How Visibility Became the Lifeblood of SecOps and Business Success

The best way to succeed in long-term cybersecurity is to invest in visibility because you can't protect or defend against what you can't see.

PJ Kirner, CTO & Founder, Illumio

November 15, 2021

4 Min Read
Cloud with a lock on it
Source: Haiyin Wang via Alamy Stock Photo

An amalgamation of digital transformation, remote work en masse, and multicloud IT environments have increased complexity and threats in the cloud. As a result, end-to-end visibility is not just a nice to have but a cyber imperative. What's more, in today's world, visibility is more than just essential for SecOps teams: it's a must have for stakeholders across the organization who want to identify and remove excessive privilege from their environments.

In 2020, as every organization became a software company, cybersecurity was all too often pushed to the backburner. But now, on the heels of incidents like SolarWinds, Colonial Pipeline, and New Cooperative, more enterprises are realizing that in order to bolster business resilience and prioritize customer trust long term, every software company must become a security company to succeed. 

In today's world, as ransomware raids continue, every company needs to be a trustworthy custodian of their customer's data and high-value assets – and in order to do that, they must first infuse security into every corner of their business model. The best way for organizations to set themselves up for cyber success in the long run is to invest in visibility because you can't protect (or defend against) what you can't see – and cloud-based threats are only getting worse.

Visibility in the Context of the Cloud
As multi- and hybrid-cloud environments proliferate, and adoption continues to accelerate, the potential for cloud-centric attacks only increases. We are hearing our customers tell us that diversity of infrastructure driven by the need for business agility also brings hidden risks. The weak spots in their enterprise security posture are not in the cloud but, rather, in the gaps between the infrastructure types, such as between the cloud and the data center or between one cloud service provider and another.

Even still, cloud adoption continues to rise. In fact, according to the Gartner Hype Cycle for Cloud Security 2021, "by 2023, 70% of all enterprise workloads will be deployed in cloud infrastructure and platform services, up from 40% in 2020." As enterprise workloads in the cloud increase and new intracloud gaps emerge, there's an even greater margin for error for overworked SecOps teams accelerating into the cloud. Gartner notes that "through 2025, more than 99% of cloud breaches will have a root cause of preventable misconfigurations or mistakes by end users." This means that 99% of the cloud incidents that we'll see in the next three to four years will have been preventable.

While organizations across sectors aim to leverage the agility and innovation of the cloud to accelerate ongoing digital transformation initiatives, they also require purpose-built solutions to address the unique security concerns of this increasingly complex, dynamic environment. This is where visibility in the cloud becomes a vital cybersecurity (and business) asset.

Maximizing Cloud Benefits by Minimizing Risk
In the world of DevSecOps today, there's one essential way to successfully reduce security risk: adopt the mindset of "assume breach," and assume bad actors are already inside of your network, your data centers, or your multicloud environments – because they likely already are. Successful cybersecurity today isn't just about keeping the bad actors out (that's nearly impossible), but also mitigating and containing their reach and frustrating them once they're inside.

This is where visibility comes into play: You cannot protect or defend against what you can't see. You can't reduce risk if you don't know that risk is there, and you definitely can't reduce risk and remove excessive privilege across cloud and IT infrastructures without a holistic and contextual view of them. Think of it this way: Security teams need transparency into the infrastructure and services that are being used in order to better understand what can happen (in terms of risk) and what's actually happening in their environments right now – particularly as the cloud continues to be an essential business catalyst, and hybrid and multicloud adoption continues to accelerate. More reliance on the cloud equals more need for visibility throughout IT environments.

In today's world, visibility is the backbone of cyber and business resiliency. Not only is it impossible to manage an environment that you can't see, but you can't fight bad actors in the dark, either. With comprehensive visibility (i.e., visibility that spans your hybrid, multicloud, and data center environments), SecOps teams are able to make more informed security decisions – bolstering business resiliency and enabling business leaders to make more accurate assessments in regards to the integrity of their organization. Today, holistic visibility throughout both your IT environments and the gaps between your infrastructure types is paramount to cyber – and business – success.

About the Author(s)

PJ Kirner

CTO & Founder, Illumio

As chief technology officer and founder, PJ is responsible for Illumio's technology vision and platform architecture. PJ has 20 years of experience in engineering, with a focus on addressing the complexities of data centers. Prior to Illumio, PJ was CTO at Cymtec. He also held several roles at Juniper Networks, including distinguished engineer focused on advancing Juniper's network security and layer 4-7 services plane. PJ graduated with honors from Cornell University.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights