Zero trust continues to make airwaves in the enterprise IT world because it triggers the ideology of securing everything without having room for assumptions.
In cybersecurity, the lack of a security architecture continues to be a major pain point, but the supercloud concept seeks to be a game-changer because it embeds zero trust, according to Nir Zuk (pictured), founder and chief technology officer of Palo Alto Networks Inc.
“The funny thing is, using the word security in architecture rarely works together,” Zuk said. “We’ve always tried to find ways to put an architecture into writing blueprints, whatever you want to call it, and it’s always been difficult. Luckily, two things. First, there’s something called zero trust; zero trust among other things is really a way to create a security architecture. Second, in the supercloud, we’re starting from scratch; we can do things differently.”
Zuk spoke with theCUBE industry analyst Dave Vellante at today’s Supercloud 2 event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed why supercloud is a perfect fit for the cybersecurity landscape and how Palo Alto Networks pushes this agenda.
How does zero trust fit into the picture?
By incorporating the idea of falling in love with the problem not the solution, Palo Alto Networks was able to prompt more cybersecurity capabilities because it didn’t make any trust assumptions. Therefore, this has made zero trust relevant in the supercloud world, according to Zuk.
“The idea behind the platform was to, over time, take more and more cybersecurity functions and deliver them together — one brain, one decision,” he said. “When you combine that with zero trust and you end up with something where any user, geographical location, and application are secured the same way, you end up with an architecture for securing your applications, which is applicable for the supercloud.”
Palo Alto Networks incorporates the supercloud concept into a complex issue like security through normalization, according to Zuk, who said that this happens through abstraction.
“Different cloud providers call their storage different names, and you use different ways to configure them and the logs come out the same; so we normalize it,” he pointed out. “Thanks to that normalization, our customers both on the engineering side and on the user side, operations side, end up having to learn one terminology in order to set policies and understand attacks and investigate incidents.”
Supercloud architecture comes into play
As a layer of value on top of the hyperscalers, supercloud should be treated as architecture not a platform, according to Zuk. Palo Alto Networks has set the ball rolling in the supercloud architecture space, he added.
“Practically, this world is ruled by financial interests, and none of the public cloud providers has any interest of making it easy for anyone to go multicloud,” Zuk said. “We, as a third-party provider, cybersecurity provider, we’re doing our best … it’s pretty close to being the way you describe the top of your supercloud. We’re building something that abstracts the underlying cloud such that securing each of these clouds, and by the way, I would add private cloud to it as well, looks exactly the same.”
To achieve the supercloud experience, having a single global instance is the ideal deployment model, according to Zuk. This is because it enhances security and drives compute costs down.
“From a security perspective, it’s always better to run in one place, because when you collect the information, you get information from all the clouds and you can start looking for cross-cloud issues, incidents, attacks and so on,” he noted. “So we prefer the approach of running in one place, bringing all the data there, and running all the security, the machine learning versus trying to create a distributed deployment in order to try to save some money on the network data transfers.”
When it comes to cloud security, agents play a fundamental role because they enhance protection, Zuk explained.
“When you deploy cloud security, you have to decide whether you’re going to use agents or not,” he pointed out. “By agents, I mean something working, something running inside the workload. I recommend using agents because that enables prevention; it enables functionality you cannot get without agents.”
Visit theCUBE’s Supercloud 2 event page to watch full episodes on demand!
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.