Solving cloud security with observability

Adrian Rowley, Senior Director, Gigamon, looks at the challenges of a hybrid IT infrastructure and advises how businesses can overcome unrealistic expectations and secure their enterprise with zero trust.  
Adrian Rowley, Senior Director, Gigamon, looks at the challenges of a hybrid IT infrastructure and advises how businesses can overcome unrealistic expectations and secure their enterprise with zero trust.  

According to recent Gartner research, 88% of businesses will have a “cloud-first” approach by 2025. However, this doesn’t necessarily mean cloud-only. The latest State of the Cloud report from Flexera found that 82% of organizations are taking a hybrid approach, combining the use of public and private clouds as well as on-premises – it seems hybridity is set to stay.

The reality is that on-premise infrastructure is not going to disappear overnight and be replaced in entirety by virtual, containerized environments such as the cloud. Instead, both will need to work together. What’s more, a complete migration to the cloud takes an average of two-to-four years, meaning hybridity is almost impossible to avoid in some form or another. Therefore, security teams are left with the conundrum of balancing visibility between both cloud and on-premises, without creating blind spots or overspending on digital transformation and IT management.

The move to cloud opens the door to a variety of security issues and the ability to effectively monitor and secure workloads has become more difficult than ever. Factors such as IT complexity, the rate of change, lack of skills, and organizational silos have contributed to the complexity, making observability crucial for IT and security teams. As cyberattacks continue to target every environment, from on-premises, private, public, hybrid and multi-clouds, it’s important to understand best practices for achieving a safe and secure network in order to guarantee a high return on investment when migrating to a cloud infrastructure.

The challenges of a visibility gap

COVID-19 accelerated the adoption of cloud technology and it became a necessity for organizations shifting towards a remote working model. However, the rush to migrate workloads has often compromised security. It can lead to visibility gaps – where network tools struggle to see into the cloud and vice versa – which prevents NetOps teams from maintaining a holistic view of all data-in-motion. In turn, this creates a situation where each environment is operating in silos, making it challenging for these teams to accurately predict ahead and protect from security threats.

Overcoming unrealistic expectations 

The expectation that organizations can rapidly transform and modernize their current infrastructure easily is often unrealistic. In reality, if businesses jump straight in, or don’t develop a considered strategy for growth, they risk impacting the speed and security of their existing infrastructure. Before organizations can begin reaping the benefits of adopting complex, advanced security solutions, they must ensure a minimum level of visibility across their network. In setting unrealistic outcomes and overlooking the importance of a clear view into data, transforming current infrastructure is likely to fail.

Often, it is a lack of observability that is the crux of the issue, even when dealing with complex intrusions. Establishing a holistic, singular platform view and an ability to analyze observations may not be the silver bullet for defence, but it can give SecOps teams a strong foundation for detecting unusual activity and preventing attacks.

Using telemetry data to enable visibility

As organizations continue to migrate to the cloud, they are becoming increasingly reliant upon using logs to gather telemetry data. This data gives security teams key information on the scope of the incident, its root cause, the systems compromised, the impact of the breach and many other significant factors. If there are gaps in this data, it creates additional complexity for the individuals managing log files. Without clear network-based telemetry, derived from visibility into the network, SecOps teams cannot provide a reliable stream of information, even when systems have been compromised or infiltrated. Organizations looking to successfully move to the cloud need to prioritize visibility and use the data available to them to bolster security, reduce cost and stay compliant.

A zero trust framework

For organizations looking to further secure their cloud environment, implementing a zero trust architecture can be a great solution. It works on the basis that all data should be authenticated and eradicates the implicit trust typically given to internal users. This approach is quickly gaining traction both in the security world and further afield. In fact, research by Gigamon found that 61% of senior decision-makers across EMEA believe that zero trust enhances, or would enhance, their IT strategy.

