The Convergence and Rise of Cloud Networking and Security – Six Five On the Road

The Convergence and Rise of Cloud Networking and Security - Six Five On the Road

On this episode of the Six Five On the Road, host Shira Rubinoff is joined by Aviatrix’s Chris McHenry, Vice President of Product Management, for a conversation on the critical convergence of cloud networking and security, and how Aviatrix is leading the way.

Their discussion covers:

  • The timing and reasons behind the convergence of cloud networking and security
  • The benefits that come from integrating cloud networking and security functions
  • Insights into Aviatrix Distributed Cloud Firewall and its role in this new era
  • Recommendations for organizations to align their enterprise cloud operations with networking and security imperatives
  • The exciting potential of Generative AI in enhancing cost optimization, efficiencies, and proactive protection within cloud environments

Learn more at Aviatrix.

Watch the video below, and be sure to subscribe to our YouTube channel, so you never miss an episode.

Or listen to the audio here:

Disclaimer: The Six Five Webcast is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we ask that you do not treat us as such.


Shira Rubinoff: This is Shira Rubinoff, President of Cybersphere, a Futurum group on the road with Six Five Media here at RSA 2024. I’m here with Chris McHenry, VP of Product Management for Aviatrix. Chris, pleasure to be with you here today.

Chris McHenry: Thank you, Shira. Good to be here with you as well.

Shira Rubinoff: Thank you, Chris. So Chris, can you please explain to our audience who you are and what you do for Aviatrix?

Chris McHenry: Yeah, absolutely. My name’s Chris McHenry, I’m VP of Product Management. I lead product management, product strategy for Aviatrix. We are a cloud networking and network security company bringing better security services to people in AWS, Azure, GCP, Oracle, all of the clouds.

Shira Rubinoff: Perfect. So Chris, we talk about convergence of cloud, networking and security. So why now? Why the importance of it right now?

Chris McHenry: Yeah, well, first off, I think security is incredibly important in general, and as we see the shape of organizations change, both from a physical perspective where they used to have control of the four walls of their offices and their data centers and their applications lived there, and then physically moving those users to work from home and then the applications to work in the cloud, I mean, that fundamental transition changes the way that we have to think about security.

One of the things that that also changes is the internet becomes much, much more important, and I think the internet is both a pro and con for us, it’s a thing that enables and empowers all the amazing technology that we use today and it’s also the thing that makes cybersecurity incredibly important, so the ever presence of the internet and the cloud is really forcing a lot of that transition. And then the last thing that cloud changed was it really shifted the power dynamic in a lot of enterprise organizations, and we saw people move to the cloud for speed and the first people to move there were the application developers. There’s a lot of conversation around shadow IT, and security may be a little bit late to the cloud. So now that that has matured, people are catching up and we really need to do something about it.

Shira Rubinoff: Well, certainly, and of course we’ve been talking about it for a long time, certainly in the last number of years, the migration to the cloud for security reasons.

Chris McHenry: Yes.

Shira Rubinoff: Why is that better and why is that needed?

Chris McHenry: Yeah, I mean, there’s, I think actually a misconception here, to be perfectly honest. When you move to the cloud, I think one of the things that people are excited about is the fact that they don’t have to think as much about infrastructure anymore. But the reality is that when you move to the cloud, you still have a significant amount of responsibility to secure your own applications. In general, the industry calls that the shared security model, and so they’re very explicit about what layer of the stack do the cloud providers cover. Typically physical, we’re not going to let anybody into our data centers, we’re going to isolate organizations from each other, but anything that runs on top of that, you’re responsible for securing.

So we still have to think about a lot of the same layers that we thought about beforehand, and it actually opens up additional security holes. Again, like I said, the internet is much more ever-present in the cloud, your management plane is on the internet. We need to think about different things, and so it’s both an amazing thing, because you have additional tools, but also there’s a significant amount of responsibility that we still have to own when we move our applications to the cloud.

Shira Rubinoff: Well, certainly, think about the landscape, it’s that much greater, the exposure is that much more, and the third-party risk and the entree points and understanding what is in the cloud, who has access to it, the penetration points. Can you talk to that for a moment?

Chris McHenry: Yeah, absolutely. I mean, I think about one of the big things that I’m really, really passionate about is thinking about the fundamentals. So there’s a lot of things that we’ve done in a traditional on-premises environment that are still really, really important in the cloud. You think about how do I control who has access to things like you had mentioned before, and it used to be we had a physical cable and we could put a firewall there and we had our active directory, and that was what we did. In the cloud, now all of a sudden, your management layer, as I mentioned before, is on the internet. So we need to think about access controls, and there’s whole industries that have popped up to help secure that. But then from a fundamentals perspective, the attack landscape hasn’t really changed. We still have a lot of the foundational techniques that MITRE outlays in their attack matrix. We have a lot of the concept of the kill chain, which is this is effectively the order that somebody goes through when they attack your environment. So thinking about the fundamental controls that we had on-premises and thinking how those might translate to the cloud, but they’ll look different. Again, don’t get too far away from the fundamentals. We still, thinking about the same frameworks and how we use those frameworks to secure things.

