Hybrid cloud has been a boon to enterprises, enabling greater agility, scalability, and convenience to meet their business needs. However, with all these benefits come the challenges of managing the infrastructure.
Because data resides on multiple locations — public cloud, private cloud, and on-premises — organisations often overlook where they are exposed security-wise. As a result, attackers can exploit any vulnerability they find.
In Singapore, 71% of organisations feel that their current solutions are inadequate in detecting breaches, according to Gigamon’s latest Hybrid Cloud Security Survey, which interviewed 1,000 global cybersecurity leaders. Shane Buckley, the company’s Chief Executive Officer and President, observed that this indicates a higher level of uncertainty compared to global averages.
“Remediation of live threats post-breach remains notably challenging, with only 20% of Singaporean respondents reporting successful mitigation efforts. Additionally, nearly half of respondents cite the lack of visibility into lateral movements within their hybrid cloud networks as a critical issue,” he said.
In the dark
To manage an interconnected web of complex cloud environments, enterprises need specialised skills and tools to reconcile differing interfaces, APIs, and deployment models across providers.
“The expanded attack surface associated with hybrid cloud infrastructure increases the risk of security breaches. Maintaining the consistency of security practices like access controls, encryption, and threat monitoring across all clouds is also difficult due to varying security configurations between providers,” Buckley remarked.
In Singapore, over half (54%) of cybersecurity and IT respondents said that they needed real-time visibility into their hybrid cloud infrastructure to boost their confidence in breach detection solutions. Hence, it is crucial for security infrastructures to eliminate blind spots so malicious actors have nowhere to hide, the CEO noted.
“To address these challenges, organisations must prioritise gaining deep observability into all data in motion across their hybrid cloud infrastructure. This requires going beyond traditional security tools that rely exclusively on metric, event, log, and trace data, and augmenting them with real-time network intelligence derived from packets, flows, and application metadata. This enables organisations to detect previously unseen threats and eliminate security blind spots,” he asserted.
In addition, Buckley advised adopting proactive measures aligned with a zero-trust mindset to strengthen organisations’ security posture.
“This approach entails assuming that threat actors are already present within an organisation’s digital walls and prioritising comprehensive network visibility to detect and respond to threats effectively. This involves constantly checking all users and devices, granting minimal access to everyone, and partitioning networks so even if attackers sneak in, they’re locked down in a tiny zone,” he explained.
AI augmentation
Within the next five years, Gigamon predicts that artificial intelligence and machine learning will have a massive impact on network security and breach detection. As early as now, 46% of Singapore organisations recognise the prevalence of AI-powered threats. For Buckley, this underscores both an opportunity and a challenge for security and IT leaders.
“Despite these advancements, it’s crucial to note that 93% of malware samples hide behind encryption and in today’s landscape of hybrid cloud environments, all cloud traffic is encrypted. As cybercriminals continue to take advantage of the technology to manipulate their way inside infrastructure and stealthily traverse through the network, AI and ML tools are only as strong as the data within,” he said.
This, according to him, is where deep observability shines a light on present and emerging threats.
“Deep observability is the ability to thoroughly understand and monitor complex systems while providing network-derived intelligence to existing log-based cloud, security, and observability tools in real time. It is akin to having a detailed map that offers real-time updates of everything within your system,” Buckley explained.
Basically, while AI and ML technologies can enhance cybersecurity capabilities, their true impact lies in their synergy with deep observability and proactive defence measures against evolving cyberthreats, the Chief Executive added.
Seeing the light
As organisations navigate the complex hybrid/multi-cloud landscape, they face several challenges. These include stretched IT resources, mounting regulatory pressure, and increasingly sophisticated cyberthreats.
Buckley believes that proactive visibility will be a major driver of success.
“Businesses can better prepare for the evolving landscape of cybersecurity threats in hybrid cloud environments by focusing on integrated tooling and enhanced observability. Adopting a unified tool stack for managing hybrid cloud infrastructure is important for streamlining operations and reducing costs associated with multiple tools. This centralised approach not only enhances efficiency but also strengthens the organisation’s overall security posture by providing clear visibility into cross-platform workflows,” he suggested.
The Gigamon leader also reiterated his call to adopt a zero-trust approach to security, with a small caveat: “Zero trust is a journey rather than a destination. Success hinges on deep observability. Without robust network visibility to detect and verify suspicious activities, achieving true zero trust becomes challenging.”
Lastly, the value of fostering a culture of cybersecurity awareness and education among employees cannot simply be ignored.
“Human error remains a significant factor in cybersecurity incidents. Therefore, by empowering employees with knowledge and vigilance, organisations can enhance their resilience against evolving threats in hybrid cloud environments,” he concluded.