Interview with Jaushin Lee, President and CEO of Zentera Systems, Inc.
Zentera introduced a new solution for protecting applications and workloads in the multicloud. Can you provide us with a brief overview of your company?
Sure! We are a network security company. We provide the CoIP® platform that enables companies to extend and protect their production workloads from on-premise datacenters to public, private and hybrid clouds—the multicloud. CoIP stands for “Cloud over IP” and is available to organizations through our partners.
I started the company in 2012 to realize my vision of the coming convergence of networking and security, inspired by my experiences in the late 1990s trying to create cloud-like functionality between two Silicon Valley technology giants, well before the cloud become commercially available.
And, what about the new multicloud security solution? What have you launched? And what does it do?
Our CoIP (Cloud over IP®) platform is our flagship product. Just recently, we launched a new CoIP feature – the industry’s first true cloud security overlay solution that brings third-party security capabilities to the cloud. Integration partners can now offer their industry-leading security features throughout the multicloud to their customers.
CoIP itself is a virtual infrastructure that helps companies isolate and shield their application workloads in the cloud. The workloads are effectively invisible on the internet to malicious users or hackers, as well as to cloud provider operations. CoIP provides the highest level of cloud security assurance to enterprises and allows them to keep their security, physical network, and compliance measures intact during and after cloud workload migration.
What are the most significant threats to organizations’ workloads as they run in virtual and multicloud environments?
There are three big ones:
The first threat is the new attack surface that is exposed when utilizing public cloud datacenters, so enterprises need to protect their endpoint resources against east-west threats, or threats that are intra-domain—within a single cloud, datacenter or virtual environment. Basically, when companies go to the cloud or virtualized environments, one big concern is about their unknown neighbors. So shielding workloads against neighboring servers is important!
The second concern is an organization’s own applications (HR, Accounting, Engineering, ERP, Operations). Enterprises have workloads coming from hundreds of applications across different business units, operations and functions. The security risks vary from one application to another. So if all applications are mixed together without segregation or isolation, cross-contamination can easily happen.
Earlier I mentioned east-west threats. The last threat I want to describe is called north-south, or threats between domains — inter-domain threats. Many enterprises build permanent networks that connect cloud workloads back to their on-premise environments. Today, the most common kind of connection is a static VPN, which remains active. However, the corporate firewall is typically opened to accommodate these VPN connections. When an attack and compromise happens in the remote cloud workload, a static VPN can allow hackers to come back into the enterprise. Essentially, enterprises risk leaving a door open for intruders to come in. Typically, a firewall filtering capability is put in to filter VPN traffic. But when hundreds of applications are migrated to the cloud and then connected back to the enterprise datacenter, firewall filtering becomes difficult to implement and scale.
Why is it so difficult for security solutions to operate in a cloud or virtual environment like they do on-premise?
On premise resources can be protected physically and managed directly by IT folks. There are physical and virtual edges to the on-premise environment and many current security measures are designed to protect those edges, such as firewalls. In virtualized environments such as the cloud, there is no such edge to protect and no physical device to manage or secure. That’s the critical difference between the cloud and on-premise.
In addition, computing, networking, and security are typically considered three different functions and therefore have different implementations in the enterprise managed by different IT teams. The next-generation cloud is disrupting the conventional on-premise enterprise practices because cloud security requires a convergence of these three functions. In the remote cloud, customers can access and manage only the endpoint (virtual machine or container). Therefore, the required technology for cloud security, including computing and networking, needs to converge on the endpoint.
Aren’t there current solutions already available addressing these issues for the cloud?
Indeed, there are numerous solutions that are trying to address some aspect of multicloud security, but most of them are edge-to-edge solutions like most VPNs or SDNs. Edge-to-edge solutions need additional security services to protect the area between the edge and the application endpoint. Furthermore, some solutions are designed for a specific circumstance or cloud provider. Only CoIP meets the challenge of providing a complete solution with minimal impact on existing systems.
What is different about your solution? Why is this important?
