Illumio is the most frictionless, unified approach to segmentation inside the data center and cloud security that I’ve seen in the market, as it does not require complex network changes, provides complete visibility, and can be implemented from a central control point.
Sajawal Haider is CISO at Oak Hill Advisors, where he is responsible for infrastructure strategy and operations. The views, opinions, and positions expressed herein are his alone, and do not reflect the views, opinions, or positions of Oak Hill Advisors or any other employee thereof.
What does Oak Hill Advisors do?
Oak Hill Advisors is a leading multi-strategy credit investment advisor with approximately $31 billion under management across performing and distressed credit-related investments in North America, Europe, and other geographies. The firm invests on behalf of a diverse, global investor group.
What are some of the biggest challenges that your IT team faces?
Over the past two years, we have increased our focus on leveraging technology to more efficiently meet our business needs, across both the front and back offices. As a rapidly growing business, we are devoting a lot of effort to streamlining business processes, automating repetitive tasks, and identifying new opportunities in advanced analytics to further enhance our approach to making investment decisions.
The biggest challenge that our team faces is exactly the type of problem you hope to have — we need to keep pace with the rapid growth of our business. In the past three years, we have seen significant growth in assets under management and the number of business users that rely on our systems.
On the technology side, another challenge we face is that we are a cloud-first company. As we work to leverage various SaaS and IaaS services, it is crucial that we ensure we're picking the right vendors in this transition to cloud, while also utilizing them properly and protecting our assets.
How is your focus on business needs changing your approach to cybersecurity?
From a business perspective, our approach to security has shifted from protecting servers and data to a risk-based approach. Essentially, this involves understanding how each system and associated data are mapped with a business process in order to calculate risk and required protection.
From a technological perspective, our approach to security has changed from a perimeter-based firewall approach to a layered approach, where we have a unified framework so we can see everything in context — a layered approach to cloud access brokers to multiple tools, such as EDR (endpoint detection & response) running on desktops to deployment of multiple audit tools, while shifting from network-based type of security controls to more visual tools and unified security policy frameworks like Illumio.
Why did you choose Illumio?
I personally have some background in micro-segmentation, and I believe in the importance of segmentation inside the data center and cloud. We knew that we’d need to mitigate the impact in the event of a breach or infection. I believe if there is a breach, the right operational framework enables you to identify and contain it quickly.
I love the visual capabilities of Illumio. The moment I saw the product, I was able to tell that there is a lot that we can learn about how our users are using applications and how we can leverage Illumio to segregate application environments. Planning for cloud migration, which was on the horizon, also helped drive our decision to go with Illumio.
What I consider the true value of Illumio is not just how fast we can apply the policy, quite frankly. It is that, on an ongoing basis, because of how visual it is, we have very good visibility into the context of what is happening in our systems.
So we always know exactly what is communicating inside our data center and cloud environment. Illumio helps us identify what we don't know or whom to reach out to in order to get something done quickly concerning our security policies. I think that's the biggest value proposition for my team.
How have you implemented Illumio in your environment?
We have used Illumio for some of the expected use cases, but also for a couple of situations that were completely unexpected.
One of the planned initiatives involved segmentation between our development, quality assurance, test, and production environments. Another planned project was segmentation of users and applications. Every user doesn't need to interact with every application; but in the past, it was really difficult to create rules based on that.
Two unexpected use cases we encountered involved a security assessment we were conducting, as well as the enforcement of Illumio's encryption capabilities. Because we had Illumio in the environment, an external security assessment team was able to come in and cut down the assessment project by two and a half weeks. They were able to quickly understand what was going on in the environment, instead of following their traditional assessment methodology. The other unplanned project involved encrypting connections between servers. Honestly, if we did not have Illumio, we could not have had an accelerated migration plan to Amazon Web Services, because we would have needed to recode some of our systems to introduce encryption between them. Illumio is playing that role with some servers now, but in the future we are looking to expand it to all applications.
What is Oak Hill Advisors able to do with Illumio that you weren’t able to do before?
Illumio enables us to deploy and enforce security policies from one platform in a centralized deployment model. Without Illumio, we would be forced to use different tools with the very specific skillset required for them, and sometimes a hard-to-find skillset to get similar functionality.
The most helpful feature of Illumio is its unique approach to providing visibility and control on the workloads. We don't have to proxy our traffic; we don't have to install new tools in the overall environment and change traffic flows to get live visibility into our environments. With Illumio, we install an agent on these machines and get comprehensive visibility.
With Illumio, we're able to leverage infrastructure assets that were already available and then deploy segmentation for security that wasn't available before.
how do you see organizations changing the way they approach data center and cloud security?
I believe that most organizations are approaching cloud security as an offshoot of their current security framework. As the transition to the cloud really picks up, the overall framework will likewise transition toward a more cloud-centric model, which means more agility in security operations and extensive platform coverage will be required.
Because of cloud adoption and hyper-convergence in the data center, the trust relationship between the IT department and the user base really is changing. It used to be that IT departments tested applications and then rolled them out to users. Now the IT department has to extend the trust to the end users, because they can log on to a portal, use a credit card to pay for it, and start leveraging it.
IT really needs to have the ability to analyze every application that's used in the environment in line, but also focus on tools that can create an adaptive security posture.
And for the data center environment and the workloads that an organization is managing, Illumio provides this security posture.
Because Illumio provides unified visibility and security policies for on-premise and IaaS, I believe it could be instrumental for organizations to use Illumio as a platform as they transition from on-premise to the cloud, because it has this centralized and unified visibility control point. So it can help with the transition, while controlling how users are connecting with these applications.
What are some of your top security tips?
In order to secure an environment that is constantly changing, such as ours and the cloud in general, one must understand: 1) how that environment actually works, 2) how it is connected to other systems, and 3) how someone can really impact you using it.
In my view, once you know all that, you're in pretty good shape when it comes to securing the environment.
What are your go-to sources for IT and security-related information?
General technology blogs are very helpful, such as Amazon architecture blogs and The Virtualization Practice. For security specifically, I like Brian Krebs' blog, Krebs on Security, Dark Reading, and vendor threat reports.
A couple of my favorite books are not security-related, but are related to the accelerated pace of innovation and changes that we are seeing in the security environment: The Seventh Sense by Joshua Cooper Ramo, which is about the ability to discern how all things connect in networks, and Thank You for Being Late by Thomas Friedman, which really helps identify what's happening in our environment at an accelerated pace.