Once upon a time, IT and security teams
focused mostly on managing their
organization’s on-prem environment. But as
business requirements changed, customer
bases became global, and remote work took
root, these technology teams were handed
responsibility across more domains:
cloud deployments, SaaS applications,
and the public Internet.
Individually, each domain has more than its fair share of
complex management and security considerations. But the
loss of control is the result of several factors in combination:
- Each of these domains has a different core purpose,
operating model, and security model. They are in effect
super-silos which contain their own silos within them.
- Environments outside the firewall are inherently less
visible to IT and security teams, as the infrastructure,
access control points, and users are controlled by outside
vendors, or in the case of the public Internet, not really
controlled at all.
- “Any to any, always and everywhere” connectivity
expectations produce combinations of hardware, software,
services, protocols, standards, conventions, and regulatory
requirements that are in practice infinite.