Below is a casual, informative interview with Jeff Doyle, VP of Research at our partner, Fishtech Labs. For those who don’t know Fishtech, they’re a technology accelerator focused on security and networking and with a lot of expertise in the cloud. Their leadership comprises many of the leaders from Fishnet Security, which you may know merged with Accuvant last year and became Optiv. Fishtech recently released its Certified Cloud Ramp Framework (CRF), of which Netskope is the Cloud Access Security Broker of target technologies facilitating Fishtech’s new cloud migration and operating model. I caught up with Jeff last week to understand his views and thinking behind the CRF.
Jamie: What is Fishtech’s goal with this framework?
Jeff: I think there are a couple of ways to look at this framework. First, our intention was to give customers a proven, tested migration path to the cloud. People talk a lot about migrating to the cloud, and what the business benefits and risks of cloud are, but there’s a real gap in the conversation about how to get there.
We want to help our customers come up with not just a methodology or architecture, but a tested path and integrated operating model. We want to help them ensure that what they’re creating isn’t a snowflake, or one-off architectural approach. The more they custom-build their cloud infrastructure, the more one-off their ongoing operations become. That’s not efficient for anyone. We also want to help them ensure that the architecture they choose is well-vetted against their requirements, in the market, and also in our own labs. This way they know fully what they need, what they’re getting with the components they are choosing, and what to expect from the overall solution.
Moreover, while our customers have a good set of tools for operating in a physical environment, as they move into cloud those tools may not be well suited or are less relevant. Besides helping them identify new gaps based on their business requirements, we want to help them ensure they’re not force-fitting tools into their environment because they solve an immediate need but instead to look at the overall set of tools that work together, are well suited for their needs, and are made for cloud environments.
Getting a little more brass-tacks, we have four goals for addressing our customers’ needs:
- Help them achieve operational efficiency with the cloud services they’re using and the way they secure them.
- Provide them visibility so they understand their cloud environment, usage, and data.
- Enable them to control data sprawl to corral and protect sensitive or regulated data.
- Help them build business continuity into their overall model, an overall objective of cloud but one that’s not always thought about in the security context.
Jamie: What are some of the core requirements in your mind as Fishtech came up with this framework?
Jeff: One thing to note about this framework is that we try to steer customers from choosing a single solution in a vacuum and without looking at or thinking about their architecture as a whole. Even if they sequence their technology purchases one at a time, we encourage them to think from an overall architecture point-of-view based on their business requirements and where they’re going. So when they evaluate a particular tool (or we evaluate it on their behalf), besides looking at the goals of the product, does the tool fit the overall architecture. This is key for cloud migration so essential pieces don’t get left behind.
An important part of ensuring this is our own labs. When we say these solutions are vetted or proven, the whole idea is that we’ve taken selected and carefully chosen technology partners like Netskope and looked at not just what the solution does, but how well it works with all of the other elements within an architecture. We’re testing in our lab and even eating our own dog food by using that architecture as Fishtech Labs!
Jamie: What technologies did you select and why?
Jeff: We took a hard look at what was needed for organizations to consume cloud services securely. Those elements include Cloud Access Security Broker (CASB), Single Sign On (SSO), Data Loss Prevention (DLP), endpoint security, micro-segmentation capabilities, network security, next-generation firewall, orchestration, provisioning, software-defined WAN (SDWAN), security information and event management (SIEM