However, zero trust doesn’t just address security issues, it also helps to streamline business processes. The same Gigamon study found that 87% of teams said that productivity has increased since they embarked on their zero trust journey, with reports that it has helped with efficiency and reducing the number of breaches. The last 18 months has seen a dramatic rise in attacks – particularly with ransomware becoming the top online threat to the UK – leaving many organizations vulnerable and at risk. zero trust can help businesses overcome this issue.

READ MORE:

Visibility sits at the heart of a zero trust framework. You cannot manage or monitor what you cannot see, and observability is essential for SecOps teams to authorize what is safe, and protect against what is not. When full visibility is achieved, zero trust can help to detect suspicious behaviors and analyze metadata that will contextualize the origin and movement of a cyberattack. Using this insight, security analysts can make more informed decisions and changes to their policies that will help in addressing the challenges of an increasingly complex threatscape.

Hybridity is here to stay and enterprises need to make sure they are prepared for it – with strong cybersecurity solutions that protect everything from the on-site servers to the virtual workloads. Maintaining a clear view into reliable, relevant, real-time data, setting achievable targets in their digital transformation strategy and implementing a zero trust approach, will help organizations overcome the security challenges of operating within a hybrid cloud model.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of Cloud, Security & Data, Solving cloud security with observability

Adrian Rowley

Adrian is a Senior Director Sales Engineering EMEA at Gigamon and has over 15 years of experience in the industry. He joined the Gigamon team in 2017 and has since been a prominent thought leader discussing the importance of network visibility, and more recently the challenges of successful cloud migration.

AI alignment: teaching tech human language

Daniel Langkilde • 05th February 2024

However, Embodied AI refers to robots, virtual assistants or other intelligent systems that can interact with and learn from a physical environment. In order to do this, they’re built with sensors that can gather data from their surroundings, with this they also have AI systems that help them analyse data they collect, and ultimately learn...

CARMA announces acquisition of mmi Analytics

Jason Weekes • 01st February 2024

CARMA announces acquisition of mmi Analytics, expanding expertise in Beauty, Fashion, and Lifestyle sectors The combined organisation is set to redefine the landscape of media intelligence, providing unparalleled expertise and comprehensive insights for PR professional and marketers in the exciting world of beauty, fashion and lifestyle.

Managing Private Content Exposure Risk in 2024

Tim Freestone • 31st January 2024

Managing the privacy and compliance of sensitive content communications is getting more and more difficult for businesses. Cybercriminals continue to evolve their approaches, making it harder than ever to identify, stop, and mitigate the damages of malicious attacks. But, what are the key issues for IT admins to look out for in 2024?

Revolutionizing Ground Warfare Environment with Software-Enabled Armored Vehicles

Wind River • 31st January 2024

Armoured vehicles which are purpose-built for mission-critical operations are reliant on control systems that provide deterministic behaviour to meet hard real-time requirements, deliver extreme reliability, and meet rigorous security requirements against evolving threats. Wind River® has the partners and the expertise, a proven real-time operating system (RTOS), software lifecycle management techniques, and an extensive track...

The need to prove environmental accountability

Matt Tormollen • 31st January 2024

We are currently in the midst of one of the most consequential energy transitions since records began. The increasing availability of clean electrons has motivated businesses in the UK and beyond to think green. And for good reason. Being environmentally conscious attracts customers, appeases regulators, retains staff, and can even gain handouts from government. The...

Fuelling Innovation in Aftermarket

Jim Monaghan • 31st January 2024

One section of the motor trade is benefitting from the cost-of-living crisis: with consumers keeping their cars for longer, independent repairers are in huge demand. But they are also under pressure. Older cars need more repairs. They require more replacement parts, tyres and fluids. With car owners looking for value and a fast turn-around, independents...

The return of the five-day office week

Virgin Media • 25th January 2024

Virgin Media O2 Business has today published its inaugural Annual Movers Index, revealing four in ten companies are back to the office full time, despite widespread travel delays and disruptions With 2023 cementing the cost-of-living crisis, second hand shopping and public transport use surged as Brits sought to save money Using aggregated and anonymised UK...