"By 2023, 70% of all enterprise workloads will be deployed in cloud infrastructure and platform services, up from 40% in 2020," according to Gartner. But these investments are also expanding the corporate attack surface and inviting new risks that many organizations may be ill-equipped to deal with. For time-poor IT buyers, the Gartner® Hype Cycle™ for Cloud Security is a great place to evaluate some different protection strategies.
The good news for us at Illumio is that Zero Trust segmentation, or “identity-based segmentation,” is well on its way to mainstream adoption, according to the report. Illumio is recognized as a Sample Vendor in the report. We feel It’s time to understand what the technology could do for your cloud environment.
Why Zero Trust Segmentation?
As Gartner recognizes, Zero Trust segmentation has become an increasingly favored way of helping to secure public and hybrid cloud deployments — because it helps organizations create “more granular and dynamic policies” than traditional network segmentation approaches. In fact, as volumes of east-west traffic increase, network-centric strategies have become almost impossible to apply in an operationally coherent way, the analyst claims.
The bottom line is that traditional security controls like firewalls, IDS/IPS and anti-virus can’t keep pace with the dynamic nature of cloud environments. This often leaves new assets unprotected when they’re created. Ransomware and cyberattacks exploit these gaps to gain a foothold inside networks and then move laterally to cause serious damage.
It’s at this stage that Zero Trust segmentation can add true value by preventing this “lateral movement” and therefore limiting the “blast radius” of attacks. It’s an approach that has also gained in popularity thanks to interest in Zero Trust security, the report notes.
In a world where 100 percent prevention of breaches can be considered impossible, Zero Trust segmentation has become particularly important to limiting the spread of threats like ransomware. It’s one of the reasons why the technology is now on the famous Gartner “Slope of Enlightenment,” meaning it is less than two years away from mainstream adoption.
Source: Gartner, Hype Cycle for Cloud Security, 2021, Tom Croll, Jay Heiser, 27 July 2021.*
The Illumio Difference
Application and workload visibility is a vital first step for Zero Trust segmentation.
Illumio starts by automatically mapping communications flows for our customers’ cloud and on-premises applications and services. This is especially important in the context of modern cloud deployments, which are typically complex hybrid environments spread across multiple cloud providers. Our technology is 100 percent agnostic to this underlying fabric, enabling us to maximize that visibility.
With this insight, we can then detect and proactively lock down any risky or legacy pathways and ports that may be used in attacks, as well as isolate core services. It’s an approach Gartner includes in its user recommendations: “Use a network flow mapping project to understand application and server flows.”
This is how we protect critical assets and block the lateral movement of threat actors inside customer networks. Illumio can help security teams to pre-build policies that will activate in seconds, as a kind of emergency lockdown in the event of a breach.
The Policy Generator workflow in Illumio Core simplifies the whole process by automatically suggesting optimized segmentation policies for any kind of workload (containers, virtual machines, bare-metal).
Illumio’s segmentation policies are based on an easy-to-understand label system, which aligns with the user recommendations to “use the identities of applications, workloads and services" and not IP addresses or network segmentation as the foundation for policies. And because policy is decoupled from the underlying network, it will follow workloads wherever they go — across different hybrid and multi-cloud environments.
Read more about how Illumio Core can help secure your cloud environment here.
Download the Gartner Hype Cycle for Cloud Security 2021 report for more insight into the value of "identity-based segmentation" and recommendations for successful projects.
Gartner Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner and Hype Cycle are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved
* This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Illumio.