In contrast to edge-to-edge solutions, CoIP is an endpoint-to-endpoint solution, which allows security to operate at both the network and the application layers. Furthermore, the endpoints can be set to individually allow only specified applications to use the network. And the network itself is not permanent. Instead, it is on-demand and event-driven, which increases security by reducing the attack surface in the cloud. CoIP security features include network encryption to protect traffic and data; microsegmentation to protect against east-west threats; and application interlock and whitelisting to protect against north-south and east-west threats.
CoIP is also different because it is a single platform that offers the required functions and is automated. There is no need to modify existing IT technology. With CoIP, enterprises can migrate production workloads to any cloud with significant productivity gains. The next-generation enterprise multicloud infrastructure, using CoIP, will be completely overlaid, with no “rip and replace” of legacy infrastructure.
So you provide a solution to ease the process of migration? Does it really become “days not months”?
Yes, deploying a CoIP network is accomplished through a single straightforward control center. Built-in automation takes care of the details, whether CoIP is being used for network migration (sometimes referred to as “lift and shift”), or a variety of other uses such as compute “bursting” to the cloud. It’s that fast, because we are an overlay technology. CoIP is fundamentally an add-on to existing environments and therefore is straightforward to put into place. In fact, it’s really a matter of just hours but my marketing folks discourage me from saying so.
What do you mean by “overlay technology” you keep referring to?
Well, CoIP stands for “Cloud over IP,” and we call it that because it is conceptually similar to VoIP, Voice over IP. When one phone calls another, they just have to find one another and connect through the Internet. They don’t require special wiring or low-level security protocols. The technical explanation is that VoIP is a Layer 5 technology that is merely using the Layer 3 routing technology to make a connection. In brief, VoIP is an overlay technology for connecting phones and CoIP is an overlay technology for connecting virtual machines.
What are some of the benefits an organization should expect to experience with the Zentera solution? Why is this important?
CoIP provides benefits to organizations utilizing it, as well as to the multicloud ecosystem as a whole. Our recently announced support for CoIP integration with security engines is a case in point—it gives organizations flexibility and provides them with defense-in-depth capabilities in the cloud that they have on-premise by using their existing enterprise security services. It also means that our integration partners can now offer their industry-leading security features throughout the multicloud to their customers. As a result, security companies can become the end-to-end security vendor of choice and can offer new cloud security services to attract new customers.
Overall, CoIP can bring great efficiencies to businesses in multiple ways. They can migrate, protect, and run multiple production workloads in the cloud with ease, giving them flexible business scalability with partners and customers. CoIP’s on-demand networking and cloud services means that businesses pay for extra resources only when they are being used. And since CoIP does not require changes to the existing infrastructure, there is no need to wait for approval from security and legal teams before CoIP can be used to benefit the business.
All this is accomplished with enterprise-grade security that is deeply embedded with CoIP’s overlay network. Encryption prevents information leaks, while the exclusive shielded nature of the overlay network means that workloads and compute resources are not exposed in the cloud and are kept private even from the cloud service provider.
How will the Zentera solution be made available to enterprises and the multicloud ecosystem?
The Zentera CoIP solution is currently offered through select regional partners. CoIP is also being integrated with widely used security and cloud platforms, as well as with telecom and cloud service providers.
Can you talk about a customer scenario, and what their multicloud migration and security needs and requirements are?
We’ve seen a wide range of use cases and success stories. The most common one is enterprises wanting to migrate one or more applications over to the cloud while preserving their existing security and compliance measures. Other use cases include extending sign-on capabilities across datacenters, consolidating datacenters, and connecting datacenters internally.
What can we expect to see from Zentera in the future?
In the first half of 2017, there will be industry-leading security, telecom and cloud service providers offering CoIP capabilities as part of their service offerings.
It’s been great chatting with you today. Anything else you’d like to share about the state of virtualized or multicloud security, or the new Zentera solution?
Enterprises today are moving production workloads to the cloud and are inevitably using multiple clouds. This will lead to an increasing demand for cloud provider interoperability, that is, to be cloud agnostic. With new approaches like CoIP, organizations can be cloud agnostic and benefit from the resulting flexibility and resilience.