As organizations embraced the public cloud over the past few years, security teams were on the hook to modify network security policies and implement security controls to protect cloud-based workloads. The goal was simple: Protect cloud-based workloads with network security polices and controls that were equal to or better than existing safeguards for physical and virtual servers in corporate data centers.
This turned out to be far more difficult than expected. Many organizations tried to force fit their existing security controls (firewalls, ACLs, network segments, VPNs, etc.) to accommodate cloud-based workloads. This turned out to be a technology mismatch – security controls built for physical and virtual servers were too inflexible to service the public cloud.