Azure Case Study: How vArmour is helping a large organization with their multicloud project
Dec 13, 2018 / vArmour
If you’re one who pays attention to financial news, you may have recently heard that Microsoft has surpassed Apple to become (at the date of this blog post) the world’s most valuable company in terms of market cap. Twenty-four months ago, this would have been a stunning prediction. Microsoft was a giant company but their growth compared to that of the FANG stocks (Facebook, Amazon, Netflix, and Google (now Alphabet but that ruins the clever acronym)) was so-so at best.
One of the biggest drivers for Microsoft’s remarkable growth over this period has been the rapidity with which they’ve grown to become a market leader in enterprise cloud adoption. This is borne out in the activities our team has been helping customers with of late. We’ve been helping organizations with cloud migrations for years, and more and more frequently these days, these migrations are to Azure.
Given this, I’d like to describe how the vArmour Application Controller is helping one large organization along every step of their journey from a datacenter-based business to one running completely in Azure. This particular organization hosts a popular online service I’m sure a large majority of this post’s readership engage with regularly. Since this organization is like every other organization on the planet, they don’t know with absolute 100% certainty how their applications communicate, especially when it comes to dependencies on or interactions with ancillary services or components.
That’s where the vArmour Application Controller comes in. vArmour’s rich, automatic application discovery, modeling, and visualization enables this organization to easily and comprehensively classify, analyze, catalog, and plan for the migration of all of their applications. This is all accomplished without installing intrusive agents on every endpoint, forcing traffic through a proprietary SDN, or physically racking and cabling taps and collectors. Every flow is cataloged. Every endpoint is mapped, even if the traffic volume is miniscule. The Application Controller is sort of like the all-seeing “Eye of Sauron” from Tolkien’s Lord of the Rings except, you know, it’s not horrifying or malevolent or things of that nature…
Each application is fully modeled and presented clearly and graphically. Changes to things such as policy can be validated ahead of time against months of historical traffic. Armed with this full application context, the IT organization more confidently and accurately plans for and executes service migrations, with fewer surprises and less downtime. Changes happen more rapidly, more successfully, with less uncertainty. As someone who served for several years as a voting member of an infrastructure change control board at a large financial services provider, I love this capability! But this is not where the vArmour story ends with this organization.
The same visibility, monitoring, and discovery of applications that’s running in the datacenters to enable the migration is also deployed to visualize and discover applications running in Azure, all within the same console and dashboard. This is what we mean when we say hybrid cloud application visualization. It doesn’t matter if the databases live in a datacenter while the application servers live in Azure. vArmour’s Application Controller technology spans multiple cloud environments to see all traffic. So that covers the application migration side of the engagement with this organization, but that’s not where the journey ends with them.
As more and more critical assets and applications are migrated from on-prem to cloud, it’s imperative that security policy governing access to and from these applications be maintained or even tightened, be this for compliance assurance, attack surface reduction, or simple best practices. Incidentally, the very same visibility problems that plague teams attempting to migrate applications with 100% certainty also plague security admins trying to write effective network security policy. This is why vArmour built into the Application Controller the ability to apply intent-based policy computation to the aforementioned modeled applications. The Application Controller can compute a candidate security policy based on the user’s intent and fully measure and validate the efficacy of that policy against historical traffic. This eliminates weeks of guesswork and Wireshark analysis and provides a measure of certainty ahead of policy implementation that manual approaches to policy creation simply can’t match. This capability has been reducing policy creation times from weeks to minutes for organizations worldwide for over a year, and it’s now come to Azure.
By leveraging the vArmour Application Controller, organizations large and small can easily visualize and understand all application communication flows, compute, validate, and enforce intent-based security policy for compliance assurance or attack surface reduction, all without a heavy services or complicated technical footprint.