Illumio extends its segmentation to the network and cloud

By extending its Adaptive Security Platform to the network and cloud, Illumio brings together a number of historically discrete segmentation solutions

Illumio extends its segmentation to the network and cloud

Data centers have become increasingly dynamic and distributed, which is why there has been a rise in technologies such as virtual machines, containers and hyperconverged systems.

Security has been slow to evolve to meet the needs of the new world, but thanks to innovative start-ups such as Illumio, security is starting to change and is able to meet the demands of digital organizations. 

One of the big advancements in data center security has been the rise of segmentation tools. In actuality, coarse-grained segmentation has been around for decades in the form of firewalls, VLANs and ACLs, but companies like Illumio and VMware have extended the paradigm to applications, workloads and users. 

+ Also on Network World: Illumio’s cyber assessment program helps find new attack surfaces ASAP +

The challenge now for security teams is that each type of segmentation tool operates as its own solution, so a customer may want to use the network (e.g., Cisco) for coarse-grained, Illumio or VMware for application segmentation (micro-segmentation), and Amazon Web Services (AWS) or Microsoft Azure security for anything running in the cloud. No one of these is better than any other; they’re just different, and each solves a different problem. 

This week, Illumio announced it had extended its solution to work with Cisco, Arista, AWS and Microsoft Azure. I characterized the company earlier as a micro-segmentation solution, but the Illumio’s main product is its Adaptive Security Platform, and its ability to work with the leading data center and cloud providers is a good proof point of just how adaptive the product is. 

Now the company can provide customers with a layered security architecture by supporting ACLs on Cisco 2000 and 5000 top-of-rack switches and Dynamic Filters on Arista data center switches, as well as AWS Security Groups and Azure Network Security Groups. Illumio will make these features available later this year, but it will demonstrate them at the upcoming RSA security show. 

Unifying security policies

By extending its solution to the network and cloud, Illumio is able to bring together a number of historically discrete segmentation solutions. Technically, what it is doing is unifying the security policies so security engineers can set a single policy and push it out to physical and virtual workloads, containerized hosts, network infrastructure and cloud services at once. 

The extension of Illumio’s solution to the network and cloud will reduce the number of security gaps created by having disparate policies. Having more security tools doesn’t necessarily make organizations more secure; it just makes things more complicated. Uncoordinated polices enforced at the network, cloud and workload can leave several huge blind spots that get exposed only when there is a breach. 

Also, Illumio’s approach can significantly cut the amount of people time required to implement segmentation with manual processes across disparate tools. Configuring ACLs on traditional gear can be a long drawn out process that requires touching each box. Any change made is equally long and tedious. Illumio’s solution is in software and the implementation of the security policies can be automated. With this release, Illumio becomes the first vendor that can do user, coarse-grained, nano and micro segmentation. 

Segmentation In Depth 

illumio segmentation Illumio

Another benefit is that businesses can stop using firewalls for internal data center and cloud segmentation. Firewalls can provide coarse-grained segmentation, but they are a very expensive way to implement it, and despite the high cost, they can become choke points in a data center. Firewalls are great for protecting the perimeter, but they were never designed for internal segmentation. 

With Cisco, Arista, AWS and Azure, Illumio has interoperability with most of the major data center providers. The missing piece of the data center puzzle is VMware. Illumio’s primary value proposition is that its product is adaptable, and if it’s as open as the company claims, VMware NSX integration shouldn’t be too far behind. 

There are lots of segmentation solutions available today, and businesses need to find a way to tie these together at a policy level. From a vendor perspective, Illumio’s focus on owning the policy and then interoperating with the mainstream data center vendors is the right one because the battle for segmentation supremacy will be won through policy centralization and enforcement. This will enable the coordination of policies across the spectrum of segmentation types: coarse-grained, micro, user and nano.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2017 IDG Communications, Inc.