Illumio’s Raghu Nandakumara explains why zero-trust segmentation is the only cloud security solution able to tackle the increasingly sophisticated threat landscape.
The cloud has evolved into an integral part of the digital infrastructure for companies worldwide. This heavy reliance on cloud technology has, however, expanded the attack surface to an unprecedented scale.
Illumio’s Cloud Security Index shows that almost half of all data breaches now begin in cloud-based systems. These security incidents have significant financial impacts, with the average organisation losing nearly $4.1m annually.
With the stakes so high, it’s clear a new approach to cloud security is needed. The cloud is now business-critical – 89pc operate their high-value applications in the cloud. Yet, despite increasing investment in cybersecurity tools, companies still struggle to maintain the security and integrity of this essential resource. This leads to a pivotal questions: why are conventional security strategies proving inadequate in the cloud environment, and what can businesses do to effectively counter these growing threats?
Understanding cloud security responsibilities
Under the shared responsibility model, cloud service providers ensure the security of the infrastructure, but users themselves are responsible for securing the data and applications hosted on the cloud. Therefore, in the event of a security breach, both the repercussions and accountability almost invariably rest with the organisation.
The implications extend beyond mere data loss; breaches in the cloud can severely and irreversibly affect the trust and reputation of a business, eroding relationships with customers, stakeholders and partners.
According to our recent study, 47pc of UK businesses cited reputational damage and trust erosion as the principal fallout from a cloud breach, surpassing concerns about immediate revenue loss. This shows the tangible value of trust in modern businesses, recognising that while lost revenues might be recoverable, mending a tarnished reputation and regaining lost trust is a far more challenging and often impossible task.
Given the inevitability of cyberattacks, organisations must come to the realisation that they can’t stop every single security breach. So, the focus shouldn’t be solely on prevention but also on demonstrating an organisation’s ability to effectively manage and mitigate a breach when they do occur. This approach is vital in safeguarding the brand’s reputation and maintaining customer trust in the wake of a cloud security incident.
The pitfalls of legacy cloud security models
Traditional security measures like firewalls and intrusion detection systems are almost largely obsolete in today’s cloud security landscape. These tools, developed for simpler network environments of the past, are ill-equipped to handle the complexity and dynamism of contemporary cloud-based threats. Most importantly, these legacy tools don’t provide visibility across the hybrid attack surface.
Yet, many organisations are still applying these antiquated security approaches to their cloud infrastructures, either mistakenly or driven by the lack of resources. Because of this, they’re often unaware of how their network resources interact across a hybrid or multi-cloud environment, which leads to inefficiencies in delivering consistent security policy. The inherent agility and scalability of the cloud requires security solutions that are just as flexible and evolving. A staggering 95pc of IT and security leaders recognise the urgency for enhanced visibility of cloud infrastructure and swifter responses to security breaches.
Alarmingly, many respondents think security limits business innovation and efficiency. Approximately three-quarters believe their organisation’s security strategy hinders cloud adoption. This more than likely results in teams hastily developing mission-critical applications in the cloud without substantial security frameworks, an approach fraught with risk.
Businesses must transition towards more agile, real-time security mechanisms that offer comprehensive visibility without compromising on efficiency. One of the most effective strategies to achieve this is by implementing a zero-trust security model, which fundamentally redefines how security is approached in a cloud-centric world.
Applying a strategy of least-privileged access between resources, zero trust prevents attacks from spreading, contains attacks across cloud environments and allows organisations to keep their cloud assets safe.
Embracing zero-trust segmentation
A key tactic in a zero-trust strategy is zero-trust segmentation (ZTS), also commonly referred to as microsegmentation. Rooted in the zero-trust principle of ‘never trust, always verify,’ ZTS effectively segments and isolates vital assets in the cloud, minimises the attack surface and prevents the possibility of lateral attacks. Under this model, each network segment is independently secured and continuously monitored.
Our research with 1600 IT security decision-makers showed that nearly all respondents believe ZTS can greatly improve their organisation’s cloud security strategy. A large majority also agree that ZTS can improve digital trust, ensure business continuity and bolster cyber resilience.
The bottom line is that the evolution of cloud security requires a transformative approach, with ZTS at the forefront. Businesses must take urgent steps to protect their most valuable assets and ZTS facilitates a responsive and dynamic security posture, aligning with the cloud’s fluidity.
Implementing such adaptive defence strategies not just maintains but enhances an organisation’s capacity to handle and recover from security incidents. This strategic shift can help businesses preserve their reputation and credibility in today’s digital-first world, where cloud systems are the backbone of all operations.
Raghu Nandakumara is head of industry solutions at Illumio, a company that specialises in zero-trust segmentation. Before joining Illumio, he held a number of roles at Citi, including as VP of cloud security engineering and finishing his time there as a senior VP. He has degrees in mathematics and advanced computing.