Tip:
Highlight text to annotate it
X
Hello, my name is Rob Cameron here at Netskope, and I want
to talk about today some best practices that I use.
For Movie Line Monday, our movie quote of the day is from
The Graduate.
"One word--
plastics." And I want to talk about that around flexibility
of building a cloud.
So we'll get back to what our quote means in a bit.
So I've done this for over 15 years.
I've written six books.
I've consulted with hundreds of companies, deployed
thousands of firewalls.
And some of the firewalls I've actually deployed
you're using today.
Unfortunately, I can't disclose what those are.
But trust me, you're using them.
And so with that, when I came to Netskope, I wanted to take
these principles that I've worked with customers, put in
my books, and talked about, but actually apply them.
Because I feel it's important if you're an artist, you want
to go out and not only appreciate art, but you want
to make it yourself.
So I think building the perfect cloud is like building
art because you're taking different things, different
components--
a bigger firewall, a smaller switch, whatever it may be--
and then building the perfect environment to operate under.
You don't have to necessarily follow the traditional three
tier switching, or this many routers,
or this many firewalls.
It's about building what's right for the customer.
So first, let's talk about security.
I'm a security nut and I always have been.
The reason being is that it's so easy to make one wrong
keystroke and you end up being a funny story the next day in
the front page.
So for security in our environment, that's paramount.
Accessibility to systems is only through an audited
third-party provider.
So when we access everything, every access and every
mechanism is audited.
Everything we do is recorded.
And there's just no hiding any action.
This is great because it provides
us security to ensure.
Again when we're working in your environment, on your
cloud, everything we do recorded and maintained for
you to trust.
So if anything happens, completely secure because we
know how it's accessed.
We have very limited access into hosts.
One of the things that concerns me is people just
take hosts, they throw it up there, put very weak
authentication.
This may be IPMI or something that's a very low-end system,
like a serial console server or something, and then people
get right into it.
Once you have access into that back door, that root of the
system through either console, IMPI, serial, whatever it may
be, you're right into the host.
And this is again, great for availability and accessibility
to you, but it's really good accessibility for somebody who
shouldn't be-- who isn't you and who shouldn't access it.
So when we built this environment, we built
something focused on security.
And just enough to be frustrating on our part to
have to use, but great enough so that we don't have to worry
about somebody breaking into it.
Because we want to provide that cloud, that cloud with
confidence that you can trust.
Around availability, one of my first projects I ever did in
this industry was build a seven tier internet
architecture that would never fail.
Now, granted this was the late 1990s, so seven layers may be
a little bit extreme for today.
But after building it with the customer, he said, I don't
trust testing it in production.
Well, why would you build something so available, so
robust if you can't just pull it out right when your CEO's
giving a big speech on the internet?
So ever since then, I've always been inspired to build
a network that's available.
But not just available on a single host, but available
within a data center, multi-data center, and a
multi-data center region.
So when here at Netskope we started building our data
centers out, we focused around building availability at every
level of the game.
Within a data center, within a service, multi-data center
sites, multi-site failover.
Because just tomorrow, maybe Silicon
Valley runs out of power.
Who knows?
I'm not here to predict it.
But I'm here to prevent an issue from happening by having
multiple sites in multiple regions to be able to provide
the maximum availability for you.
We're using techniques like dynamic DNS, GSLB load
balancing, and then availability testing through
various services to failover seamlessly no matter where you
are in the world.
So not only, again, within the US, but also
within regions in Europe.
Because these are the places that our customers are most
active today.
And as a company, we want to build that availability out
with our customers.
Again, hence kind of the secret of the
cloud being very flexible.
So back to our movie quote, "One word--
plastics."
Flexibility in the cloud, SDN, all this dynamic, open,
shifting every acronym you can think of.
Well, honestly, this is something that people have
been doing for many years.
Whether this was a shell script, pearl, whatever it may
be, something to automate an action across multiple sources
of multiple resources.
What I'm excited is back when we look at The Graduate in the
1970s when plastic was this new, exciting idea.
Well, everything's made of plastic.
So now we've just grown to now that this idea that's very
rare, very new is commonplace.
And that's why I'm excited because the flexibility of the
cloud is there.
There are so many protocols and availabilities to make the
cloud and all these devices do anything I wish.
And the benefit there is I can build something that's
beautiful, that's reliant, that's secure.
So we're going back to these fundamental things that some
of us knew about many, many years ago.
Now they're commonplace and we can use them in every system
to provide you the best, secure, available, and
flexible cloud for your environment.
And the idea of that cloud is it's this operational model
where you, as the customer, don't have to worry about it.
But through things like auditing, security, and
assessments, we're able to provide to you exactly how we
provide this.
So there's a trust between the two groups.
So again, if you have questions or you're interested
in discussing a topic, you can email us at
movielinemonday@netskope.com and myself or somebody else
would be happy to answer those questions for you.
So thanks for listening.
I'm Rob Cameroon with Netskope, and
we'll see you soon.