Achieve Defense-in-Depth in Multi-Cloud Environments

Today, 90% of organizations are operating in hybrid and multi-cloud environments—a number that has increased over the past two years due to the acceleration of digital transformation efforts required to support a hybrid workforce. While this flexibility and agility enable the remote workforce and faster application delivery, the proliferation of multiple parallel infrastructures has also created new challenges for CISOs and CIOs. Whether an organization’s data lives on-premises or in the cloud, there are security and monitoring challenges that come with this added complexity.

According to IDC, 70% of organizations are turning to deep observability, giving the ability to harness actionable network-level intelligence to secure and assure the entire enterprise estate. Network intelligence amplifies the power of metric, event, log and trace-based (“MELT”) monitoring tools. Deep observability gives insight into the security and performance state of a system by observing what it is actually doing – the data in motion – not just what it says it is doing.

Below are the top solutions and approaches for CIOs and CISOs to consider as they’re budgeting and planning for 2023.

Normalizing Visibility Where the Data Lives

Many organizations are adopting log-based solutions (from endpoint to perimeter security), which is a good first step, but logs can be bypassed or disabled. Even worse, hackers can manipulate logs to give the appearance that “everything is fine,” when in fact, they are moving between users, resources and exfiltration. The solution to this problem is to normalize visibility across the locations where your organization’s data lives – from the cloud to on-prem, and data centers.

Knowing that IT and Security teams rely on logs makes them attractive targets for hackers today. However, taking a defense-in-depth approach versus logs alone is now critical to ensuring that every single entry point to your organization is secure. Network intelligence plays a huge role in gaining visibility – it is the only way to ensure visibility into all of the data in motion across your entire infrastructure and prevent risks.

Concerns in Today’s Multi-Cloud and Hybrid-Cloud Environments

There are three major concerns when it comes to securing the cloud environment today.

● Log-based security isn’t enough. Relying solely on logs that provide a partial view, and can be disabled or manipulated, leaves too much risk in place.
○ Solution: Modernize your infrastructure holistically. Complement useful-but-mutable “MELT” with network intelligence that is immutable and can provide the depth of insight needed to troubleshoot the toughest problems and root out the most sophisticated threats.

● Tool fragmentation is making it harder to manage enterprise-wide risk. Looking to new tools for each new infrastructure environment and each new performance or security use case is neither practical nor affordable.
○ Solution: Leverage the same observability tools currently used for DevOps and weave networking data into them for new depth of analytics and insights. It’s a natural evolution to integrate DevSecOps, SecOps and CloudOps teams, sharing intelligence and collaborating to better protect the whole organization.

● Siloing data is a bad idea. Hackers thrive in the cracks between silos. A holistic view of actual data communications is necessary for security.
○ Solution: Look holistically at where your data is stored (everywhere), who in your organization is accessing it (from anywhere), and how the data is flowing across platforms. Use decryption where needed to ensure hackers are not using encrypted traffic to get a free ride in and out over your enterprise network. Ensure that you know where your data lives, who has access to it, and how it is protected.

Shared Responsibility is the Key to Success in 2023

Just like cloud infrastructure management is a shared responsibility within the organization, so must enterprise security including data security be a shared responsibility. However, with the ultimate accountability on the enterprise itself, it is essential to deepen observability of what is happening in real-time via network intelligence. “Shift left” is an enormously useful security approach, but this must be complemented by a zero-trust approach that recognizes that even the best upfront security will still face compromise, and security can never relax or stand down from watching real-time activity and data movement. CISOs and CIOs can achieve business agility and security by enabling common telemetry to inform a cohesive approach to security detection and response with depth and automation.

Avatar photo

Michael Dickman

Michael Dickman is Chief Product Officer responsible for product strategy and leadership of product management and product marketing functions. Prior to Gigamon, he was Senior Vice President for Product Management & Technical Marketing at Aruba Networks where he accelerated cloud services across Management, Network Optimization, and User Experience. He previously innovated a Mobile-First strategy for Aruba Switching in Product Management and later as General Manager.

michael-dickman has 1 posts and counting.See all posts by michael-dickman