.


With a centralized network security management layer that sits on top of an enterprise’s infrastructure, you can easily visualize, analyze, create and implement network security policies across all cloud implementations. With automation, changes can be automatically vetted for compliance and risk, then properly designed, provisioned, and validated. Security policies can be built into the automated network change process and integrated with enterprise workflows, so that changes can be reviewed and approved in mere minutes.


The main benefits of security automation include:

  • Real-time Network Visibility - Improved visibility of security across the entire business, whether an application is hosted in the data center or on any of a number of cloud platforms.

  • Integrated Security - Automation allows network and security teams to integrate security directly in the DevOps process, without relying on developers to configure those settings.

  • Continuous Compliance - Security policies can be quickly updated and consistently applied across the organization, helping to meet changing regulatory and business requirements.

  • No Loss of Agility - Security automation enables changes to automatically be reviewed against an organization’s policies, ensuring development speed isn’t affected while security is maintained.

  • Ease of Management - Automation eases the burden placed on the network and security teams, ensuring they don’t miss anything important in a security review, while freeing up their time to work on more business-critical tasks.


Summing Up


The products and solutions being utilized by modern enterprises are constantly evolving to keep up with the latest security and compliance needs. That’s why it’s so important to ensure that your security policies remain consistently applied across all cloud environments and applications. Speed is critical to success, but so is the need to keep control of risks during your network security change process. Embracing network security automation helps bridge the gap between security and development, ensuring a competitive advantage is maintained.


About the Author

Yoram Gronich is SVP of Products and Engineering at Tufin. With over 18 years of experience in design of enterprise and carrier security products and network management systems, Yoram Gronich manages all development efforts for Tufin’s products. He previously held R&D management positions at Check Point Software and ECI Telecom. His most recent position prior to joining Tufin was as development manager for Symantec. Yoram holds a B.Sc. in Physics and Computer Science and a M.Sc. in Electrical Engineering from the Tel-Aviv University.


###