Insight by Splunk

Reducing the complexity of hybrid cloud through better data

A common refrain over the last five or so years when it comes to cloud computing is that securing applications and data is a shared responsibility.

Agencies cannot set it and leave it, so to speak.

For agency leaders to understand how best to secure the cloud, they need both the data and a strategy that prioritizes mission critical systems and information.

It’s clear that chief information security officers and other agency security leaders must have the right tools and processes to ensure the transition to cloud services happens quickly and safely.

Agencies must get the security right because the move to the cloud isn’t slowing down. Deltek, the market research firm, expects civilian agencies to spend more than $2.1 billion on cloud services this year alone.

Deltek also found that agencies are using more cloud-based cyber tools, with data encryption, continuous monitoring, multilayered defenses and identity access management being the most popular.

Juliana Vida, the chief technical advisor for public sector at Splunk, said for agencies to successfully and securely move to the cloud they must collect, use and understand their data. She said many times that comes down to using the right security framework.

“We all need to be thinking about security because I think the world has learned by now there are enough bad actors out there looking for that precious data. They can sell it or they can use it for ransomware to get money from us. There are plenty of bad people out there and bad actors whose capabilities have gone beyond our ability to just manage it,” Vida said on The Road to Multi Cloud and Hybrid Cloud Success, Managing Security and Complexity sponsored by Splunk. “We all need to really be thinking about how do we leverage technology to help us keep the bad guys out and keep from getting at our data because it’s no longer protected by a firewall or otherwise?”

The data becomes even more important as agencies will remain in a hybrid cloud environment for the foreseeable future.

Vida said on average agencies are using 7.3 different cloud providers creating more complexity to secure and manage their data.

“When you start to stitch all of those [cloud instances] together, what becomes very clear, is the need for visibility, not just within each of those environments, but across those environments. I don’t think this is going to be a shocker to anybody, but every cloud vendor is not really keen on helping you manage your data when you move it into another vendor’s cloud environment. That makes it even harder to manage. But still, the benefits of cloud far outweigh the risks of just staying on-premise,” Vida said. “Agencies and organizations cannot be talking about mission execution without in the next breadth talk about and who’s keeping it secure, how are we monitoring the cloud and who’s going to make sure that if there’s a hack tomorrow, how quickly can we isolate that and move on to execute our mission?”

Vida said this is why concepts like zero trust are front-and-center with more data and applications moving to the edge.

“Agencies need to know where their data is, know what’s happening from end-to-end. The phrase used to be you can’t secure what you can’t see, well, that’s true. You can’t secure it. You also can’t manage it. You can’t predict what it’s going to do. You can’t manage it as you would manage any other valuable asset,” she said. “Not having the kind of oversight, control, governance, predictability with the data, is a problem because data has become as valuable, if not more valuable, than tangible financial assets.”

Agencies need better end-to-end visibility of their data and how it relates to security.

“You can have better visibility of your data but it’s also the people because they just can’t manage it anymore. The volume of data is just too great to put it on the shoulders of those analysts,” Vida said. “Let’s give people the tools that can help them do what they are really skilled at doing so automation, and orchestration can help. All of those capabilities rely on data. There has to be enough trusted data coming in from any source, any format, wherever it’s coming in from, but there has to be enough data coming in to allow those advanced capabilities to actually work.”

Moving to the Cloud

When you start to stitch all of those [cloud instances] together, what becomes very clear, is the need for visibility, not just within each of those environments, but across those environments. I don't think this is going to be a shocker to anybody, but every cloud vendor is not really keen on helping you manage your data when you move it into another vendor’s cloud environment. That makes it even harder to manage. But still, the benefits of cloud far outweigh the risks of just staying on-premise.

End-to-End Visibility

Let's give people the tools that can help them do what they are really skilled at doing so automation, and orchestration can help. All of those capabilities rely on data. There has to be enough trusted data coming in from any source, any format, wherever it's coming in from, but there has to be enough data coming in to allow those advanced capabilities to actually work.

Listen to the full show:

Featured speakers

  • Juliana Vida

    Chief Technical Advisor, Public Sector, Splunk

  • Jason Miller

    Executive Editor, Federal News Network

Sign up for breaking news alerts