How are new regulations and multi-cloud adoption changing security?

Transcript

The way we think about what's changed is—if we look at what's happening in the infrastructure landscape, there are a few big shifts. One is, at an infrastructure operational level we're seeing people adopting cloud or multi-cloud based architectures. This imposes a set of limitations in terms of what amount of control we have over our network architecture.

It imposes constraints—in terms of what security primitives are exposed to us from the cloud providers themselves. And now we have to change our way of thinking from the controls and systems that we had available to us in our private data center, where we had much more control, to the controls that are available to us now in a cloud environment. So as our set of controls available to us change, we have to re-think how we solve certain problems like segmenting access on our networks.

Another big challenge is: The regulatory environment is changing around us. Historically, there was less focus on data, and data privacy, and consumer rights. As regulators get more involved, and as there's more public breaches, both public opinion as well as the regulatory environment is pushing us to do much more than we ever used to do. This takes place in the form of encrypting of our data at rest, encrypting our data in transit, and actually being liable to a much stronger degree when we talk about things like GDPR, force security breaches, or negligence in our security.

So what's really translating is these external changes—whether it's multi-cloud adoption, whether it's the regulatory environment—are putting pressure on our traditional approaches to security and really causing us to re-think how we do secret management, how we do segmentation of access on our network, how do we think about data privacy and protection. These changes, while they impact many layers of our security, really all stem from two larger changes that are taking place in the marketplace.