Overcome Your Cloud Roadblocks

On-Demand

Video Transcription

Andrew Lintell:
Hello, everyone, and good day. And welcome to the FireMon Transform Webinar on how to overcome your cloud roadblocks. A very warm welcome to everyone who’s attending. If you’d just like to give us a few more moments as the viewers start to join the call, we should be commencing shortly.

Andrew Lintell:
I’d like to direct your attention, in the meantime, towards an online audience poll that we’re running at the moment. There is a question on your screen, which you can answer anytime during the course of the presentation. But I would certainly welcome you to submit your response, that would be very helpful, and we will discuss as part of the Q&A at the end of the session. Thank you very much. We’ll start shortly.

Andrew Lintell:
Welcome to those attendees who have just joined. Just let you know, that we are having a couple of moments waiting for a few more viewers to join us, and we will come in shortly. Thank you.

Andrew Lintell:
Welcome, everyone. Many thanks for attending. I’d like to welcome you all to the FireMon Transform Webinar on how to overcome your cloud roadblocks. Let me introduce myself just before we start. My name is Andrew Lintell. And I am the Vice President EMEA for FireMon. I’ll be joined by several colleagues, which I will introduce to you shortly. But thank you very much for attending.

Andrew Lintell:
We will get started. And we certainly have got a really healthy audience for you now, so thank you very much. We shall start the proceedings. I will also direct your attention towards an online poll that we’re running. This is available live now for you to submit. I’d certainly welcome your submissions and responses to the question that we’re posing. And on top of that, we will be keeping that live all the way through to the Q&A session at the end where we will discuss some of the results. So please do look out for that while we’re doing it.

Andrew Lintell:
Okay, so let us start. Let me introduce some of my fellow presenters. We have been joined by a mixture of people from FireMon, but also delighted to have the guest speaker today in the form of Bryan Littlefair. Bryan is the CEO of a company called Cambridge Cyber Advisers. He’s also the former CISO of several very well-known institutions and companies.

Bryan Littlefair:
Hey, everyone, it’s Bryan Littlefair here. So I think we’ve had a bit of an issue with Andy’s audio there. So, while he’s reconnecting, it’s Bryan here, so I’ll kind of lead until we get Andy back. So as Andy says-

Andrew Lintell:
Apologies. I am back. Sorry.

Bryan Littlefair:
There we go.

Andrew Lintell:
My phone just cut off there.

Bryan Littlefair:
There we are, there you go.

Andrew Lintell:
Thank you, Bryan. There we go. All right, so sorry about that, everyone. So, anyway, we have Bryan, thank you very much for stepping in there, CEO of Cambridge Cyber Advisors and former CISO of companies such as Aviva and Vodafone. In addition, on the FireMon side, in addition to myself, Andrew Lintell, we have Nilesh Mapara, and he is one of our senior solutions architects in the European business. So welcome, Nilesh. And we also have Kostas Lotsis, who is one of our senior sales engineers, again, in the European business. Okay, let’s get started. Over to you, Bryan.

Bryan Littlefair:
Thank you, Andy. So, hi, everyone, it’s Bryan Littlefair here. So very kind of Andy’s introduction. So I like to think that I’ve got a fair amount of experience being a global CISO. And obviously, it’s a strange situation that we find ourselves in at the moment with, obviously, some of the situations that are happening around the world.

Bryan Littlefair:
And certainly from a CISO perspective, in my current role, I spend a lot of time with CISOs in various different sectors, and also a lot of the board members as well. So I like to think I’ve got a good visibility of a lot of cross-sector issues and how people have approached this particular challenge that we find ourselves in.

Bryan Littlefair:
So put this graphic up in the top-left, and I saw this floating around and LinkedIn, and many of you have probably seen it in this guy’s or several others are floating around as well. But it’s quite representative, I think, in terms of who’s actually driven the digital transformation within your organization. Is it the CEO, is it the CTO, or is it actually been the COVID-19 situation that we find ourselves in at the moment?

Bryan Littlefair:
Speaking to many organizations, obviously, the pandemic flu policy is a typical inclusion in the security policy set. But honestly, how much attention was really paid to that? Was there an expectation that it would kick in to the degree it has today and where we find ourselves in?

Bryan Littlefair:
And equally, many organizations, even looking at the business continuity or the crisis management policy side of things, the old, in some cases, are assumed standing up a capability elsewhere. So, if you lost your headquarters, obviously, you had an environment elsewhere to transition operations to. But very few actually had assumed a global stand down and a global lockdown. And how do you actually manage in that situation? So it’s certainly been an interesting time. And, obviously, everyone’s had to cope to a greater or lesser extent.

Bryan Littlefair:
I think we have to recognize and celebrate the security professionals that are out there and on the call today, because decisions had to be made to enable the business to continue operating. But many have had to risk accept some measures, which are going to need addressing in the short and medium term. So this needs to be rebalanced by a series of process and technology changes.

Bryan Littlefair:
So, if we think as security professionals, we’re accustomed to managing risk down. But we find ourselves today where many of us have had to temporarily, or certainly for the midterm, approve risk, which has arguably increased the risk position of our organizations. And we’ve had to do that for some genuine reason that we have to keep the business operating.

Bryan Littlefair:
I’ve been speaking to organizations that have had to enable BYOD because they didn’t have enough of it equipment to actually service all of the employees working from home. They had things like call centers and contact centers, et cetera, where employees would typically come into that environment and share a desktop, so those people weren’t provisioned as standard with a laptop. And as we all know, there’s been a bit of a global shortage on laptops, everyone’s kind of been scrambling for that short supply.

