EDITOR'S PICK
Jun 24, 2024
Today, when IT production workloads have largely moved to public clouds and SaaS platforms predominate, the role of InfraOps has become even more critical. Here's how zero trust can help operators navigate complexity.
Back in my days as CIO for a financial services firm, the busiest person on my team was the infrastructure operations (InfraOps) guy.
His phone would ring off the hook with all sorts of issues – app developers needing new network connections, branches (we had over 1000 across India) complaining about issues, infosec teams asking for support for myriad audits. As administrator of a complex DC and WAN network, the InfraOps head held the keys to the kingdom. Most assets were identified by IP addresses. There was little visibility of network traffic.
This was a pre-Covid age when the majority of enterprise IT systems ran in private data centers. There were some SaaS apps in use, and public cloud service providers were gaining momentum. We were moving non-mission-critical workloads like dev/test environments or disaster recovery setups to public cloud infrastructure.
But by today’s standards, when IT production workloads have largely moved to public clouds (often many of them) and all of the SaaS platforms in use, the role of InfraOps has become even more complex and critical.
Here are some of the core disadvantages InfraOps faced before the cloud was dominant.
Poor visibility
IT was focused on providing business visibility – what products were selling through which channels in what markets, trends over time, etc. But, an IT team’s own metrics like application usage, network traffic, or end user issues were all siloed information in multiple systems with no centralized visibility. Good security always starts with visibility of which controls could be built for risk reduction.
Network segmentation: a never-ending endeavor
Inherently flat corporate networks need to be segmented to ward off unwanted traffic, both external and internal. IT has focused on external risks by building large DMZs and protecting them with often outsourced solutions like DDoS protection and web access firewalls.
Looking at the various firewalls in use, the perimeter instances tend to be more robust NGFWs, while internal ones, protecting user-to-DC or intra-DC (test environment to production) traffic typically use only Layer 3 controls. Additional regulatory compliance needs, particularly in the finance sector, meant the introduction of solutions like NAC, which are difficult to implement and must adapt to continuously changing app and network topologies.
Growth in traffic
Covid-induced remote work drove traffic towards the internet and cloud, as well as the rapid adoption of collaboration tools and SaaS, IaaS, or PaaS platforms. As demonstrated by the over 40 million endpoints using Zscaler, per-user traffic generated has grown 10X since pre-COVID.
Companies who continued backhauling traffic to centralized egress and ingress gateways hosted in private data centers soon created bottlenecks, resulting in poor user experience for employees and adversely affecting digital transactions. Most of that heat came down heavy on the InfraOps team.
All these factors support the theory that legacy modes of connectivity and security are not suited for the cloud era. Companies are increasingly pulling out traffic from WAN networks to the internet and using cloud security solutions to inspect and regulate traffic closer to traffic origination (end users) and destination resources (apps and data). There is significant reduction of the burden on InfraOps teams as multiple point products are getting consolidated into few platforms.
However, this also requires reskilling. Some of these change areas include:
- Moving away from Layer 3 firewall controls to identity-based and context-aware policies. This will ultimately prove beneficial for InfraOps teams as the total number of rules will be reduced and therefore easier to manage.
- Adopting zero trust network access (ZTNA) to move users and devices away from networks, reducing risk factors surrounding large attack surfaces and lateral threat propagation.
- Logs on network traffic and downstream correlation by Sec Ops, Incident Response teams are more effective – fewer sources, less false positives can improve MTTD and MTTR metrics.
Network transformation can supercharge InfraOps, allowing teams to do more with less. And perhaps reduce the daily number of calls they receive from all parts of the business!
What to read next
Prioritizing hybrid work IT infrastructure with proper CIO budgeting
Unpacking Airgap, Avalor, and RSAC with Nat Smith, product leader and ex-Gartner analyst [podcast]
Recommended