Adaptive Segmentationmicro-segmentation October 26, 2021

CTO PJ Kirner on Cloud Security and the Groundbreaking Innovations of Illumio CloudSecure

Gautam Mehandru, Vice President, Product Marketing

The cloud has become BIG business. Many organizations, once hesitant to embrace the cloud, are now using it to drive revolutionary transformation of their operations by gaining major scale, flexibility and efficiency advantages.

Adoption of Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform and other public cloud providers continues to boom. According to Gartner, “by 2023, 70 percent of all enterprise workloads will be deployed in cloud infrastructure and platform services, up from 40 percent in 2020.”

Despite its many benefits, the cloud still has its challenges. Most significantly, it is a growing pathway of attack for cybercriminals, ransomware and other digital threats, with increasingly complex cloud environments creating even greater security complexities.

Unfortunately, many organizations are dangerously underestimating the risks from their multi-cloud and hybrid digital infrastructure, as well as their responsibilities for maintaining secure cloud operations.

Recently we sat down with Illumio CTO and co-founder PJ Kirner to get his take on the growth and evolution of cloud services, the security issues all organizations need to address, and how Illumio’s newest product, CloudSecure, makes it far easier to keep your organization safe in the cloud.

What are the key trends you're seeing in the public cloud today?

PJ Kirner: Cloud providers are ramping up their service offerings. Whether it's Kubernetes as a service, database as a service, or machine learning (ML) and artificial intelligence (AI) as a service — they're innovating at a very fast pace. And cloud customers want to adopt those services to speed their own innovation and foster growth.

Public cloud platforms are cost-effective for organizations because cloud vendors assume the burden of managing that infrastructure. So, for example, database as a managed service: rather than running a database on a virtual machine (VM) and having a database administrator (DBA) manage it, you can let the cloud provider do it and just pay for the service.

We’re also seeing people adopting Infrastructure as Code and GitOps philosophies to support more speed and agility. CI/CD pipelines are also allowing DevOps and infrastructure teams to quickly deploy dynamic applications.

How are organizations approaching security in the cloud?

PJ Kirner: We're seeing security “shift left” so that security checks and operations occur earlier in the application development lifecycle.

And while security used to be in a silo for which the security group was responsible, it is now a team sport where everybody is responsible — at different levels for different things.

Of course, this is complicated by the challenge of hybrid environments, with on-premises infrastructure connected to public clouds. Given the increasing number of diverse systems to manage, it’s becoming even more difficult to understand your security risks and know if you are truly secure.

How do multi-cloud and hybrid cloud environments further complicate cloud security?

PJ Kirner: Most organizations these days run hybrid environments. They have infrastructure across their data centers and the cloud — often multiple public clouds. Developers and application owners want the cloud platform that best meets their needs, and it’s easy to spin these up, so they are rapidly proliferating in enterprise networks.

While public cloud platforms offer many advantages, there are several reasons why an on-prem data center may still make sense. It could be for economic, compliance or data governance reasons, as well as to support manufacturing or IoT systems.

Regardless of the rationale, there needs to be good connectivity between the data center and the public cloud. It all should work together — and work securely.

Based on the trends you’ve described, what are the greatest cloud security challenges?

PJ Kirner: The biggest security challenge is visibility. Whether it’s hybrid cloud, multi-cloud or both, you need to see your entire environment and how your applications and workloads interact.

Having a map of how your cloud and on-premises infrastructure talk to each other allows you to see and understand your security risks. Until you have that, most organizations are largely unaware of their exposure to attacks and malware via public cloud platforms. A lot of risk appears at the boundaries of environments where, for example, your AWS instance is talking to your Azure instance.

One thing that's missing from current security offerings in the market is the ability to understand the context on both sides when you're looking across public cloud or hybrid infrastructures. This lack of visibility and control is why we built CloudSecure.

Illumio just announced CloudSecure. What is it and how does it help address key cloud security challenges?

PJ Kirner: CloudSecure solves the visibility and control problem by delivering agentless visibility for public cloud services, which, ultimately, allows organizations to achieve Zero Trust in the cloud.

With CloudSecure, you’ll have a map of the workloads in your cloud environments and how they’re communicating with each other. You’ll gain an understanding of all the objects and associated metadata inside those environments. And with that understanding, you can identify your risks, understand how to prioritize your efforts, and take the right actions to make your organization more secure.

There’s a strong movement towards Zero Trust as the best approach to securing modern digital infrastructures. How does Zero Trust fit with cloud computing?

PJ Kirner: One of the challenges in any IT environment is excessive lateral movement, which happens because organizations don’t understand their risks and don’t have the visibility and control they need to reduce unnecessary or excess access privileges, resulting in too many open pathways to critical assets.

If this is the case, then once your network perimeter is breached by an attacker or malware, lateral movement can provide access to passwords, database access keys, and highly sensitive data, which then creates the potential for a cyber disaster.

Zero Trust is a philosophy that helps organizations reduce lateral movement by applying least privilege access controls in those environments. But to apply those controls safely, you must understand the behavior of your applications and how they’re connected — what’s necessary and what’s not. You want controls that increase security while ensuring operational uptime. Again, visibility is the key to this.

How does CloudSecure help organizations achieve Zero Trust in the cloud?

PJ Kirner: The most important way CloudSecure helps organizations achieve Zero Trust in the cloud is with visibility and context. It can help you answer key questions about how your applications and services are talking to each other.

You can understand what metadata is associated with certain connections, what virtual private networks they are in (whether it’s VPC in AWS or VNet in Azure, etc.), what tags they have, and what the volume of communications is (how it is changing) between two applications, among many other details.

Secondly, CloudSecure makes it possible to automate security controls. Once you understand what is allowed and how those things are connected, CloudSecure recommends rules and safely programs Zero Trust policies using cloud native security controls like AWS Security Groups.

How does CloudSecure integrate with and complement Illumio Core, Illumio’s flagship product?

PJ Kirner: CloudSecure and Illumio Core work together to help you solve the hybrid and multi-cloud visibility and control problem. This addresses a major gap in how organizations are currently managing their cloud and on-premises networks.

The traffic telemetry and metadata CloudSecure can gather without agents, combined with that information from Illumio Core, provides organizations with a holistic view across public cloud and traditional data centers in one map. This delivers the proverbial single pane of glass view for your security and IT teams.

From there, you can use Illumio Core to automate least-privilege Zero Trust policies for your data center and use CloudSecure to harness the native security controls of public clouds. This is something only Illumio offers.


Learn more about how Illumio CloudSecure can help your organization gain greater visibility and control to protect your cloud-native applications and infrastructure.

Adaptive Segmentationmicro-segmentation
Share this post: