Virtualization Technology News and Information
VMblog Expert Interview: Illumio Explores Cloud Security and Zero Trust


In light of increasing ransomware attacks and subsequent cyber disasters, Illumio recently introduced a new, industry-first solution for cloud-native application visibility and control to accelerate Zero Trust adoption and address the unique security needs of dynamic cloud environments.  To learn more, VMblog reached out to PJ Kirner, CTO of Illumio.

VMblog:  What is the state of cloud security today, and where is it headed?

PJ Kirner:  At a time when major cyberattacks such as Solarwinds and Colonial Pipeline have become recurring events, organizations' current infrastructures for data privacy and cybersecurity are proving increasingly fallible.  

The quick transition to the public cloud across industries has led to a rapid adoption of cloud tools with insufficient regard for security. As a result, our digital plight and rise in public cloud breaches have been monsters of our own making: marred with complexity, lack of visibility, and risk. Whether organizations use hybrid, multi, or public cloud environments, most lack the visibility they need to properly combat cybersecurity threats; you cannot detect and fight threats blindly.  

The future of cloud security will depend on security solutions that can match the pace of business innovation-of these, visibility is key. Visibility enables SecOps teams to make more informed security decisions more quickly, which, in turn, increases business resilience, and allows business leaders to make calculated decisions regarding the security and integrity of their organization. In short, more visibility means more cyber - and business - success. 

VMblog:  The COVID-19 pandemic accelerated cloud adoption -- how has the proliferation of multi-cloud and hybrid cloud environments further complicated cloud security?

Kirner:  The proliferation of multi-cloud and hybrid cloud environments has complicated cloud security in several ways. First, these complex environments contain gaps or blind spots between infrastructure types that can allow risks to creep in. These heterogenous environments also involve more people who can influence how a company operates in the cloud, which makes the infrastructure even more difficult to protect.   

New, scalable frameworks like Zero Trust have become increasingly essential for building business resilience against cyberattacks. Unfortunately, mass awareness of Zero Trust has only recently grown in the past year; an Illumio report from last August shows that nearly half (49%) of IT leaders surveyed believed Zero Trust to be critical to their organizational security model, but only 19% of organizations fully implemented a least-privilege model. As a result, a strong Zero Trust framework has not been adopted nearly quickly or holistically enough to address the disastrous cyberattacks that organizations have seen over the past 18 months. 

VMblog:  In your view, what is the greatest challenge organizations face when it comes to cloud security today?

Kirner:  The greatest challenge that organizations face when it comes to cloud security is visibility to understand risk. Organizations cannot identify how their applications or workloads interact, let alone ensure the security of their entire environment, without visibility. Increased visibility enables an organization to see and understand its security risks before they become problems. Without it, most organizations are largely unaware of how vulnerable they are to attacks and ransomware via public cloud platforms. We know from speaking with security teams that many organizations face this very challenge, so Illumio set out to create an offering that provides visibility and control-which brings us to Illumio CloudSecure. CloudSecure allows organizations to fully understand the context of their complex environments across public, hybrid, and multi cloud infrastructures. 

VMblog:  How are organizations approaching cloud security?  What are they missing/getting wrong?

Kirner:  Today, we are witnessing organizations "shift left," so that security checks and operations occur earlier in the application development lifecycle. However, hybrid environments present a challenge for security teams with on-premises infrastructure connected to public clouds. 

Many organizations underestimate the risks from their multi-cloud and hybrid digital infrastructure, as well as their responsibilities for maintaining secure cloud operations post-adoption. One of the biggest things security teams get wrong is not understanding the importance of visibility in hybrid-cloud environments. Whether it's hybrid cloud, multi-cloud, or both, organizations need to see their entire environment and how their applications and workloads interact. With enhanced visibility, organizations are able to identify niche risks at the boundaries of environments where, for example, an AWS instance is communicating with an Azure instance.  

Comprehensive visibility that shows how applications and workloads are communicating across your entire IT estate, highlights areas of risk you might not have even known existed. This information helps security teams prioritize the most vulnerable areas of their network so they can focus on what matters most and better protect their organization. 

VMblog:  There's a strong movement toward Zero Trust as the best approach to securing modern digital infrastructures.  How does Zero Trust fit with cloud computing?

Kirner:  One of the challenges in any IT environment, including cloud environments, is stopping the lateral movement of attacks. Once an attacker or ransomware breaches the perimeter, they often move across the network to access highly sensitive data such as passwords and database access keys - that's where the real damage happens. More often than not, these high value assets live in data center or cloud environments.  

Zero Trust strategies help organizations inhibit this movement by applying least privilege access controls, providing only the necessary information and access to a user. This makes it substantially more difficult for an attacker to reach their intended target, thereby limiting the impact of an attack.  

VMblog:  What advice do you have for security teams who are just starting their Zero Trust strategy or who feel overwhelmed by the Zero Trust project?

Kirner:  In today's era of increased cybersecurity attacks, where our hybrid work models expose organizations to more security threats, adopting a Zero Trust approach to security is the most effective way to control data and prevent hackers from obtaining sensitive information. Zero Trust is the most proactive, preventive, and scalable approach for securing the future of an organization. 

My advice for those looking to adopt principles of least-privilege is to not get overwhelmed by the process and to take it one step at a time. It's important to remember that Zero Trust is not one solution, it is a philosophy. Take on Zero Trust in bite-sized pieces and look for the quick wins you can achieve along the way.  

VMblog:  How is Illumio helping organizations achieve Zero Trust in the cloud today?

Kirner:  Illumio helps organizations to achieve least-privilege in the cloud with Illumio CloudSecure, which helps answer the questions that are top-of-mind for IT teams: what applications and services are talking to each other? What metadata is associated with those connections? What virtual private networks are they in (VPC in AWS or VNet in Azure, etc.)? And what tags do they have? 

CloudSecure makes it possible to automate security controls. Once organizations understand what is allowed and how those things are connected, CloudSecure recommends rules and safely implements Zero Trust policies using cloud-native security controls.  

With CloudSecure, users can see all communications between workloads and applications across their distributed business estate-enabling users to better understand and respond to threats, and ultimately empowering them to better protect their organizations from attacks and ransomware at scale.  


Published Wednesday, November 10, 2021 7:29 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2021>