Bryan Littlefair:
And many have experienced issues to a greater or lesser extent. But the business is still operating, it is still moving forward. And I think now, certainly as security professionals, CISO, CIOs, and IT leadership teams, we have to reflect on what does the future hold for us, what is the new norm that we’re going to go into, and how do we improve things?

Bryan Littlefair:
And for many, one of the big bottlenecks has being bringing all of that bandwidth back on-prem into the enterprise. So there’s a great desire to shift as many application stacks, the VPN concentrators, Citrix, or remote access, and voice as well for call and contact centers, into that cloud environment and to help balance that risk out. Andy?

Andrew Lintell:
Thanks, Bryan. That’s certainly from CISO’s perspective. Let me talk from what we’re seeing in our particular customer base and from an experience from a vendor’s standpoint. For those of you who may or may not be aware, FIreMon are one of the leading providers in the network security policy management space. And we have many enterprise customers in over 70 countries.

Andrew Lintell:
So we’re constantly talking to them and understanding the challenges that they’re facing and obviously how we can better address the issues and the challenges and make more efficient working practices for the security and networked environment.

Andrew Lintell:
And what we actually did at the beginning of early March, detecting that this was going to be quite a game changing situation with the current disruptions that we have, we started to poll and survey quite a few of our enterprise leaders and the thought leadership people within the corporations that we deal with, and we wanted to take a series of soundings throughout the course of the change process just to try and understand where are the priorities and exactly where is the thought process at the moment in leadership within our customers, so that we can better anticipate and hopefully provide solutions and value back to them.

Andrew Lintell:
And what we found very early on, in early March, was that very much the thinking was clicking into an adapter survive mode. So trying to understand exactly where do we go from here immediately, what is the immediate need to support the business as people were starting to work from home, how do we provision that?

Andrew Lintell:
So business continuity plans really coming into the fore. I’m sure many of you have had to do in recent weeks. Focusing on the infrastructure, making sure VPNs and the necessary physical kits, so laptops and what have you, were available, as well as the VPN connections and the necessary access provided, which, of course, does create a fair amount of additional workload for the security operations team, but all about supporting remote collaboration.

Andrew Lintell:
What was interesting was the customer still wanted to maintain very much a focus on the customer-facing digital initiatives that they were running. So still trying to facilitate and provide high quality premium customer experiences in order to make sure that the customers can still access and obviously obtain services, products, and goods that the businesses were offering. And then cyber security was still very much a priority, although trying to evaluate exactly where the particular issue would be.

Andrew Lintell:
Now, this was the beginning of March. You fast forward just a couple of weeks, really, towards the end of March and early April, and this is a very interesting time. This is where customers were starting to come out of the BCP rollout. And very much, it was a question of saying, “Right, well, we now have people working from home, broadly, they are enabled, they are obviously able to be functional and effective in their roles.”

Andrew Lintell:
So where is the current situation now? And the sounding that we took at the beginning of April starts to look at opportunity in crisis, we called it. And this is really where business leaders and security professionals started to understand, well, how can we, if you like use this situation to try and accelerate more innovative ways of working, how do we support digital transformation faster? In order to do that, of course, we have to concern ourselves with increased efficiency and agility. And that is not necessarily a situation that’s very friendly to achieving a high degree of security.

Andrew Lintell:
So, looking at their preferences for enabling agile methods, now, it’s great from a perspective from digital transformation standpoint, as I say, creates some challenges when it comes to delivering a high security model at the same time. And really, this is where the cloud piece comes in. So it’s one of the enablers to agility, to faster working practices internally within the company, and for faster operations. And that, in itself, represents quite a challenge.

Andrew Lintell:
And the security remained very high on the agenda at this period, during early April and continuing. And certainly have a new area of how do we innovate, how can we do better with our current working practices in order to achieve and enable this kind of transformation and agility?

Andrew Lintell:
And that really was the question that a lot of customers were asking themselves, and also asking their partners and vendors such as FireMon. So, just in summary, really, from the enterprise surveying that we were doing in this period, the three key takeaways that we drew out of it and a breeze pretty much formed our view in terms of how we feel that we can help.

Andrew Lintell:
Customers are really asking how do I create and enable more resilient, scalable, and robust systems and operations and processes across the enterprise in order to be ready for what’s next? If major change is still in the wind and still have to be getting ready, how do we get on to the right kind of footing to be able to be agile enough to make use of either technological or working practices that can help support the business in these unprecedented times?

Andrew Lintell:
And really, that comes down to how do we enable increased speed. And speed of operations, speed of change, speed of security, speed of enablement and delivery of services, and ultimately, continued presence of customers. And a less dependence on currently slow error-prone and manual tasks or processes, particularly for critical services.

Andrew Lintell:
And we can break those three areas down into basically these silos. And we’re really having a series of polls now, this is the first of our Transform Webinars, and we are focusing on increased cloud adoption on this particular call. But there are another two key areas that were raised during this survey.

Andrew Lintell:
And one of which would be the role of automation, particularly when it comes to security and security policy management, and also the need for an increased amount of visibility. If you can’t see it, you can’t measure it. So those are another two series of calls that we’re going to be having in the coming weeks. For now, we are focusing in on exactly those pieces here.

Andrew Lintell:
So, looking at this particular piece, let’s look at the cloud piece that we’re looking at right now. We’re going to then, therefore, move into another piece of key research that we have actually done around the state of the hybrid cloud. Now, this is an annual report that the FireMon run. Again, we polled customers, and prospects, and also people who are thought leadership areas in the security industry, and we are basically looking at trying to understand what are your current five roadblocks and concerns when it comes to adopting moving workplace to the public cloud.

Andrew Lintell:
And very interestingly, I’m sure a lot of these will not be too much of a shock for a lot of people, but it does seem to depend on the customer as to which priority these are set. So cyber attack is obviously very high on the agenda, and the concerns are the loss of control and perhaps the increased exposure moving to a public cloud for the critical tasks it might well present.

