Monday, 12 April 2021 12:17

How multi-cloud visibility ensures business continuity

By

GUEST OPINION by George Tsoukas, Gigamon ANZ: Today’s powerful digital applications often span multiple tiers running on multiple on-premises and cloud platforms. This can lead to a fragmented, inconsistent view of data in motion and visibility gaps and blind spots that make it hard to deliver a secure, optimal user experience.

New technology closes the hybrid cloud visibility gap by providing IT with a single, consistent view into all data in motion from Layers 2–7 and East-West traffic across all platforms, including between clouds. This enables operations and security teams to ensure a positive, secure user experience and to optimise tools and traffic costs.

There are many ways that hybrid and multi-cloud visibility is beneficial, even critical, to ensuring application availability and business continuity. 

One of the most common applications and use cases that we’ve seen for this capability is tracking the status of SSL/TLS certificates on the thousands of application and communication servers that make up an enterprise network.

At a business level, if a TLS certificate expires it can take servers offline, leading to service outages, lost revenue opportunities, and reputational damage — which has happened in well-publicised incidents at organisations ranging from Adobe to Yahoo.

At the IT level, dealing with these fire drills is highly disruptive to the flow of IT operations and is very inefficient.

Of course, tracking TLS certificates is a difficult process that is made even more resource and time-consuming by the sheer volume of certificates and keys, often as many as 50,000, that must be tracked.

Because tracking expired, expiring, weak cipher, self-signed or fraudulent certificates is so important and so resource intensive, it is a natural candidate for automation. Yet, as the hybrid network becomes ever more complex, so does automating this process. 

Let’s take an example of an organisation that has decided to create a TLS certificate traffic app on Splunk running on AWS. This app needs to get its tracking information from servers that could be in the public cloud, private cloud, and in multiple on-premises data centres.

Ideally, this TLS tracking information should be sent as metadata to Splunk to minimize traffic flow and consumption-related costs.

While this process is easy to describe, it’s much more difficult to develop and implement. To approach it from scratch, IT would need to build a pipeline capable of logging in to each of the thousands of servers in the enterprise to check on the TLS certificate, and then report alerts of those that are about to expire, are self-signed, have weak ciphers, and so on.

As a result, there are many TLS certificate management solutions available, but many of these are platform-specific, resulting in hybrid or multi-cloud enterprises running multiple certificate management solutions and not being able to easily gain a single view, or overall control of their situation.

With my company’s technology, this process can be radically simplified. A fabric manager provides a single view into all of hybrid platforms and is tightly integrated with cloud-native visibility tools, including AWS Traffic Mirroring, VMware ESX and NSX-T, Nutanix Flow and Prism, and OpenStack Tap as a Service.

This means that our solution has visibility into certificate status and can feed this into a tool like Splunk to automate the management process, saving significant amounts of the ops team’s time, heading off fire drills, and protecting the enterprise against outages.

For anyone wanting to deploy a TLS tracking app on Splunk, it’s much more efficient and potentially less expensive to send this data to Splunk as NetFlow metadata, not raw network packets. Specific new technology can make SIEMs like Splunk much more powerful, efficient and actionable by providing metadata collected from Layer 4 through Layer 7.

Using application intelligence, it’s possible to extract any of 5,000 application and network metadata attributes, including key attributes related to TLS certificates. By sending the right metadata information to our TLS Tracking app in Splunk, IT is able to quickly identify weak ciphers and expired or soon-to-expire certificates.

This is a practical example of the benefits of using advanced tech and a metadata intelligence application to automate and streamline a highly resource-intensive process and one that, if not properly implemented, can have adverse effects on application availability and business continuity, and ultimately on customer and user experience.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments