Share this article on:
Steve Singer, regional vice president at Zscaler, weighs in on the value of IT standardisation.
Traditionally, corporate IT departments have tended to make decisions about technologies based on their own requirements and assessments; however, this situation is changing.
With the adoption of cloud-based resources in full swing, IT decisions often now involve multiple stakeholders. As a result, departments are making decisions centred on the needs of their users rather than the company as a whole.
As a result, silos of wildly divergent technologies can appear within a company, making administration much more complex. For example, one department might decide to work with a specific cloud provider based on its application needs. However, developers need a different cloud environment to support their work, while another department might opt for a niche provider.
Instead of making IT decisions in isolated silos, companies need to ensure that they maintain a standardised, overall view of their cloud strategy. This will both tame complexity and make it easier to tackle challenges. The cloudification of individual business areas should be secondary to a holistic digitalisation strategy.
Growing complexity
Within some organisations, the COVID-19 pandemic has highlighted the complexity of their cloud infrastructure landscape and its potential pitfalls. Different cloud environments require different approaches to implementation.
To reliably eliminate any security vulnerabilities, the person responsible for implementation in each case should be a specialist in that provider’s specific solution. In addition, the nested design of multi-cloud environments and the complicated guidelines that go with them can be a factor in administrative errors and compromises on security.
When organisations were forced to quickly shift their staff members into a work-from-home mode in early 2020, many were faced with the challenge of checking who could access the applications they needed securely and from which devices.
The benefits of simplification
In many cases, the current complexity is the product of infrastructures that were not cloud-ready when applications were migrated there. In addition, the combination of traditional network concepts with perimeter security conflicts with the demand for cloud agility and user-friendly and high-performance access to applications.
Faced with the need to provide fast and secure access rights, companies are starting to question the untamed growth of their infrastructure of multi-cloud environments and use on-premises hardware to secure their network. They are looking to return to standardised processes that encompass all applications and connectivity as well as security. They need to find an alternative that doesn’t simply force them from one complex infrastructure scenario into another.
To simplify an increasingly cloud-based infrastructure, organisations must switch to an approach covering all the required business cases and bringing all departments together at the same table. Rather than individual departments pursuing their own short-term goals, organisations must adopt a holistic vision guided by the foresight of the CIO. The result will be simplification.
The rise of zero trust
It quickly becomes apparent that legacy hub-and-spoke architectures cannot handle high-performance data traffic handling in multi-cloud environments. A new approach is also required when it comes to security.
When it comes to an effective security strategy, old methods must be replaced with a completely new approach. Zero trust network access architecture and Gartner’s SASE framework pave the way for a disruptive shift to cloud-ready infrastructures.
These frameworks enable a direct and secure connection between users and applications, regardless of the environment in which the application is hosted or which device the user is accessing the application from. As a result, IT shifts security from the perimeter to the edge.
Based on the principle of least privilege, each user is granted access only to the applications they need, rather than the entire network. These access rights are then monitored via user identity and authentication.
A zero-trust approach can be used not only to keep employees safe but also to protect cloud environments. In these cases, the same basic principle applies in that neither internal or external networks should be considered safe by default, and verification is always required before access is granted.
While reviewing their approach to security, companies should also be thinking about standardising their cloud environments. This is because incorrect configurations in complex environments account for 95 per cent of security risks.
A strategy of standardisation
Combining network and application access to form a new, holistic approach paves the way for the next wave of standardisation. Regardless of the location of the application, the user is guaranteed direct and secure access.
The days of complex, hardware-based security are gone, and a new wave of consistent access management via a cloud-based service will provide the level of transparency and standardisation that modern companies need.
Following this approach will allow organisations to simplify their IT infrastructures without making compromises when it comes to performance or security.
Steve Singer is the regional vice president and ANZ country manager at Zscaler.