The tech landscape has fundamentally changed over the last decade. The steady migration from local data centers to cloud computing combined with the advent of DevOps and the rise of containers have taken what was a more or less contained and relatively stable environment and transformed it into a dynamic, constantly shifting ecosystem. At the same time, the volume of exploits and threats has risen exponentially. The challenge today is how to effectively secure and protect servers, applications and data when your network is a moving target.
It Starts and Ends With Visibility
It’s difficult enough to protect something. Imagine that I give you a bag filled with money and tell you to keep it safe. There are risks involved and there will be criminals that want to steal the bag of money, but you have a fair idea of the threats you face. You know about the bag. It is in your possession. You can put it in a closet with only one entrance, make sure the door is locked and deadbolted, and monitor access with cameras. Now, consider how you would protect bags of money if hundreds of them could materialize at any point in time, anywhere in the house.
If you don’t even know how many bags of money there are or where they’re located, how can you effectively protect them? The answer is simple: you can’t. That is essentially the situation IT teams face with dynamic, cloud-based DevOps environments.
On a traditional, legacy network, it was relatively simple to keep track of how many servers were running in the data center and the applications running on them. One of the primary benefits of cloud computing, however, introduces one of the primary challenges of security in the cloud: The ability to scale capacity on demand adds elements of chaos and complexity that make it more difficult to know what exactly is on the network in real-time.
As with the bags of money illustration above, though, comprehensive visibility is crucial for effective security. You can’t protect what you can’t see—or what you aren’t aware exists at all.
Achieving Visibility in a Dynamic Environment
Of course, getting comprehensive visibility is easier said than done. Many organizations have a hybrid and/or multi-cloud environment, with assets and data in local data centers and spread across different public and private cloud systems. You can install agents on some resources that will provide accurate information about the current state in real-time, but there are also many devices and services that can’t run an agent—requiring more diverse and creative approaches to gain visibility.
The reality is that no single telemetry source will suffice. It takes a combination of active scanning, passive scanning, cloud-based accounts, agents running on devices and container-aware security to ensure that all of the various networks—and the servers, applications and services running on them—can be monitored and inventoried in real-time.
Comprehensive Visibility Equals Consolidated Visibility
Having broad visibility is not the same as having comprehensive visibility. Putting the tools and technologies in place to achieve and maintain comprehensive visibility is essential, but you also need to have the means to consolidate that information and manage it from a single console or pane of glass.
You need all of the various sources of visibility data to be integrated into a single, comprehensive view so the entire ecosystem can be analyzed, monitored and maintained from one central view. Effective cybersecurity depends on visibility, and comprehensive, real-time visibility in a dynamic cloud environment requires a security platform with both the agility and scalability to keep pace and provide you with the information necessary to prioritize and address issues as they arise.
— Tony Bradley
