Security Experts:

Illumio Brings Visibility, Zero Trust Principles to Hybrid Cloud

A new product seeks to solve the two primary security issues that come with moving to the cloud: the danger of accidental misconfigurations and the loss of visibility. 

On the first, Gartner suggests, "Through 2025, more than 99% of cloud breaches will have a root cause of preventable misconfigurations or mistakes by end users." It further warns that, "By 2023, 70% of all enterprise workloads will be deployed in cloud infrastructure and platform services." 

The lack of visibility means that security teams may be unaware of the misconfigurations and will be unaware of what is happening to and with the workloads within the cloud. Security cannot protect what it cannot see.

Illumio is tackling both problems by extending its Core datacenter zero trust/segmentation solution into the hybrid cloud with a new CloudSecure offering. After gaining visibility and locating any misconfigurations, CloudSecure improves the security posture by adding zero trust principles natively via the cloud’s own security controls. CloudSecure is available now for AWS, and will include Azure and Google Cloud in 2022.

[ READ: Survey Shows Reasons for Cloud Misconfigurations are Many and Complex ]

CloudSecure is agentless. It works by analyzing the traffic flow between the cloud and local datacenter, and relating this to all it knows about the implementation from both the cloud provider and the customer. It knows, for example, whether it is seeing the totality of traffic by comparing what it sees with the providers’ logs.

The result, explains Illumio CTO and co-founder PJ Kirner in an associated blog, is, “You’ll have a map of the workloads in your cloud environments and how they’re communicating with each other. You’ll gain an understanding of all the objects and associated metadata inside those environments. And with that understanding, you can identify your risks, understand how to prioritize your efforts, and take the right actions to make your organization more secure.”

CloudSecure does not simply provide visibility into the cloud. It analyzes what it sees and provides recommendations to allow customers to move towards its Core functionality: segmentation and zero trust. This is all achieved by configuring the cloud provider’s own controls – but it does so from the position of complete visibility.

The analysis of traffic provides both visibility and context, including which applications and services are talking to each other. Raghu Nandakumara, Field CTO at Illumio, explained the process. “It gives us a way of interacting with cloud services natively to ingest information about those services,” he said in an interview with SecurityWeek.

[ READ: Despite Warnings, Cloud Misconfiguration Problem Remains Disturbing ]

“We obtain both the metadata that describes the service and the flow information associated with the service. That information allows us to build an application-dependent E-Map. Using the map with the existing security configuration of the service – obtained by integrating CloudSecure with the customer's existing customer accounts to understand the existing controls via the provider's ACIs – we are able to give our customers insight into what exposures and risks exist, and then help the customers mitigate and minimize those risks by tightening the controls around the services.”

“Once you understand what is allowed and how those things are connected,” added Kirner, “CloudSecure recommends rules and safely programs Zero Trust policies using cloud native security controls like AWS Security Groups.” 

First comes the recommendation. If this is accepted, CloudSecure can automatically apply least privilege zero trust policies to cloud segments through Security Groups to stop any unapproved lateral movement. But again, this is done from the basis of complete visibility into what is happening within the cloud implementation.

CloudSecure is effectively an extension of Illumio’s Core datacenter product. The result is an integrated zero trust solution across both local datacenter and cloud workloads.

Sunnyvale, California-based Illumio Inc was founded in 2013 by PJ Kirner (CTO) and Andrew Rubin (CEO). It has raised a total of $557.5 million –most recently from a Series F funding round of $225 million in June 2021 – valuing the company at $2.75 billion.

Related: Micro-Segmentation for Endpoints Shows Promising Defense Against Lateral Movement

Related: Survey Shows Reasons for Cloud Misconfigurations are Many and Complex

Related: Despite Warnings, Cloud Misconfiguration Problem Remains Disturbing

Related: A Deeper Dive Into Zero-Trust and Biden's Cybersecurity Executive Order

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.