Andrew Lintell:
The need to remain in compliance, having to control that outside of your own domain, if you like, having to extend your compliance controls, you’re still very much responsible for them. And, of course, the regulations don’t go away just because you’re using a cloud environment, so how do you keep, maintain, and manage that on an ongoing basis.

Andrew Lintell:
The other thing that was very, very key was the relative lack of cloud expertise on migration issues. But really, you’re not just moving one single process to the cloud, it’s like an ecosystem shift. So a lot of customers felt that they didn’t necessarily have all of the access to what they felt was a degree of expertise that they would normally have on an on-prem situation. So that did throw up a lot of challenges and a lot of concern.

Andrew Lintell:
The lack of visibility. Again, moving it, if you like, to somebody else’s environment effect can also cause a degree of discomfort when it comes to understanding exactly what that particular environment looks like and how to control it.

Andrew Lintell:
And certainly not last, but least on the list, is looking at the sheer complexity. More often than not, we have a lot of teams that are managing both on-prem and now cloud environments as well, together side by side. And the complexity of actually managing what is the existing infrastructure is already a very significant task. So when you lay on top a cloud infrastructure and a new environment to manage, how is it possible to extend the control plane across both these areas in order to ensure that a high degree of agility as well as high security is delivered?

Bryan Littlefair:
Good. Thanks, Andy. So I think this is a really powerful statement on this slide, actually, and I’ll give you a couple of seconds to read through it while I talk. But nearly all successful attacks and cloud services are the result of customer misconfiguration, mismanagement, and mistakes.

Bryan Littlefair:
So this is some research that’s coming out of Gartner. And I’m looking at the poll at the moment, and more audience members, please take part in the poll. But based on what Andy was just saying, the biggest concern coming from the audience at the moment is lack of visibility and control. And that lack of control aspect can certainly lead to misconfiguration.

Bryan Littlefair:
So there is a definite uncomfortable feeling for some when moving to the cloud. Obviously, you’re putting a new cloud provider in the mix and they’re responsible for certainly managing a blend of that end-to-end solution, and we’ll cover that on the later slide.

Bryan Littlefair:
But we all know how easy it is to actually get in a situation where you have some misconfigurations. When you’re driving the complex cloud environment that perhaps you don’t have a great skill depths within your internal team and that is your first foray into the cloud, if you like.

Bryan Littlefair:
And if you’re driving those manual processes. So you’re doing manual configurations, you’re doing manual policy configurations, you’re manually turning off on and off ports, you’re manually creating your zones, you’re manually spinning up instances and putting those appropriate security wrappers around them, obviously that leads to errors. We are only human, and humans are capable of making mistakes, including myself.

Bryan Littlefair:
But surely, in my current organization, we perform a lot of red team exercises on organizations around the globe. And it’s very common for us to find instance of open ports that shouldn’t be there or administration consoles that shouldn’t be visible to the external internet. And this is symptomatic of the complexity for some in terms of moving to the cloud.

Bryan Littlefair:
And that’s really where we need to focus on effective posture management, which is really some of the key findings that are coming out the Gardner report. So, rather than running manual processes, obviously, we need to know what we have in our cloud environments. And that’s going to be more complex for some than others.

Bryan Littlefair:
Some of us are using cloud brokers, so we have multiple cloud instances at the same time. Some of us tear up and tear down applications as and when that they’re acquired, others may keep them static, et cetera, so that’s a different model for each organization. But fundamentally, you absolutely need to know if you’re going to have that governance and control, if you’re going to have that visibility, if you’re going to be able to manage the complexity of your new on-prem/off-prem model.

Bryan Littlefair:
You need to know where it is, what it’s doing, what’s its configuration status so you can have that assurance and governance from the security perspective going forward. So you need to be able to drive that visibility, and obviously coming at it from that simplification angle.

Bryan Littlefair:
So Andy talks a little bit about complexity on the last slide, and we all know the saying that complexity is the enemy of security, and in my experience, that’s absolutely true. If something is inherently simple, then it’s fairly simple to also secure it. If you have a very complex infrastructure and environment, then naturally, it becomes more complex to manage.

Bryan Littlefair:
So don’t just lift and shift the complexity that you have inside your organization to your cloud infrastructure, but perform the transformation, perform the upgrades, et cetera, at the same time, so that you end up with a much simpler environment to be able to manage in the cloud.

Bryan Littlefair:
And the most important aspect is obviously the automation of workflows. So being able to manage that on-prem/off-prem mix with a fairly static resource pool. You need to be able to automate as much as possible. You want to be able to replicate at least the security that you have on-prem/off-prem. So how can you leverage the technology and the capabilities that you get from your cloud providers to be able to tap into those APIs to automate those workflows, and ultimately, automate or codify your security policy into that environment.

Bryan Littlefair:
So that you can have the governance and assurance over wherever your cloud environments are hosted, you know that they are secure, you’ve got the visibility, you can see your vulnerabilities, and you can manage them effectively, and you’ve got that operational governance going on as well over the top. But please continue to complete the poll, and obviously, we’ll reference that insight and information throughout the following slides as well.

Bryan Littlefair:
So, from a compliance perspective, we’re looking at, obviously, compliance roadblocks. And what that means to me is compliance and regulation is only going to increase. You look at what’s happening around the world, you look at obviously what the UK is focusing on from its financial services sector, like CBEST, TBEST, we know that regulators are talking, which I think is a good thing.

Bryan Littlefair:
Because when you run a global enterprise, for example, when I was a CISO at Vodafone, 63 different countries, 63 different regulatory bodies, 63 different levels of expectations, and that’s a highly complex environment to actually run. So we all obviously run fairly similar businesses, if it’s a global telco, so I’m looking for a harmonization of regulation, but I think that is still a long way off. But we are starting to see some embryonic growth there, which is certainly possible.

