When it comes to network security, the technical world today mostly consists of traditional flat computing networks, which are located in a data center, or “castle,” surrounded by its security, or “moat.” All of the traffic comes into the castle from over a drawbridge, and it’s understood that either the data is from inside the castle and it’s “good,” or it’s coming from the outside, and it is automatically suspected to be “bad.”

As we have learned from numerous data breeches over the years, “It’s only a matter of time before the ‘bad guys’ get in,” said Armon Dadgar (pictured), co-founder and chief technology officer of HashiCorp Inc.

There are several emerging ways to secure data, starting with zero-trust networks, the assumption that everyone on a network is “bad” and they must be cleared on a case-by-case basis, or via identity-based security.

Dadgar spoke with Jeff Frick (@JeffFrick), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the PagerDuty Summit in San Francisco. In addition to how identity-based networks keep data safe, they also discussed managing security across disparate cloud architectures. (* Disclosure below.)

Trust and verification to keep networks secure

As networks are made up of IPs and ports, it’s not immediately clear if one address is, say, a database or a webserver. Identity-based security consists of three parts: application identity, where the physical type is identified and verified; once that’s complete, certificates are distributed, based on whether it’s a database or a webserver. After that is completed, access between them can be enforced, Dadgar explained.

Of course, managing physical servers is one thing; when organizations employ multicloud environments, the complexity increases, and the problem of keeping data secure increases as well. When the tidal shift of infrastructure is moving from on-premises, relatively static VMware-centric to, say, AWS, plus Azure, plus Google, plus VMware, it’s not just a change of one server here to one server there, according to Dadgar. Rather, “It’s like going from one server here to 50 servers that I’m changing at every other day rather than every other year,” he said.

It’s a point of consistency, according to Dadgar, focusing on API-driven integrations on all of a user’s systems, because it is almost impossible to depend on the end-user to standardize everything on a single platform. Treating all APIs uniformly is the best way to get a handle on security within complex, multicloud systems, he concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the PagerDuty Summit. (* Disclosure: TheCUBE is a paid media partner for PagerDuty Summit. Neither PagerDuty Inc., the event sponsor, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE