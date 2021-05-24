As enterprise network security makes the leap to the public cloud, some problems disappear, but organizations need to solve some new ones, too. So, let's assess where we've been and where we're going.

Where we've been First, doing network security in the data center, we counted on a few things: App deployment is under control -- specifically, change control. Network infrastructure is static. Network security architecture, tightly controlled admin access and change control ensure all traffic is funneled through network security control points -- typically, firewalls -- for security/policy enforcement. That means security teams can focus on that control point to do network security. This problem is well understood and usually solved by your favorite Magic Quadrant crop of next-generation firewalls.

Where we are going Network security in the public cloud is headed in a few directions: App deployment is rapid, which is what the business wants, and chaotic relative to the legacy data center environment: Apps deploy faster.

Many people can affect change; developers can add their own infrastructure.

There are no limits on rate of change and few limits on types of changes.

Apps are built using a dizzying array of techniques and architectures, so the network is even more the lingua franca and the best/only place to do security than it was before. Network infrastructure is almost as equally dynamic. Networking changes occur often, driven by multiple parties -- lots of cooks in the kitchen. From a business perspective, this is often a good thing as these changes are typically to facilitate app deployments. For more than a year now, spend on the cloud vastly exceeded spend on data centers, and unlike data centers, there is a new set of security problems still to be solved in the cloud. Attacks go where the money is, so the big, open security front for enterprises is the cloud. The bottom line is that, with dynamic network infrastructure and lots of change, it is difficult to have a clear security picture by only looking inside control points. How do you know if you're still in the path everywhere, for all kinds of traffic? The short answer is that you don't. The answer is not for security folks to say no or attempt to control everything, but to become more adaptable. And, notably, this problem is not solved and is getting bigger.