Bryan Littlefair:
I think it’s definitely arguable that the compliance focus and the regulation focus is driving an uplift in cross-sector security, but obviously, there’s a focus on the critical national infrastructure in your various different countries. And that’s obviously driving that uplift going forward.

Bryan Littlefair:
But we don’t want the compliance and the regulation to get overbearing, which it can very easily do. Because it can be very complex. And certainly, if you are running a global telco, or global pharma, or any big global institution, you can find yourself having sequential audits for various different compliance or regulations, et cetera. So the view is that, again, to look how you can simplify that and cover off the auditing activity as a single pass or certainly as a few passes as possible.

Bryan Littlefair:
But organizations need to understand this changing landscape inside out. And obviously, we’ve seen some of the increased fines that are being levied post-GDPR. And I’d like to bring Kostas in here, from the FireMon perspective, so he can actually talk about some of the things that he’s seen with his customers. So, Kostas, over to you.

Kostas Lotsis:
Okay. So thank you, Bryan. What we have seen with most customers is that a lot of times when it comes to compliance, it can be a very daunting task to actually fulfill that requirement. So, in some organizations, it’s very manual and it takes a lot of time. So it puts a lot of impact in the business as well and also the people that they are actually doing that.

Kostas Lotsis:
So, within firewall, we can actually automate this process in terms of compliance. And what we mean by compliance is basically following a rule or another. So you have to ensure that what you have done, you can actually prove it, documented, and show it. So, basically, that you comply with regulatory scheme, you comply with government regulations.

Kostas Lotsis:
And a lot of times, it’s also the case that when we run a compliance, it’s like, okay, what can we learn from that? So compliance is not just giving us a chance actually to prove that we are doing it right, but also how we can actually reflect and improve our processes.

Kostas Lotsis:
So what we take, let’s say, within the hybrid environment, whether this is on-prem and we’ll have compliance, we’ll have to actually move that across also and see, “Do we have the same on the cloud? Do we need to improve anything there?” Because, at the end of the day, we can face qualitative and quantitative repercussions in terms of our brand image or as we have highlighted before, it can actually be an fines that nobody wants actually to face within a business.

Bryan Littlefair:
Great. Thanks, Kostas.

Kostas Lotsis:
I think when it comes to my favorite subject, having spent a lot of time in the field, we have seen so many misconfigurations. And the surprising fact is that this is the biggest threat. It’s internal, it’s not external. We are concerned about cyber attacks, but a lot of times, we are opening the door by making mistakes.

Kostas Lotsis:
So we have seen, we have so many outages, for example, they are caused about from mistakes. So about 83 of unplanned network outages are caused by mistakes, and 70% of them are firewall related. So, I remember, in my times in the past, we had an outage, but actually, it was not caused by the firewall itself. It’s basically the firewall failover, from active to standby.

Kostas Lotsis:
We thought everything is fine, we can see the firewall up and running. And then it was like, “Oh, hold on a second, we haven’t updated the policy on the secondary firewall.” So there was no access to the services, customers were complaining, and then we went back and we reflected on them and we said, “Okay, how can we actually safeguard that, how can we actually improve the process here?”

Kostas Lotsis:
And what we have come up with a solution, was basically not only documenting each and every change, but also safeguarding that with automation. So because most of the misconfigurations are going to happen when you are under pressure to make a change, when the team doesn’t have a lot of resources, and so when there is no time and, of course, a lot of miscommunication.

Kostas Lotsis:
So, if you don’t follow a standard process, and that you have all the information in hand, you know your environment, you’re a bit too much doomed to fail. So, at end, let’s consider also the lack of expertise sometimes, and people are afraid to move, let’s say, to a new technology because they don’t have the right professionals. They cannot employ professionals with the right skill set in order to be able to have this kind of expertise.

Kostas Lotsis:
That even if something, let’s say, happens within an organization, that they can recover quickly. So, not only we can have a misconfiguration, but also do we have the knowledge to go back, to rollback, and basically rectify the situation? So typical examples that we’re having misconfigurations that usually cause data breaches is allowing access to a vulnerable host, access that they can bypass the Stealth Rule, complex policies. When we go and update complex policies, the risk is higher. And making changes, a lot of times, we can send out to the wrong policies.

Kostas Lotsis:
Plus, one of the things that we noticed and we can actually help with a FireMon solution is basically allowing rules to bypass… Basically looking into rules that they have been unused, access to accounts that they shouldn’t be there, basically access to certain subnets or certain protected zones and DMZ that they shouldn’t be allowed and they should be protected.

Kostas Lotsis:
So what we actually say here, human error is inevitable that is going to happen in manual process. So we’ll have to take a step. And it’s not a risk, we actually mitigate the risk. We have to take a step to automate the change process. And we have to eliminate this kind of guesswork, the ifs and buts, but basically to put a solid framework with automation to reduce and mitigate a risk and basically aligned with the business goals. Because in today’s world, it’s active 24/7, we cannot afford any outages, we cannot avoid them, but at least we can actually reduce them.

Nilesh Mapara:
Thank you, Kostas. And that brings us to visibility, one of my favorite subjects. Because when you think about visibility, it is simple. In its concept, it’s great, it’s simple, but it’s very difficult to implement. Getting the full visibility across your network and to understand the scale of the problem that we are facing, I’d like to ask you a very simple question. If all of you, at your home, have an internet connection, how many devices connect onto that network?

