Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Monday, 12 April 2021 12:17

How multi-cloud visibility ensures business continuity

By

GUEST OPINION by George Tsoukas, Gigamon ANZ: Today’s powerful digital applications often span multiple tiers running on multiple on-premises and cloud platforms. This can lead to a fragmented, inconsistent view of data in motion and visibility gaps and blind spots that make it hard to deliver a secure, optimal user experience.

New technology closes the hybrid cloud visibility gap by providing IT with a single, consistent view into all data in motion from Layers 2–7 and East-West traffic across all platforms, including between clouds. This enables operations and security teams to ensure a positive, secure user experience and to optimise tools and traffic costs.

There are many ways that hybrid and multi-cloud visibility is beneficial, even critical, to ensuring application availability and business continuity. 

One of the most common applications and use cases that we’ve seen for this capability is tracking the status of SSL/TLS certificates on the thousands of application and communication servers that make up an enterprise network.

At a business level, if a TLS certificate expires it can take servers offline, leading to service outages, lost revenue opportunities, and reputational damage — which has happened in well-publicised incidents at organisations ranging from Adobe to Yahoo.

At the IT level, dealing with these fire drills is highly disruptive to the flow of IT operations and is very inefficient.

Of course, tracking TLS certificates is a difficult process that is made even more resource and time-consuming by the sheer volume of certificates and keys, often as many as 50,000, that must be tracked.

Because tracking expired, expiring, weak cipher, self-signed or fraudulent certificates is so important and so resource intensive, it is a natural candidate for automation. Yet, as the hybrid network becomes ever more complex, so does automating this process. 

Let’s take an example of an organisation that has decided to create a TLS certificate traffic app on Splunk running on AWS. This app needs to get its tracking information from servers that could be in the public cloud, private cloud, and in multiple on-premises data centres.

Ideally, this TLS tracking information should be sent as metadata to Splunk to minimize traffic flow and consumption-related costs.

While this process is easy to describe, it’s much more difficult to develop and implement. To approach it from scratch, IT would need to build a pipeline capable of logging in to each of the thousands of servers in the enterprise to check on the TLS certificate, and then report alerts of those that are about to expire, are self-signed, have weak ciphers, and so on.

As a result, there are many TLS certificate management solutions available, but many of these are platform-specific, resulting in hybrid or multi-cloud enterprises running multiple certificate management solutions and not being able to easily gain a single view, or overall control of their situation.

With my company’s technology, this process can be radically simplified. A fabric manager provides a single view into all of hybrid platforms and is tightly integrated with cloud-native visibility tools, including AWS Traffic Mirroring, VMware ESX and NSX-T, Nutanix Flow and Prism, and OpenStack Tap as a Service.

This means that our solution has visibility into certificate status and can feed this into a tool like Splunk to automate the management process, saving significant amounts of the ops team’s time, heading off fire drills, and protecting the enterprise against outages.

For anyone wanting to deploy a TLS tracking app on Splunk, it’s much more efficient and potentially less expensive to send this data to Splunk as NetFlow metadata, not raw network packets. Specific new technology can make SIEMs like Splunk much more powerful, efficient and actionable by providing metadata collected from Layer 4 through Layer 7.

Using application intelligence, it’s possible to extract any of 5,000 application and network metadata attributes, including key attributes related to TLS certificates. By sending the right metadata information to our TLS Tracking app in Splunk, IT is able to quickly identify weak ciphers and expired or soon-to-expire certificates.

This is a practical example of the benefits of using advanced tech and a metadata intelligence application to automate and streamline a highly resource-intensive process and one that, if not properly implemented, can have adverse effects on application availability and business continuity, and ultimately on customer and user experience.

Read 1610 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




GET READY FOR XCONF AUSTRALIA 2022

Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.


Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event

GET YOUR TICKET!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Staff Writers

Our Staff Writers and Guest Writers contribute content to iTWire each day and they are a valuable asset to the team. If you want to be a staff writer please contact us.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments