Beyond the blind spots: why CISOs must embrace deep observability
Cyberattacks are increasing, and despite global infosecurity spending expected to reach a projected $215 billion in 2024 according to Gartner, organisations are losing ground in the security arms race to threat actors. Cybercriminals are spending more time hidden on corporate networks, and pressure is growing on CISOs to ensure the security of hybrid cloud infrastructure and organizational data.
Failure to secure an organisation can have devastating consequences, with a host of operational, financial, regulatory, reputational, and legal ramifications.
At the same time, CISOs are faced with managing huge volumes of data traffic, a proliferation of endpoints, many of which are ‘un-managed’, and an increasingly complex hybrid cloud IT environment. This is all alongside managing cost reductions. It’s no surprise that cybersecurity is now a core boardroom topic.
In addition to economic and environmental pressures, new regulations around disclosure and minimum-security standards are bringing accountability to the cyber security debate. New regulations assign personal responsibility to those at the top of a business for mitigating a breach. Executives have even faced legal charges for failure to report high profile data breaches in the United States.
As such, boards are seeking reassurances from the CISO: how secure is our organisation? What are we doing as a business to be more secure? What key business processes are in place that will support this level of accountability?
Zero trust, better network visibility
For an increasing number of organisations, adopting a zero trust approach to security is a powerful means to achieve resilience and protect hybrid cloud environments from cyberattacks.
This is substantiated by more than 1,000 security and IT leaders in the Gigamon 2023 Hybrid Cloud Survey which revealed on a global scale, Zero Trust discussions at board level increased from 58% to 87% across the last year.
“Zero trust means that no one person or thing is trusted by default, whether inside or outside the network,” says Stephen Oliver, senior director, EMEA North at Gigamon. “It’s an approach that is gaining traction, even among those struggling to cope with increasing IT complexity and a proliferation of tools.”
The inevitable ‘tool sprawl’ of digital transformation can introduce another element of risk to the organisation – which is exacerbated if security leaders don’t have real-time visibility into all data in motion across their hybrid cloud IT infrastructure. The same applies to governance and risk; it’s impossible to comply with regulations if you can’t see what’s going on in your environment, or where all your data traffic is coming from or going to.
Deep observability is key here, and its tie to zero trust has been reaffirmed in studies, including how critical it is in securing and managing hybrid cloud IT infrastructure.
Observability vs. deep observability
Observability is often used to describe this insight into what’s on a network. But when it comes to zero trust, organisations need to think beyond surface level visibility. Security and observability tools must bring together log-based data with network-derived intelligence if they are to provide deep observability across a company’s hybrid cloud – one that spans the data center, private and public cloud, along with virtual and container workloads.
“A true zero trust approach rests on a foundation of real-time, network-level visibility, and this includes monitoring East-West (lateral) traffic for behavioural anomalies and insight into all traffic in transit, even encrypted traffic,” says Oliver.
Instead, deep observability provides 360-degree visibility into the hybrid cloud IT infrastructure, applications, and systems that go beyond existing MELT (Metrics, Events, Logs, and Traces)-based approaches, incorporating real-time network-derived intelligence and insight.
Deep observability, as enabled by Gigamon, can serve as a foundation initiative, be it maximizing tooling investment, or charting a path to zero trust.
“Zero trust demands exceptional visibility across your entire network,” says Oliver. “This deep observability is powered by the combination of data and insights collected by existing security, observability tools, and network telemetry. It’s this combination that provides the real-time intelligence and insights that can help drive a zero trust approach.”
The pillars of zero trust
Understanding how to achieve zero trust and what it requires is therefore paramount for CISOs. The CIS Critical Security Controls (CIS Controls) is a set of best practices for organisations looking to strengthen their security posture. The first step? A commitment to visibility.
“It’s important for CISOs to have visibility of all network traffic flowing within their IT infrastructure for security and performance monitoring, and the way to achieve that is by deploying a deep observability strategy,” says Oliver.
“Being able to see everything in your IT environment is the first and foundational pillar of a zero-trust-based strategy – and it’s one that cannot be overlooked.”
Zero trust is here to stay. The adoption of zero trust has even been mandated for government organisations in the United States, and it is likely to expand to other regions. In the UK, the national cyber security centre’s cyber essentials scheme is now completely aligned with a zero trust architecture.
“It is critical that CISOs, given their evolving responsibility and increased accountability, have deep observability across networks and cloud environments, to enhance security outcomes and mitigate risks and costs,” says Oliver.
“At Gigamon, we deliver a foundational pillar that provides complete visibility into all data that runs across an organisation’s hybrid cloud IT environment.”
Deep observability clears a path for successful journeys towards zero trust. Think about how a fully-lit street is safer than a dark one – your networks are no different. Gaining complete visibility into the network is the equivalent of lighting up the whole street.
Learn more about why deep observability is foundational to zero trust with Gigamon