Nilesh Mapara:
When you start to think, and when you start to account for the TV, smart TVs, mobiles, laptops, computers, tablets, feeding, Alexa, the gaming console, the alarm system, the thermostats, the list just keeps on growing, you realize that we have a huge amount of IP consumption within our house that we don’t account for.

Nilesh Mapara:
We think that we might be using five, maybe 10. When you come to think about it in detail, your IP consumption is way higher than you previously issued. And the visibility is a big concern for many organizations. Because the networks are not only growing in the size, but the underlying technology keeps on evolving. You have your legacy networks, you’ve got your OT, your IoT network, you’ve got physical, and virtual, and now we’re talking about cloud, how do you keep an eye on absolutely everything from a single pane of glass?

Nilesh Mapara:
The network team nowadays need a holistic view, a real time map to understand what fits where on my network, so they can go ahead and secure it. Every active IP in your network is a point on your attack surface. So you need a live real-time map of your attack surface to understand where is who and why are they there? Should they be there? If they are, how can I protect them?

Nilesh Mapara:
We did a survey in 2019 on the state of firewalls report, and 34% of the respondents said that they have less than 50% visibility. People move on from the network, they leave the company, they take the knowledge with them, the knowledge base is not updated, people are adding stuff to it, how do I keep an eye on everything? We need 100% visibility from a single pane of glass.

Nilesh Mapara:
Whether it’s on-prem, whether it’s off-prem, whether it’s somebody else’s network, we need the full visibility. And one of the most common issues I hear from my customers who are either planning on cloud adoption or are already there is around the speed of DevOps.

Nilesh Mapara:
The DevOps teams are spinning cloud machines at an alarming rate, which is great. They need to keep up with the growing business demands, which is what we are all here for. But their concern is, the test machines, because they have test machines and production machines, test machines left, forgotten, they never get deleted. There are rules that are allowing access for those test machines, and they get forgotten as well.

Nilesh Mapara:
And DevOps teams are not security savvy, their target is business and the delivery. How do we make sure that we are enabling them by giving them everything they need, but at the same time, from the security team, keep a full eye on what’s happening and secure everything that they do?

Nilesh Mapara:
Because step one of any security policy is full visibility. If you don’t know something’s on your network, you will not be able to secure it. And what’s worse, if you don’t know something exists on your network, it gets hacked into or it gets compromised, you will never be able to report it because you don’t know it exists in your network.

Nilesh Mapara:
And a time when we have been helping large organizations achieve full visibility for over 20 years, giving you absolute clear indication of who’s on your network, why they are there, and where exactly on the network they are, the three points of take away from visibility side is what are the issues on your network?

Nilesh Mapara:
First is true unknowns. A true unknown, by definition, means you don’t know about it. Within your network, somebody has created a small sub network that you are unaware you’re unaware of. If you’re unaware of, how do you expect an endpoint detection system or your any other scanner to find it? We have a patented technology that allows us to go out, learn from one segment, and move on to the next one, propagate into the next one, and that allows us to find you the true unknowns, build a huge index of your entire network.

Nilesh Mapara:
That also allows us to go into your infrastructure department. You might have to install systems, IP cameras, data entry systems. These sometimes get forgotten. I have customers who have the smart buildings with IPv6 enabled light bulbs that report on the consumption, but that’s still a valid IP address that is allowed to communicate on the network. You need to keep an eye on it. So the 100% visibility at all times, real-time maps, to see what’s happening on the network.

Nilesh Mapara:
And one of the lesser known ones, but really important one, is Leak Path analysis. A Leak Path is a stateless Layer 3 connection. Kostas was talking about firewalls misconfiguration and leaving access. That is the configuration side of the security. Look at the physical side of the security. A rule has been removed, but an RJ45 cable has been left connected in the data center. How do you account for that?

Nilesh Mapara:
Somebody removed 20 connections out of that, they forgot one they missed one. That one connection allows a Leak Path between two airtight segments. Unless you go through each and every cable, you will not know. But we have a solution to give you those Leak Path analysis that allows you to find segmentation breaches, or smoke tests that allows you to go out and figure out how many Leak Paths in your network you have.

Nilesh Mapara:
Because if you want to secure any segment or any network, first thing you need to remediate is Leak Paths, the Layer 3 stateless connections. And we allow you to hunt for those and remediate them. This is three points to take away from visibility.

Kostas Lotsis:
Great. Thanks, Nilesh. So I’m going to speed up a little bit here because we’ve got a lot of questions coming in. And obviously, we want to time to obviously answer the audience questions as well. So I think, obviously, complexity of existing infrastructure and cloud infrastructure, that can be daunting for some, managing that on and off-prem mix. You’ve only got a finite resource, you’ve only got a finite skill base.

Kostas Lotsis:
But certainly, in my experience, that transition to cloud can actually improve the security posture. I know several security leaders are often a bit pessimistic about the drive to cloud because, yes, you do lose some of that control, and you have to invest in other technologies to gain that visibility.

Kostas Lotsis:
But certainly, in my prior experience, sweating the asset and having a bit of a legacy data center with some perhaps unloved infrastructure and some old applications and perhaps even a mainframe or two kicking around, that transition to cloud, that transition to state of the art, that transition to being able to rebuild things overnight that don’t have to run 24/7 and stay constantly compliant, rather than what I call point in time compliant, which is, essentially, you get your infrastructure and applications compliant when they need to be, when the audits happen, and then obviously, it drifts away a little bit as I’ve tended to see. So being able to maintain that constant compliance and utilize the power of the cloud is really powerful as well.

Kostas Lotsis:
But obviously, we can’t move like for like, or certainly we shouldn’t. The old mantra of “garbage in, garbage out” truly plays out here. So, again, focusing on that simplification, I like to call it, you’ve got the spaghetti, if you like, in your on-prem that you want to move into your cloud. So you move spaghetti into your lasagna.

