Agencies will continue to exist in a multi-cloud world for the foreseeable future.
But what is changing is how agencies need to protect that multi-cloud environment needs from cyber threats.
Experts say during the pandemic three trends emerged around cybersecurity. First, the acceleration of digital services increased the threat surface putting assets and infrastructure at risk. Second, the risk to systems and data expanded with more employees working remotely. And third, there was a global surge in malicious cyber attacks.
While agencies initially turned to virtual private networks and other security tools, moving forward agencies will need more sophisticated tools and approaches to deal with the complexity of their networks and the need to continually improve their security posture. This has to happen while reducing infrastructure friction and accelerating incident response and mitigation times.
One of the ways to try to stay ahead of threats and ensure your infrastructure meets its needs is through advanced data analytics.
Chip George, the vice president for U.S. public sector at Nutanix, said agencies must continue to improve their cyber postures and deliver on mission needs by taking advantage of the data from their security operations centers and other tool sets.
“This stress on the underlying network if they’ve gone multi-cloud and multi-site and work from home, is caused by all that data,” George said on the Innovation in Government show sponsored by Nutanix. “That takes away from what they want to do, which is address the threats and focus on the actionable intelligence. And that’s what we’re trying to convey that what we’ve seen is you’ve got to figure out a way in a model that that that brings together or converges a bunch of the major things that you’re attacking in the data center simplifies that, and lets people focus on what they want to focus on, which is the cybersecurity threats.”
Juliana Vida, the chief technical advisor for public sector at Splunk, said by turning to advanced data analytics capabilities, organizations and people will be more productive even while managing through the new complexity of remote work and through the acceleration of moving to the cloud.
“Think about just all the different management challenges, the configuration management and application rationalization everything that has to go along there. So when we talk about that complexity observability or visibility is another benefit that a full data platform like Splunk. We help organizations see not just into one of those clouds in that multi cloud environment, but across all of those clouds and other platforms aren’t going to help customers look into their competing cloud vendor’s environment and help find where they can make tweaks or where they can make adjustments or where there might be cybersecurity challenges,” Vida said. “A neutral data platform like Splunk can help customers look across those different cloud environments provided by different cloud vendors, and give a full view of where there can be tweaks, where applications can be moved and changed, micro services incorporated and so on. It really does help agencies be more efficient and effective in how they work in these multi-cloud environments.”
The data also can help agencies move toward a zero trust framework. By collecting data from a variety of sources, agencies can begin to segment their networks.
“As part of zero trust, you want that almost firewalled experience down at the virtual machine level,” George said. “They’re the data that all this extra data you brought in is now separated and walled off in that micro segmented way and hopefully implemented and managed in a easy to consume way as easy as possible. That is just as important, if not more important, as you get to a hybrid cloud.”
Vida added with the expanded attack surfaces because of remote work as well as the complexity of hybrid cloud, it becomes more important for employees to be authenticated not just at the front door, but at each new point on the network.
“Each one of those points, every one of those assets must be verified, and must be put through some kind of analytics to decide should they be trusted do should they be allowed to come in. That kind of helps give people a framework of what are we talking about when we talk about a zero trust framework, and from that perspective, data truly is the key element,” she said. “If you’re not protecting it, shielding it and leveraging it in the right way, all throughout an ecosystem or an environment, there’s going to be a breach somewhere and you’re going to lose control. So for Splunk, specifically, in the zero trust framework, there is constant monitoring, there is automation and orchestration, there is cybersecurity and network monitoring.”
The other side of the data coin is disaster recovery and continuity of operations.
George said if a breach happens and an agency has to recover, the cloud provides agencies with an ability to have a safe copy of their data stored away from the threats and the ability to have an immediate failover.
“The fact is you need to prepare for it. People know the cloud has helped because sometimes it acts as an off-premise disaster recovery site. Sometimes you’re failing over from a cloud to another cloud,” he said. “These make all of those issues complex, what makes it easier is if you could have the same operating system, that does all of those core functions, like server storage, networking, virtualization, and have that same OS in the cloud that you could recover to right away. That’s where we’re seeing people go. That’s what we’re seeing people ask about, especially in these big data intensive apps, like Splunk that we’re working with.”