Shira Rubinoff: Well, I think you hit the nail on the head with that. Get down to the fundamentals, understanding it from the ground up. And I think a lot of organizations as they’re migrating to the cloud are thinking about doing so or doing so without really tapping into the fundamentals and the way the workflows go and what is needed, they’re kind of missing that layer. Just almost like the push-up without dialing back and taking the necessary steps to get there. What type of advice can you give to organizations around that when they’re saying, “You know what? This is what we’re doing, this is how we’re doing it, because this is what we see in industry.” But that’s the problem, a lot of things we see in industry is not necessarily the way to go.

Chris McHenry: Yeah. I’ll tell you, there’s two approaches that I see. One is, we’re going to think about this in a completely new way, and we’re going to bring completely new tools into the environment, and we’re gin the CSPM space really kind of going down that path of like, okay, totally brand new. We need to think about this differently. That’s one direction. I mean, the other direction though is to think about, we see a lot of organizations who literally take what they had on premises and lift and shift it into the cloud.

Shira Rubinoff: That’s what I was thinking about.

Chris McHenry: And neither of those things are great, honestly. The lifting and shifting, if you think about it from an application perspective, nobody would say that lifting and shifting an application is the best way to bring it to the cloud, yet we do it on a regular basis. It has all of the things wrong with it. And when we think about how that translates to networking and network security, you’re going to have the same problems if you lift and shift it. We need to think about the fundamentals. I need those controls, but they’re probably going to look a little bit different when we bring them to the cloud. We should re-architect should refactor, and I think there’s an immense amount of opportunity to again, focus on the fundamentals, but think about what they should look like in a more cloud-native way.

Shira Rubinoff: Well, certainly, there’s also, we talk about siloed effect within organizations where one hand might not necessarily talk to the other. And you might have the security folks, you might have the business units and different ones trying to do something else that doesn’t quite fit with the other networking group or the other group itself within the organization to make that transition and the security up to snuff. What would you advise organizations to do if they’re sitting in that space?

Chris McHenry: Yeah. So there is this constant tension between speed and security, I think are really the two things. There is business pressure to develop applications, to innovate at a really aggressive pace, and then there is counter business pressure to make sure that everything is secure.

Shira Rubinoff: Correct.

Chris McHenry: And those two organizations oftentimes don’t see eye to eye because they have different incentives and different success criteria.

Shira Rubinoff: Exactly.

Chris McHenry: Security should be pervasive across the organization.

Shira Rubinoff: It should be everybody’s responsibility.

Chris McHenry: It should be everybody’s responsibility, but the expertise is not everywhere.

Shira Rubinoff: Correct.

Chris McHenry: And so the biggest piece of advice that I have for organizations who are in this scenario is when, again, when many organizations move to the cloud, they prioritize speed. The developers were the ones who were the initial customers in the cloud, and the security team is coming in a little bit later, and they might be trying to impose some of their traditional ideas on the developers. My biggest piece of advice is, don’t think about it that way. The reason Cloud was successful was because speed was important. Now we need to come in and we need to reinvent the way we think about security and listen to the needs of the developers so that when we come in and say, “Hey, okay, I want to put a firewall or a controller, I want to implement zero trust.” We should be doing it in a way that both the developers and the security teams love. Policy as code, integrated with automation, all of those. What is that hybrid approach that is sensitive to the needs of all the stakeholders while still prioritizing security?

Shira Rubinoff: I think those are very important points. We also hit on something else, we’re making it applicable to the ones who are actually doing the development, the developers, the coders, the people that need to actually function within that environment. And a lot of times organization kind of build it out and then say, now work the way that we want you to work, instead of developing the technology or the security around your people, the way that they actually output the information that you want them to do for you to make you that much more secure. So those are really critical points.

Chris McHenry: Yeah. Actually, one of the things that I would love to have is I’d love that if the security teams could become the ones that say yes to things and not just saying no to things. And a perfect example of that is where we’ve kind of gone with AI, but multi-cloud in general. If we think about a business unit and the business unit’s needs, we’re seeing a really intense competition between the cloud providers and other organizations that are offering really, really differentiated services for businesses, but they might live in a cloud that you are not currently in. So how do I enable and empower that? And I think that’s where the security teams need to think about how do we create stacks that are not tied to an individual cloud provider, an individual cloud vendor, and how do we accelerate evaluation and transfer standardized security controls so that when a business unit comes and says, “Hey, I need to use this app because we have to hit this business objective.” The security team can quickly say, “Yes.” We call it embracing the chaos.