Kostas Lotsis:
So, in your cloud environment, you create very clear, very distinct layers, you zone them, you create the air gaps, et cetera, you get the security control that you can design in from the outset that you’ve always wanted to have. But you’ve struggled to create on-prem because obviously, you’ve got the constraints of legacy, which are always been holding you back. So it’s a great opportunity for security leaders.

Kostas Lotsis:
But I think the business needs to also drive transformation and actually sponsor the program. Move to cloud can’t just be an IT or a security driven initiative because you’re actually moving business applications. And so, many applications that have been in the organization for some time, they’re not actually “cloudable,” as I say, so you need to upgrade, you need to drive to the next version, or actually, you need to change vendors.

Kostas Lotsis:
And that can only be done with the business being involved, because actually, they’re users of that application, or they’re consumers of the output of that application. And for many, I see cloud described as a commercial model very frequently. Obviously the on-prem is very Opex-heavy, you have to make the capital investment and depreciate that over time.

Kostas Lotsis:
Cloud brings a lot of flexibility in terms of the commercial model. You can bring it up and tear it down when you’re not using it. But for many, that commercial model doesn’t materialize in terms of the savings, certainly in the short and medium term, and there’s a big reason for that. We never decommission legacy.

Kostas Lotsis:
So I see so many applications of various different versions in organizations, and we need to take this as an opportunity to remove that legacy risk wherever possible. So, yes, transition to cloud, yes, involve the business, yes, achieve those savings, but absolutely, once you’ve made that transition, let’s all focus on decommissioning the legacy at the same time.

Andrew Lintell:
Thanks, Bryan. So, in terms of the security control aspect when it comes to cloud, just referring back to the report I mentioned earlier on, the FireMon state of the hybrid cloud security report is something that we run annually, as they say, and this is a particular report that they’ve come up with something very startling for us on the cloud piece.

Andrew Lintell:
And that is particularly the response we had from the large quantity of submissions that we had back in order to compile the report in the first place, was specifically around how do you feel and what are you currently using in your cloud environment when it comes to a degree of control, where do you feel the responsibility lies in order to provide these controls, and exactly what are you doing as a company at this stage?

Andrew Lintell:
And what was very startling to us, particularly bearing in mind that the submission and the surveys that go out to our customers, but also out to wider industry groups and outside of the FireMon customer family, was the responses that we got specifically around it. And if I’ve just highlighted here of the responses that we have for this particular question, 75% of respondents that we actually have either had a minimal, uncoordinated, or no control in place when it came to their cloud environment.

Andrew Lintell:
Quite a startling majority of firm’s still struggling with either the sense of ownership or exactly what can I do in order to try and extend the plane of control that I have on my on-premise environments in the new networks out into my cloud environment at the same time, obviously, there are options. We have cloud specific solutions beginning to bubble up, and you can see that 11% and responders take that option.

Andrew Lintell:
And equally, you can outsource it to a managed security service provider, and they obviously have their own choice of how they do that. But in the main, right now, even though we’re in 2020 right now, it is still the largest kind of concerning problem with the acceleration to cloud that the current business environment has kind of promoted this year, even though it’s been building, it’s really accelerated, this is still a major concern.

Kostas Lotsis:
Great. Thanks, Andy. So, building upon that, and again, looking at the poll, so thanks to those that completed it, a whopping 54% of you are saying the biggest concern is lack of visibility and control. So, looking at that, obviously this helps break down in terms of who does what in terms of the responsibilities, and cloud as a term is very generic, it has several different options. I think, like ice cream, it has multiple flavors. But equally like ice cream, some of us like some flavors and we don’t like the others.

Kostas Lotsis:
So obviously you need to know what you’re getting into from a business perspective and deciding on the various different, whether it’s infrastructure platform, software as a service, whether it’s public cloud, private cloud, et cetera. So go into it with your eyes wide open and actually understand what you’re getting and why. And the reason for that is obviously, you play a greater or lesser role in securing that end-to-end infrastructure depending on what you procure or put in place.

Kostas Lotsis:
So you need to know that so you can dovetail your internal security into that of the external cloud provider to get that holistic end-to-end protection. And some, certainly not all, but some assume the cloud provider is going to take care of everything, and I think the graphic shows that that’s certainly not the case.

Kostas Lotsis:
What you do need is an absolutely clear cloud architecture and a full strategy that kind of says, “Well, what are we going to use our cloud environments for? Are we putting sensitive data in there? Does our regulators have to be informed? What security wrappers do we have to put around it? How do we zone it up so we can make sure that our data is pretty protected?” But obviously we might have some less secure applications that we don’t have to put as much security wrapper around that.

Kostas Lotsis:
So the objectives, in my perspective, has to be understand how you’re going to improve on the security that you have on-prem with your new cloud environment to really build that capability so you get that visibility, you get that control, but also, you get that governance and assurance from a security leadership perspective that it’s not the Wild West out there. And you understand what you’ve got there, you understand what stood up, what’s gone down.

Kostas Lotsis:
But really, I think the key takeaway from this is, the customer, i.e., you on the call, regardless of what the cloud provider is doing for you, you remain accountable for that end-to-end security, and that’s the key fact. If something does happen in that environment, you need to have shown that you’ve done everything you should be doing, but equally, you’ve got that governance and assurance over what they should have been doing for you as a cloud provider and that you can evidence that as well.

Kostas Lotsis:
And certainly, from my experience of using FireMon, they have great connectors into these cloud environments and they can get that real-time visibility view of what your cloud environment actually looks like, either through brokers or individually into the different environments. And the powerful thing that I’ve used is it actually gives you a good view of the vulnerabilities that are also in that environment so you can address them going forward.

