President and Chief Executive Officer of Gigamon, a leader in deep observability.
As business leaders commence budgeting and planning for 2024, securing hybrid cloud infrastructure will likely remain a top priority—yet it will also be closely scrutinized for cost efficiencies. In an era in which organizations must do more with less, it’s an important exercise, but there are critical considerations as today’s threat landscape continues to rapidly evolve.
Further complicating these issues, there appears to be a disconnect among security and IT leaders when it comes to securing their infrastructure. In a recent Gigamon survey, 94% of the 1,000 IT and security leaders surveyed believe their current tool sets and processes provide them with complete visibility and insights into their hybrid cloud environment. Yet, 90% had also experienced a data breach in the last 18 months, with 1 in 3 security breaches going undetected using traditional cloud, security and observability tools.
Next year, we expect to see organizations continuing to consolidate their security stack and turning to vendors that can offer multiple solutions under one cost center. But although this helps save budget and resources, it’s important to closely evaluate which tools you’re cutting. It’s not about reducing the number of tools for the sake of cost savings alone.
In fact, cutting tools may end up creating more risk—and ultimately much more expense—if you remove tools that offer defense-in-depth security (i.e., the tools that offer you 360-degree visibility and protection). I encourage business and security leaders to closely align on the value of the tools in place, the potential risks and gaps with change, and the associated budget that can increase the likelihood of maintaining the organization’s security posture. Although our data shows that most IT and security leaders are confident, the reality is that security breaches continue to occur, and threats are more pernicious in an increasingly complex hybrid cloud environment.
Here are some tips for organizations evaluating their hybrid cloud infrastructure from a cost and efficiency perspective—without sacrificing security.
Protect Encrypted Traffic
Encrypted or transport layer security (TLS) traffic represents a huge threat to organizations today. The volume of encrypted web traffic is up to 95%, nearly doubling in the last 10 years. And because the threat landscape has also changed significantly since 2013, we’re seeing the majority (90%) of cyber threats concealed within encrypted channels and traffic.
Organizations have deployed more tools in their network to keep pace with changing distributed workforce and digital transformation needs. This has created massive tool sprawl, resulting in blind spots for security teams. To protect encrypted traffic in various tools and prevent cybercrime, it’s critical that effective telemetry data, including network-derived intelligence, can be leveraged from all tools. When tools share telemetry data seamlessly with each other, it helps reduce the bloat of tools and allows organizations to do more with fewer resources.
Leverage Telemetry Data To Help Prevent Cyberattacks
The native tools that cloud service providers (CSPs) offer to monitor and protect network traffic aren’t adequate to prevent most cyberattacks. These tools are based on log information, which is typically altered during an attack, duping the security team into a false sense of security. In addition, threat actors can hide their activities inside encrypted traffic, making them blind to most security tools and wreaking havoc on an organization.
Cybercriminals are becoming extremely sophisticated in their efforts to manipulate logs, making it nearly impossible for security teams to see abnormal or risky behaviors within their hybrid cloud infrastructure. Organizations should leverage immutable network-based metadata to validate the authenticity of log-based telemetry to identify potential nefarious actions and reduce the cost of egress traffic from cloud to on-premises tools.
Leaders often don’t fully appreciate just how big of a risk is associated with using log-based tools. Much to their surprise, CSPs aren’t responsible for securing the workloads running across your network. It’s up to an organization to leverage useful telemetry data, alongside logs, to monitor network traffic and deem what’s safe or unsafe. It’s critical to remember that network-derived intelligence is accurate and can’t be manipulated.
Elevate The Importance Of Visibility
A major challenge that continues to face organizations in the quest to secure the hybrid cloud is protecting against lateral movement—also known as East-West movement. An example of this is when a cybercriminal uses a spear phishing email to gain access to a single laptop and then can get into the entire server and gather sensitive credentials.
This gets even more complex as business-critical tools live in different platforms—from clouds to on-premises containers—and this is driving up costs and increasing blind spots, or the threat “blast area.” With limited visibility into tools and platforms, organizations typically can’t detect malicious activity before a breach occurs. We need more than just detection—we also need protection. And we need it early. One solution is to ensure there’s deep observability in all East-West, lateral and encrypted traffic.
Maintain A Strong Security Posture
As of September 5, 2023, the SEC is requiring organizations to comply with its new requirements and provide annual cybersecurity risk management, strategy and disclosures of any cybersecurity incidents. This will be a forcing function for organizations to implement new approaches, such as a zero-trust architecture and deep observability of all network traffic.
As organizations evaluate their security stack, it’s important to ensure all encrypted traffic is monitored, that telemetry data is accessible from all tools and that you have visibility into all network activity. With these steps in mind, organizations can better prioritize critical security technologies in order to do more with less and remain confident in their security-first mindset.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Read the full article here