Cloud Adoption for the Canadian Public Sector: Accelerate cloud migration and apply advanced network security

Valtix, SaaS, and Cloud Service Providers: How Our Innovation is Built on Innovation

September 22, 2020  •  Vishal Jain

Valtix, SaaS, and Cloud Service Providers: How Our Innovation is Built on Innovation

Valtix, SaaS, and Cloud Service Providers: How Our Innovation is Built on Innovation

Recently, I was asked to provide a different perspective on what we’ve done at Valtix. The Multi-Cloud Leadership Alliance asked me to participate in a webinar about how Software-as-a-Service (SaaS) and Cloud Service Providers (CSP) have changed what we do and how we do it. Specifically, what innovations, opportunities, and challenges did they each present, and what did Valtix do about each? Furthermore, what advice did we have for other businesses as a result?

As a reminder, Valtix is in the network security business, providing advanced (read: enterprise strength) network security for applications in public clouds. But the difference is that we provide netsec as a cloud-native service. We discover what apps customers have, deploy the right security for those apps, and defend them with a customized stack of capabilities. This enables organizations to have a consistent approach to network security across regions, accounts, & clouds. More on Valtix here (https://www.valtix.com). With that context, let’s jump in.

Advantages, Challenges, and Innovations with SaaS

Some of the advantages with SaaS mapped neatly into the requirements we got from customers, specifically:

  • Customer apps cross clouds
  • Management systems can’t have management overhead
  • Must be infinitely scalable, easy integration, DevOps friendly

What did we do to capitalize on those? We built a SaaS-delivered control plane. Which meant that our customers could have apps everywhere, but have a single abstraction, shallow learning curve, no overhead, and easy operations.

But what’s a control plane? In networking, the control plane is often considered the “brain” of the network, where the data plane handles packet forwarding. With the advent of sophisticated hardware designs and software-defined networking, the control and data planes were split, and that gap has grown over time (first split but co-resident, now the two planes might be quite far apart). For network security, the control plane handles policy, routing, and abstraction, and the data plane is charged with enforcement and packet forwarding.

Some of the challenges with SaaS were specific to networking and security. As noted, the control plane is a great opportunity. The data plane (where the network security policy actually gets enforced) was a different story – SaaS would require production traffic to be “backhauled” to the vendor’s (in this case, us) cloud environment. Which for many enterprises is a non-starter. Issue #1 is latency – that round-trip just to have security enforced has an impact on business and customer experience for many apps. Issue #2 might be more important – having another entity examine production traffic (which includes regulated, sensitive, or customer data) is often against stated security policy. That’s where Valtix took advantage of some of the benefits provided by CSPs (see below).

Some of the innovations we saw in SaaS we both adopted and emulated. Things like scalability, accessibility, and security are embodied by technologies like Snowflake, ServiceNow, and DataDog (and more) – enabling us to both inherit and extend their innovation.

Advantages, Challenges, and Innovations with Cloud Service Providers

Some of the advantages we saw in CSPs included the ability to place customer-owned capabilities in their accounts, yet have them managed by our control plane. Furthermore, there are other points of leverage (see below).

Remember how SaaS was a lousy dataplane for security? Turns out placing the dataplane in customer accounts using the Platform-as-a-Service that the CSP provides makes for a great dataplane – same scalability and resiliency as SaaS, but without the added latency and compliance concerns. That SDN-style separation enabled our customers to manage globally, but enforce locally.

For Valtix, CSPs did present some challenges, mainly that each CSP has its own infrastructure concepts and constructs – which means that we had to abstract nuances and differences to build a cross-cloud solution. Specifically, Valtix had to customize a dataplane to take advantage of each CSP and abstract those differences for customers who are multi-cloud. In other words, do the work to make it all look the same, while mapping that to CSP-specific dataplanes. As it turns out, a SaaS control plane is perfect for that.

Specific innovations that we used in CSPs focused on scalability, accessibility, and secure infrastructure. We used the FPGA as a service capability offered in most CSPs – which gives customers the advantage of advanced compute without procuring hardware, and offered datacenter-class performance with CSP hardware. The second set of innovations we used were around shared services within the CSP – things like the Object Stores and Key Management Systems (KMS) that Valtix customers are already using – enabling a faster start and greater leverage.

Advice for Businesses

In building Valtix, we had to innovate on top of innovation in SaaS and from CSPs. In helping customers use Valtix as they protect apps in the public cloud, we’ve learned a bit more. With all that we’ve learned, what advice can we offer other businesses? A macro view for “why cloud,” a basic philosophy on how to ensure the benefits of cloud, and an outcome-based view of those benefits.

First, at a macro-level, we tend to think about it this way:

  • CSPs provide infrastructure anywhere you want
  • SaaS providers provide their software services anywhere you want
  • Together enterprises can provide a solution anywhere customers ask

More specifically, regardless of whether we’re looking at cloud-native apps or lift-n-shift apps (the reality is that many organizations will have both), make sure you’re consuming cloud-native technologies around the apps. If it’s an important app (they always are), you don’t want an enabling technology to be a boat anchor to that app. In other words, for infrastructure, security, or ops, focus on tech that delivers as a service, not in a box.

Maintaining a focus on cloud-native enables many of the outcomes promised by the cloud – both technological outcomes and business outcomes. On the tech side, Valtix saw benefits like operational simplicity, resiliency, and easy scalability. On the business side we were able to shorten time to market on new capabilities and make our costs consumption-based (which allowed us to ramp up when demand required, not sooner).

You can listen to the recording at: https://www.youtube.com/watch?v=S-gBRRWwnj0

Thanks for reading.

Ready to transform your cloud?

Valtix security is so comprehensive, you can forget about it. See for yourself.