Kostas Lotsis:
And I think we’ve all seen this slide or similar slides in this guide, but again, I think it’s very powerful. It kind of shows that, obviously, going forward, if complexity is less unchallenged. We’re going to have increased costs, we’re going to have increased risks.

Kostas Lotsis:
Of course, it’s largely static with small growth. That’s what I see in the client that consultant and give guidance to. there’s a perceived skills gap out there, of course. How easy is it to tap into talent? So most teams are growing capability by engaging external resources as well as having some degree of small growth internally.

Kostas Lotsis:
But what we see with the business is that transformation is accelerating. So, we have drives to digital, we have cloud, et cetera. And what this leads to is a complexity or equally a risk gap that continues to widen as that complexity actually grows.

Kostas Lotsis:
So, in my experience, what security teams need to focus on is, initially, is to reassess what are you actually accountable for as the security function, what are you doing, what is your team’s day-to-day jobs, and is that critically important for security going forward, or other components that can be offloaded to other areas of the business.

Kostas Lotsis:
They’re still important, but should they be performed in your team, and does that free up any of your very valuable resource? Can you retrain and reskill those employees to focus on these new challenging areas so that you can point them towards cloud or point them towards digital?

Kostas Lotsis:
We’re equally focused on workflow automation. We’ve looked at what can happen with heavy manual processes, et cetera, so remove as much of that as possible. But obviously, some will remain. Humans are still very important. We don’t want to end up in the Terminator world, et cetera. Humans play a very important role, but we should automate absolutely what we can to make our lives easier.

Kostas Lotsis:
I think as digital and cloud continues, this model is going to be ever present. I don’t see anyone doubling the size of their security team or tripling the size of their security team because the organization isn’t going to cloud. And CISOs therefore find themselves splitting their team into several different parts. So some of them are focusing on on-prem, some of them are focusing on off-prem, and until you’ve got that fully convergence of operations there, that will continue.

Kostas Lotsis:
And then you’ve got some teams looking at waterfall, perhaps a data center move, and you’ve got others focused on agile and DevOps been involved in the scrums and the daily stand ups, et cetera. So there’s a massive pull on that security resource. So, absolutely, we have to leverage the technology that’s available to us to make our lives easier and ensure we can use that precious resource to maximum effect.

Andrew Lintell:
Thanks, Bryan. So, as we moved to sort of wrap up the session here, it’s important that we’re also kind of looking at what are the things to consider, really. Well, we’ve already established from the poll, thank you for those of you that have voted, we are going to be closing that very shortly. So if you’ve not already done so, please do, and take the chance to put your submission in.

Andrew Lintell:
But what we have seen here extensively is that cloud represents a huge opportunity for companies to be able to be more flexible, to move quickly, and to have a degree of agility that they’ve not been able to necessarily have before. And in today’s business environment, that is obviously a very compelling reason to make the move.

Andrew Lintell:
As security professionals, it does represent a massive challenge, and increased complexity in the need for increased visibility that might not necessarily be there, and the speed at which cloud can be provisioned and deprovisioned or decommissioned. And ensuring that that is done in a framework, in a process, and done in a timely fashion, but at the same time, done in an auditable, compliant, and ultimately a secure fashion, is really the challenge.

Andrew Lintell:
I think, really, customers have to think if they are being challenged in these ways. I mean, the lack of visibility and control is by far and away the standout leader in the poll at the moment, 54% as Bryan has mentioned, you’ve got to really consider, “Well, changes ever present, it isn’t always on the function. So it’s important, I think, we need to start thinking strategically about how we can embrace that change.

Andrew Lintell:
But have a platform in place where you are able to control and have visibility across your network and of the policies, the devices, the topology, the network. And whether that is on-premise or in the cloud environment, you should be able to have that control and management plane available from the same place for the same teams to enable this ongoing maintenance and operation.

Andrew Lintell:
Assurance, of course, is a key element if you’re in a regulated market in particular, but nearly all customers have a form of regulation that they need to comply with. That doesn’t change just because cloud has involvement.

Andrew Lintell:
Operational efficiency now is probably higher on the agenda than ever before. The challenges in operating on a day-to-day basis, not physically being necessarily next to each other, and spread diversity across a wider territory, poses its own challenges.

Andrew Lintell:
So it’s being able to have this single platform that is able to reach into all areas of your network and provide the necessary information. And, of course, the ability to make change happen within your operational teams is incredibly important.

Andrew Lintell:
And the speed of security policy change that’s now required from the company, in order to maintain the right degree, the appropriate degree of security and regulation, at the same time, enabling business, and access, and all of the things necessarily that are needed to actually achieve business success in this current environment, very important. And the speed of how those changes to policies can be made, can be decided and implemented, is absolutely key.

Andrew Lintell:
So the implementation of these technologies and the coordination and the interoperability of the solutions that get provided, and understanding that the ownership really does lie with the company and with the customer themselves when it comes to understanding how the cloud can operate for them. That is absolutely critical moving forward.

Andrew Lintell:
So the choice of platform, very clearly, there are options out in the marketplace, and we at FireMon are able to help enterprise customers achieve these gains of being able to balance enterprise agility and business availability with the necessary needs of security at the same time.

Andrew Lintell:
So, with that, many thanks to the presenters. What we’re going to do now is open up and have a look at the questions that have been submitted, lots of questions. So we will try to allow ourselves a few minutes to go through them. So very much appreciate everyone attending. And thank you, again, for your responses to our online poll.

Andrew Lintell:
We’ll jump to the questions section. And I’ll open up the call again to my fellow presenters to go from there. So, team, let’s have a look at some of the questions we’ve had in advance. Actually, I think I’m going to start up, just got one here.

