By Vladimir M. Yordanov, Senior Director of Solution Engineering for Gigamon Asia Pacific and Japan
The current situation
In recent times despite initial cybersecurity concerns, the benefits of agility and scalability that cloud computing enables, especially during previous years’ pandemic lockdowns, outweighs security and performance risk.
A study commissioned by Gigamon and conducted by Frost & Sullivan titled, “Cybersecurity, Visibility, and the Cloud,” revealed that 53-percent of APAC organizations have over half of their enterprise workloads in the cloud, with a majority preferring a hybrid approach of combining on-premise environments with cloud infrastructure.
This exacerbates visibility concerns, especially because 90-percent of APAC organizations will use a minimum of two cloud service providers (CSPs) for strategic reasons like competitive pricing and avoiding vendor lock-in.
This points to the inevitable – organizations must begin to balance the risk of having their workloads hosted in multiple environments with the productivity and agility gains that cloud computing offers.
With the growing acceptance of cloud, the hybrid cloud trend is likely to persist during the foreseeable future, even though APAC organizations prefer to maintain a majority of control over their infrastructure and data to maintain as much visibility as possible, whether on-prem, hybrid or on multi-cloud.
An expanding IT estate and the visibility challenge
Forty-four percent of APAC organizations surveyed have 50- to 81–percent of their workloads on an Infrastructure-as-a-Service platform. Visibility is set to become exponentially difficult given that a majority of organizations have at least two CSPs who project growth of device endpoints and attack surfaces.
Also, 86-percent of APAC respondents agree that visibility of network traffic from cloud security tools are important if not critically important. There is awareness of needing to maintain data fidelity by streamlining all this cloud traffic and the platform came up as an approach to achieve this.
Growing cloud diversity and conformance
Organizations now are willing to compromise and finetune a balance between the cybersecurity risks and efficient productivity that cloud computing enables.
The answer to this balance is deep visibility into network activity within an organization’s perimeter. But network monitoring and security tools, designed for an on-premises world, typically lack visibility into cloud environments, applications, and services. The same goes for agent-based and log-based cloud monitoring and security tools.
This is a huge challenge to understanding traffic behavior and data that reside in virtual machines and containers.
This opaque network traffic and the messy sprawl of cloud security tools that 68-percent of CIOs surveyed by Frost & Sullivan say they refresh every 3 to 4 years, are huge visibility hurdles.
All in all, the following factors increase agility but also diversity and hence the complexity in securing cloud:
- Deployment architecture – on-premise, cloud, hybrid, virtual
- Deployment types – multi-cloud, cloud service levels
- OSI layers – applications, networks, devices
- Number of vendors
Complete visibility on the other hand can let organizations take control of the entire network infrastructure from the core to the cloud. This is because network, metadata, and application-level insights provide critical context of the whole network surface for better security and performance management.
Regulatory pressure to conform by having a more detailed view of the attack surface now makes adequate visibility no longer a good-to-have capability, but a must-have capability and Frost & Sullivan finds that 50-percent of organizations will need more technology investments to comply with this guidance.
The survey report also recommended that cloud tools and processes should be flexible, and once again this points to the need for a platform approach as well as a solution that is able to seamlessly integrate with the source of these complexities, as well as provide control.
The responsibility to secure
One thing is certain – the role of an organization’s cybersecurity operations has to expand to commensurate with the degree of potential risk from increasing public cloud usage. This definitely requires addressing visibility challenges in public clouds, which Gigamon is uniquely able to resolve with its Visibility and Analytics Fabric solutions.
While organizations contend with protecting what is within their environment, they also have to grapple with where their cloud provider(s)’ responsibility ends and where their responsibility begins. Cloud providers will always be responsible for securing the physical infrastructure and the virtualization platform, with the IaaS model for example. But it is the customer who is responsible for security in the cloud.
A clear delineation in responsibilities has to be established from the get-go. But both parties need to work together to protect on-premise applications and data as well as applications and data in the cloud.
This silo calls for effective cloud monitoring that melts the ‘walls’ between vendors and clients’ view of threat surfaces, and offers a single pane of glass to view the enterprise’s entire IT estate.
Deep continuous visibility at scale without the latency
Ninety-one percent of Frost & Sullivan’s respondents admit that visibility of network traffic is critically important when they evaluate cloud security tools. These CIOs acknowledge that they need to understand usage behavior and activities upon the threat surface in order to protect it effectively.
The Gigamon HawkDeep Observability Pipeline breaks down the siloes mentioned earlier by providing different teams – network operations, cloud operations, and information security – clear, complete, consistent view of what is happening across all different environments. This consistent view breaks down traditional siloes and provides a way for streamlined, actionable insight that proactively addresses performance and security risks.
Another criteria CIOs require also is being able to streamline all of that cloud traffic without compromising data fidelity. A best practice approach is to deploy a platform-based solution that is able to consolidate all of this cloud traffic to offer a single pane of glass.
This rationalization of many into one also enables zero trust policies to be enforced effectively and efficiently by organizations.
Overall, this resoundingly ticks the check box of compliance to guidelines mandated by industry regulators, also.
Powerful threat-intel sharing for businesses
Gigamon Hawk integrates with Gigamon’s ThreatINSIGHT for more context and insight about data in motion on their network. ThreatINSIGHT is a cloud-based solution that is helpful for a security operations center’s (SOC’s) activities and processes.
With machine learning (ML), behavior analytics, and curated threat intelligence that can be plugged in by other businesses in the same industry, what results is the powerful capability of detecting known, emerging, and unknown threats. In this way, organizations can ensure that their incident response, handing, and investigation processes are adapted for public cloud workloads.
Also helpful is GigaVUE Cloud Suite which reduces complexity and cost of finally having visibility of tools and traffic on a multi-architecture environment.
Overall, Gigamon has a suite of observability tools and solutions that help businesses comply with regulator guidelines while also fully realizing the transformational power of public cloud computing in a resource-efficient and cost-effective way.
Photo credit: iStock/ gorodenkoff