“The security company needs to know the company is embracing agile IT,” said Jon Oltsik, Senior Principal Analyst, Enterprise Strategy Group, in our conversation at the 2016 RSA Conference in San Francisco. “[Security] needs to adopt their processes and their technologies so that they’re flexible enough to keep up with agile IT.”
“The primary trend we see is companies trying to use their existing technologies and processes for cloud, for agile IT. That makes sense. They’re trying to get ROI on the tools that they know. But typically that doesn’t work,” added Oltsik, who advises companies to look at what they have, but also what they need to adjust in a new agile world.
There is not one new environment, said Oltsik. It’s a heterogeneous environment and you need tools that can operate in this kind of environment both on-premise and off-premise. You don’t want security controls specific to one environment, but rather security controls that can adapt to all the changes that are happening in the hybrid environment.
When we talked about microsegmentation, Oltsik said we need to have segmentation policies from workload to workload. Ask yourself, “What is the workload. Where is it? What does it need to talk to?” This is a completely new way of thinking about security that companies really need to adopt.
Read more on this topic [article]: Survey finds companies want security as part of continuous development but aren’t there yet