Shira Rubinoff: Well, getting them to all buy-in, that’s something that we certainly need to work on as an industry. But very well said and I think organizations need to take note of that. So interestingly enough, obviously the buzzword AI, but that’s not just the buzzword. It’s something that’s implemented in our technology both from a proactive, reactive cybersecurity posture. But what role do you believe generative AI plays in this?

Chris McHenry: I really think there’s two different categories at least that are relevant to the place that we play. One is going back to the, how do I say yes to using new AI tools? And if those are in different clouds and we need to think about what are the appropriate controls. And we’ve seen AI really be a driver for driving cloud, for increasing multi-cloud as a standard in organizations. So that poll is going to change that landscape, and we need to be able to think about how do we secure the broader multi-cloud environment. But then there’s AI in the context of how do we help the security team and how do we help the networking team and the infrastructure teams? How do those teams benefit from products that use AI to improve workflows? And user experience rolls up to me, I’m a big, big, big believer that amazing user experiences can help organizations achieve value more quickly.

Shira Rubinoff: 100%.

Chris McHenry: And I don’t think chatbots are where we’re going to stop with AI. I actually would love for it to be invisible and to just kind of make recommendations and accelerate workflows. And so we’re doing a lot of research internally in terms of how we can make the networking and network security platforms more self-driving as an example.

Shira Rubinoff: That’s excellent.

Chris McHenry: And I think the benefit of that is really going to be accelerating things like zero trust projects.

Shira Rubinoff: Sure, sure. That’s super critical. I think that falls into line of proper cyber hygiene within an organization, really understanding and giving the tools to the people within your organization another extra layer of steps and pauses that slow them down, but actually help move along what they need to do to accomplish tasks at hand to help the business move forward. And I like to ask all my interviewees for a cyber security tip. It could be a business tip, whether it’s a personal thing for just anyone out there or something within business that you find to be very important that they should take note of.

Chris McHenry: Yeah. I’ll tell you one of the things that really motivates me in this role and not to… We’ll talk about our product a little bit. We introduced a product last year called Distributed Cloud Firewall, which is effectively taking the concept of network security and perimeter security and refactoring and re-architecting it for the cloud. And one of the core components that it helps organizations achieve is it helps them in the cloud achieve zero trust perimeter security without making major changes to their cloud architecture. And that specific thing is something that I’m incredibly passionate about is again, going back to the fundamentals, thinking about how do I have the appropriate controls in place? I see so many large organizations have poor internet perimeter security in cloud environments. And the reason is, when you go to the cloud, the default posture in many clouds is to allow internet access.

Shira Rubinoff: Yeah.

Chris McHenry: And-

Shira Rubinoff: It’s false sense of security.

Chris McHenry: It’s a false sense of security. And so I see a lot of organizations going around and saying, “Oh, tell me what’s wrong with the cloud environment.” I’m much more of a fan of investing in technologies that actively protect me.

Shira Rubinoff: That’s important, yes.

Chris McHenry: And so thinking about the fundamentals, thinking about the kill chain, and the very specific thing that I’ll say is, don’t forget about protecting yourself from the internet, protecting your applications from the internet. I am just shocked by how common it is in the cloud to not have good internet perimeter security. And there is a better way. You can rethink it a little bit. You can look at some of the stuff that we’re doing, but I’m really, really passionate about that control.

Shira Rubinoff: Well, that’s great advice and thank you for sharing with us. And Chris, pleasure speaking with you today. And I’m sure our audience gained a lot of knowledge about yourself and Aviatrix as a whole. And I encourage everyone to take a look at Aviatrix and see all the great things they’re doing. This is Shira Rubinoff with Six Five Media On the Road. Thank you for joining us here today.

Author Information

Acclaimed cybersecurity researcher and advisor, Shira is a global keynote speaker and presenter, and expert media commentator. She joined The Futurum Group in February 2024 as President, Cybersphere.


Latest Insights:

Steven Dickens and Paul Nashawaty at The Futurum Group highlight the strategic significance of Cisco's acquisition of Splunk, emphasizing the seamless integration of AI-enhanced tools to bolster cybersecurity and observability. They note that this collaboration is set to revolutionize IT operations by providing comprehensive insights and improving digital resilience.
Olivier Blanchard, Research Director at The Futurum Group, shares his insights from Computex 2024 about the transition from traditional PCs to AI PCs, the market opportunity for Windows Copilot+ PCs, how Qualcomm, AMD, and Intel already look to be positioning themselves in the Copilot+ market, key benefits of Copilot+ PCs and individual platforms, and what to expect for the PC segment in the short and mid term.
Paul Nashawaty, Practice Lead at The Futurum Group, shares his insights on the recent announcements of Anomalo’s enhancements in data quality management.
Camberley Bates and Steven Dickens, Practice Leaders at The Futurum Group, highlight Broadcom’s unwavering commitment to customer value through innovative programs and strategic initiatives. They emphasize how Broadcom seamlessly integrates business objectives with customer benefits, showcasing their dedication to delivering tangible results and fostering long-term partnerships.