Adrian Rowley, Gigamon: "the cloud represents the future, but only when optimized"
The cloud has become an attractive niche and a topic of lively discussions over the past years, with its promises of unlimited business scaling opportunities. But the question which often gets overlooked is what’s needed to bring the cloud to that level of efficiency for companies worldwide.
Despite the undoubtful advantages of the cloud, many enterprises still worry about migrating, as it would generally require them to adopt new technologies and infrastructures. The costs might be enormous for smaller businesses, proving that there is a need for cloud optimization in order for it to become a truly global initiative.
Adrian Rowley, Senior Director at Gigamon, which offers the industry’s first elastic visibility and analytics fabric, explained how the company stepped in to help tackle and close the existing cloud visibility gap.
According to your website, Gigamon provides the industry’s first elastic visibility solution. Tell us a little bit about that.
Although cloud adoption is beneficial for a number of reasons, it can complicate infrastructure management. Network tools cannot adequately see into the cloud, while cloud solutions aren’t able to view the underlying network and this limited visibility creates blind spots in end-to-end management. If you can’t see it, it is impossible to manage the data in your IT environment and it’s even more of a challenge to ensure that cyber threats are responded to quickly and efficiently.
Hawk – the world’s first true network visibility fabric – closes the cloud visibility gap by enabling cloud solutions to see into the network and network tools to view the cloud. The technology is designed specifically for the mix of hybrid, physical, private and public clouds and offers ‘visibility-as-code’, meaning it can be embedded into cloud automation tools to elastically scale-up and scale-out on the customer’s demand.
You refer quite a lot to the cloud visibility gap. What is that?
Accelerating adoption of the cloud has become an imperative for every organisation wishing to further their digital transformation initiatives. However, for many organisations, legacy and on-premise systems (and the technical debt associated with these) mean that the hybrid cloud is the de-facto architecture for the foreseeable future. The cloud visibility gap refers to the blind-spots created in a hybrid IT environment when legacy infrastructure has to interact with applications built on new technologies, such as containers and service meshes, so observability becomes a challenge.
95% of organisations have stated that a lack of cloud visibility has led to application performance issues. The visibility gap in an enterprise’s digital infrastructure will make it difficult to see what’s going across the network and optimise processes. This gap can slow or stall an organisation’s digital transformation by creating challenges that include poor customer experience, security blind spots, cloud migration risk, and rising cost and complexity. To overcome the visibility gap, organisations need to adopt a solution that can span the entire hybrid cloud network and offer a ‘single pane of glass’ view into all data in motion.
What are some of the main advantages of migrating workload to the cloud?
Embracing the cloud means organisations have an almost unlimited ability to scale, allowing businesses to support spontaneous growth, avoid downtime when it matters most and scale back if and when necessary, to reduce costs. Elasticity is therefore also a significant benefit of leveraging the cloud; instead of forcing businesses to manage an excess of resources only needed within peak times, cloud infrastructure eradicates waste and enables IT Operations teams to only utilise system resources when needed.
While companies may worry that moving workloads to the cloud could reduce their control and ownership of data, it actually has the opposite effect. Most cloud providers now provide direct access to applications that will allow businesses full control over their infrastructure. It is, therefore, possible to continue managing security practices and consequently improve business performance while reducing risks. IT costs also dramatically reduce once a business moves to the cloud, meaning more budget can go towards cybersecurity solutions and continuous threat monitoring. As a result, businesses can reap the benefits of a secure and robust IT infrastructure without large expenditure.
And what dangers or challenges might organizations face?
As more enterprises migrate to the cloud, logs have become a standard way to gather telemetry, yet various challenges arise for SecOps teams that rely exclusively on logs. Agent and log-based cloud monitoring and security tools often don’t provide the level of detail into network and application health that enterprises have come to rely on in their on-premise and private cloud environments. They can be overwhelmed with the deluge of (sometimes irrelevant) data and it is common for hackers to simply switch off logging on the systems they compromise to cover their tracks. What’s more, logs are pre-defined and embedded into code. Changing the information is therefore impossible in real-time and results in delayed incident response. To solve these issues, organisations migrating to the cloud must complement log-based monitoring with network-based telemetry. This will ensure faster and more efficient threat detection and response.
The Colonial Pipeline ransomware attack, LinkedIn data scrapes, and RockYou2021 shook the cybersecurity world. In light of those, would you say it’s more or less safe to move data to the cloud?
With a robust security strategy and full, unclouded visibility into all data, moving workloads to the cloud is actually safer than leveraging on-premise infrastructure. However, it is essential for entire organisations to embrace a security-first mindset and consider adopting a Zero Trust architecture to further ensure that the risk of a data breach is minimised. Implicit trust given to users can open up a plethora of vulnerabilities, and while a Zero Trust approach can be quite a culture-shock, it is important that anyone trying to connect to an internal network is authenticated and considered dangerous until proven otherwise. Zero Trust is becoming increasingly popular – with 76% of IT decision-makers claiming it’s a wise decision – and it will play a significant role in securing the entire IT environment moving forward.
Do you think the cloud will eventually significantly alter today’s IT industry?
The cloud represents the future of IT infrastructure everywhere, especially as hybridity looks set to stay. However, as both the threatscape and workforce continue to evolve, CISOs must look for ways to support their SecOps teams and make the most out of the cloud environment. There is no playbook that explains how to do this correctly, but if the cloud is to have an industry-changing legacy, optimisation tools are key. Budgets remain tight across the majority of industries, so it is likely the executive board will only approve investments that demonstrate a clear ROI, and it is important to prioritise solutions that enable teams to do more with less. Rather than implementing entirely new infrastructure, introducing tooling that can improve visibility across the network or in the cloud can enable large returns from relatively small investments. Cloud represents the future, but only when optimised.
And what will the cloud mean for threat actors: will it be more challenging to carry out cyberattacks and hence safer for the customers?
It is undeniable that the attack service has expanded in the last 18 months. Cyberattacks are up 400% compared to pre-COVID days, while the cloud in particular is under threat from various malicious actors. For example, ransomware gangs are now leveraging new techniques to target cloud services and hiring Initial Access Brokers (IABs) to gain entry faster. The issue lies in the fact that rapid digital transformation has meant many enterprises have overlooked security measures and prioritised speed instead. However, this does not mean that threat actors can easily compromise any cloud. To ensure a complete and consistent security posture in the cloud environment, blind spots must be eliminated – meaning even encrypted data and east-west traffic from containers and unmanaged devices is visible.
Did you add any new services as a result of the pandemic?
The pandemic catalysed exponential growth in IT complexity as enterprises embraced digitisation initiatives at a rapid speed. As well as launching the industry’s first elastic visibility and analytics fabric for the hybrid cloud (Hawk), Gigamon also hosted the world’s first cloud visibility conference, Visualyze. This online event aimed to help organisations and IT professionals learn how to simplify, secure, and scale their hybrid cloud environment with complete visibility at the centre of all discussions.
Share with us, what is next for Gigamon?
As businesses continue to navigate a challenging environment – both with financial restraints post-COVID and within an evolving threat landscape, Gigamon continues to provide industry-leading cloud and network visibility. The next few years spell an exciting period in the telecommunications industry and our team across the globe will be working closely with service providers to make sure 5G rollouts are affordable, scalable, and successful. What’s more, as the cloud continues to support businesses around the world working remotely or in a hybrid fashion, Gigamon endeavours to enable these enterprises to run fast and stay secure. We continue to work with more than 4,000 organisations to overcome the hybrid cloud visibility gap, ensure security vulnerabilities are eliminated, and optimise IT performance.