Since coming out of two years of stealth development back in October, the data center security gurus at Illumio have been building momentum in the drive to break out of the confines of the traditional network-centric security model to make it easier to secure IT in the face of distributed computing, continuous delivery and DevOps patterns. This week, the firm got a big boost in the way of $100 million in Series C financing and continued forward movement with some new tweaks to its Adaptive Security Platform (ASP).
Designed with DevOps patterns in mind. Illumio’s ASP is meant to be a continuous delivery system for dynamic policy enforcement within application traffic across everything from bare metal servers to VMs and containers within the data center and public cloud infrastructure. Â According to Alan Cohen, chief commercial officer for Illumio, the idea is to build security attuned to the infrastructure as code movement in IT.
“Security has been tied to the infrastructure for the last twenty years–not just client-server, but also right back to the mainframe. And as we’ve created software infrastructure–software models for applications and compute processes, whether its storage or network or servers that can be spun up or spun down or moved very rapidly–the security industry hasn’t adapted well because its still very hardware, choke-point centric,” he says. “The industry hasn’t done anything to adapt to distributed compauting and continuous delivery. (When vendors do make adjustments) they’re just running something on software but it operates as it did before.
The announcement this week adds further capabilities for the platform to segment the continuous delivery of that enforcement down to the process level within workloads, so that as any part of the application changes, the platform automatically adapts security policies on all impacted workloads.
“So let’s say you have an application that’s a credit card processing application and it uses a certain database. You may have two instances of that database running on a single host. One is for PCI and one is not,” says Cohen. “Through our virtual enforcement node we can segment and separate those two workloads and effectively provide a layer three layer  for firewall at the process level on an individual host.”
The added segmentation of dynamic security enforcement gives DevOps shops a greater degree of flexibility in securing microservices environments.
“When you talk about microservices there’s two things to think about,” says PJ Kirner, chief technology officer and founder of Illumio. “One is that they’re small and process-oriented, and the other one is they exist for a short amount of time. Both those aspects are important to consider for security. The fact that it needs to adapt quickly to all of these ephemeral workloads that are spinning up, spinning down to accomplish your goals.”