Andrew Lintell:
Bryan, it’s for you. And essentially saying, “From your work with clients, particularly in recent times, do you think significant amounts of this new infrastructure was tactically stood up perhaps without the same level of security or oversight as would normally be in case? And will it be retained once we return to normal or the new normal?”

Kostas Lotsis:
Yeah, exactly. So, I mean, I think it’s tough to describe what the new normal is going to be. And I think organizations have made a fairly significant investment to get to where they are through March and April. And I think some are actually finding that business can run in this model. We saw the CEO Barclays saying do they need this big global headquarters, et cetera.

Kostas Lotsis:
So I think there’s been a lot of focus on, as you say, tactical things being stood up, and obviously they need operational rigor wrapping around them. So, I think to a greater or lesser extent, they will remain. I think there’s been a large investment in remote access and not just the Citrix and the VPNs, et cetera, but enabling people with mobile telephony and laptop equipment, et cetera. And they’ve been bought as assets as an organizational perspective, which needs to depreciate. So I don’t think they’re going to ask for those back and just put them on a pile in a corner somewhere.

Kostas Lotsis:
So I’m personally hoping that the new normal is different to what the old normal was. I’m certainly not looking forward to getting on a half-full commuter train into London that’s packed and I have to stand up. So I’m hoping that it is kept, it is operationalized, it has got more governance and security wrapped around it, but the new normal is slightly different to what the old normal was, if you see what I mean.

Andrew Lintell:
Great. Thank you, Bryan. Nilesh, I see here that we’ve got a couple of questions around the visibility of the OT environment.

Nilesh Mapara:
Yes. So, as FireMon, what we do is we can zone out certain networks. OT is usually very, very, very sensitive. And we could keep it light touch. While we are doing in-depth analysis of your IP network, we could keep an eye on your OT with light touch. We have customers who are using it in this fashion where they have separated out the two networks stands, one is purely concentrated on OT network and giving them light touch, but full ability of OT network while keeping it high touch on IT.

Nilesh Mapara:
Also, I see another question that has come in for our cloud deployment. “Will AWS or Azure let you scan my cloud instance?” The answer is yes. We have AWS and assure certified connectors that allows us to scan your instance and nowhere else you can fit in your office, and a single pane of glass, and it will show you this is your instance, these are the machines spun up, these are the details and any security issues that pertain to those setups.

Andrew Lintell:
Right. Thank you, Nilesh.

Kostas Lotsis:
And also on the cloud, I believe there is another question here about if FireMon is available for AWS and Azure as a virtual addition. We have virtual edition for AWS and Azure. It’s not in the marketplace yet. However, please get in touch with our sales team, and we can provide guidance for basically deploying a virtual edition on the environment.

Andrew Lintell:
Thanks, Kostas. While we have you, there an interesting question here talking about microservices infrastructure. When we look at sort of the world of DevOps, we look at Kubernetes, Twistlock, et cetera, how does FireMon interact with research environments like that? How can we help?

Kostas Lotsis:
On this one, these are kind of highly agile environments. So we do have automation solution that can actually help you, and I think it’s an element for the further discussion here because the way that micro services infrastructure can be deployed can vary depending on the environment. So I think it’s a bigger discussion item here.

Andrew Lintell:
It evens up very nicely, doesn’t it, for our next call, actually, which we will be announcing details of shortly, which is specifically around automation. And when you look at the need for DevOps with the CD/CI, development cycle’s being so fast, and security, obviously, sometimes getting in the way. If it’s treated in a gated way as opposed to being an always on process that can actually slow down the release of code, which, of course, is the opposite of what DevOps are trying to achieve. So definitely a great question now and I think that’s something that we will cover in our next call in particular.

Andrew Lintell:
For the person who asked that, I would strongly encourage you to attend the next call, for sure. Okay, many thanks. Well, we’ve got lots of questions here, I don’t think we’re gonna have time to get through all of them, but we’ll try and respond offline to each of them.

Andrew Lintell:
The presentation itself and the recording of such is going to be available on BrightTALK shortly after this call has wrapped. But before we do that, let me just introduce you to the next call. We’re going to be running another series of three, really. This is the first. The next one will be really exploring how the role of automation can help you deliver security, speed, and agility probably a lot faster than people think.

Andrew Lintell:
Automation is a very kind of topical subject right now. It is part of the digital transformation strategy that, as we have already discovered, is now being lifted up the agenda with the recent turbulent times that we’re going through. And for a lot of people and for a lot of customers, really trying to explore, well, how fast could they get to a degree of automation that will help deliver value back to the company as soon as possible as opposed to something that maybe the value is realized at the end of the process.

Andrew Lintell:
And we’re very much looking forward to handling that call and taking you through the process and how we can help customers go through that, but also the challenges, things to avoid when considering any kind of solution. The invites for that will be shortly being released. And if you are registered for this call and attending, of course, then you’ll automatically be receiving one. And I would certainly welcome you there when we have that call on the 16th of June. And, again, we’re aiming for the same time, which is 10 a.m. UK time, 11 CET, and we certainly look forward to seeing you then when that time is upon us, which won’t belong.

Andrew Lintell:
So leaves me now to wrap up. Thank you to all of the presenters. Many thanks for attending. Thank you for everyone for attending in the audience, and for your poll contributions as well, and for your great feedback so far. So thank you. We are looking forward to doing more of these as we progress through the next couple of months.

Andrew Lintell:
With that, I shall bid you farewell. And thank you very much, everyone. Stay safe. And we look forward to seeing you soon. Many thanks, everyone.

Read more

Get 90% Better. See How to Get:

  • 90% EFFICIENCY GAIN by automating firewall support operations
  • 90%+ FASTER time to globally block malicious actors to a new line
  • 90% REDUCTION in FTE hours to implement firewalls

SCHEDULE A DEMO