The platform driving secure migration to cloud and hybrid environments
By Splunk
Raen Lim, Group VP of Asia from data platform leader for security and observability Splunk, explains the intersection between the cloud and cybersecurity, and how governments can best navigate the two.
Easily secure your cloud and hybrid environments with Splunk’s Observability platform, which grants organisations end-to-end visibility. Image: Canva
In the United States, federal cloud spending has increased annually since 2016 across all government agencies, according to consultancy and advisory corporation Deloitte. On the other side of the world, Singapore also announced its plans to move 70 per cent of eligible government systems onto the cloud by 2023.
But while the cloud brings with it many perks, there remain concerns and challenges surrounding cloud migration, chief of them being: does the cloud compromise security? GovInsider speaks with Raen Lim, Group VP of Asia from data platform provider Splunk, to learn more about these challenges and what public sector agencies can do to overcome them.
1. Governments today are migrating to the cloud in troves. What are some of the security challenges this can result in?
Three key challenges can crop up in the cloud migration process:
1. Increased complexity of the security landscape
Cloud migration expands attack surfaces, data sources and extends the points of entry for threat actors. Furthermore, cloud providers themselves can pose a potential security threat if the cloud infrastructure is not properly configured, which can allow threat actors to gain illicit access to the cloud platforms.
Hybrid environments in particular can pose a challenge, as there is limited visibility across IT environments, infrastructures, and application performance. This makes it more difficult to monitor attack surfaces.
To make matters worse, cyber attacks are getting faster and increasingly sophisticated. Our latest ransomware research revealed that the median ransomware variant can encrypt nearly 100,000 files totalling 53.93GB in under 45 minutes. Once encrypted, ransomware threat actors can limit access to the files and demand a ransom for organisations to regain access. This means that organisations only have an average time of 45 minutes to detect and respond to ransomware threats.
To maintain security in a hybrid cloud environment, organisations need an end-to-end view of user identity and behaviour at every application and database access point. This visibility reveals unauthorised access, threat and attack locations, as well as privilege changes.
2. Data fragmentation and blind spots
Many public sector agencies today still rely on legacy infrastructures, but this comes with data silos and blind spots across departments that can be hard to break down.
The proliferation of tools within and across teams, as well as across technology environments (including on-premises data centres, multiple clouds and the edge), leads to data fragmentation and blind spots.
This translates to poor visibility between teams and impedes their access to data across the organisation, which can hinder efficiency. IT teams, for example, may need to access app performance data across multiple departments to identify if there are potential issues. Without an overview, they would not be able to quickly analyse the data needed to make decisions and take action quickly.
3. Tech talent shortage
Security teams are facing widening talent gaps, especially as demand increases with a rising number of cyber attacks. Many organisations have been directly impacted by data breaches and costly ransomware attacks, which have left security teams exhausted.
In our State of Security 2022 research, we found that 44 per cent of Singaporean organisations saw hiring and retention as key challenges to addressing their cybersecurity skill shortages, compared to 22 per cent globally.
Cloud complexity and tool sprawls have also made the work of cybersecurity teams more difficult, creating burnout among operations teams. Globally, 73 per cent of respondents shared that burned-out colleagues have left their jobs, according to the State of Security 2022 research.
Governments need to invest in solutions that offer automation and orchestration so that teams can leave tedious work to technology while they focus on higher-value tasks.
2. How can public sector agencies then address some of these security challenges?
Security is a data problem: Taking in all data in real time, analysing and then prioritising them eliminates blind spots that can create security vulnerabilities as well as hinder investigation and resolution. With end-to-end visibility, organisations are able to monitor for threats in one place, simplifying and strengthening their security posture.
The ability to rapidly investigate across entire tech stacks also allows for fast investigation that can lead to quick response times, minimising impact from security threats without compromising on citizen experience.
Splunk’s security platform can help organisations remove data silos within agencies, to ensure security teams can access and analyse data across departments to identify potential threats.
Splunk Security combines security information and event management; security orchestration, automation and response; user behaviour analytics and threat intelligence to help organisations stop threats in their tracks, find bad actors, and resolve incidents quickly. Through this, organisations can increase the efficiency of security operation centres, improve productivity, and strengthen security posture across multi-cloud, hybrid environments.
3. Besides security, how do data-driven insights benefit organisations in other ways?
Governments need to make decisions and act in real time. Besides security, IT and development teams must also be able to take in data at scale and from any source to enable monitoring, troubleshooting and action. Agencies can't wait minutes to see if they are having issues, given the on-demand nature of cloud-native technologies.
Splunk provides customers with an end-to-end contextual view of their data across multiple data sources, and the analytical tools to rapidly identify what matters. In other words, we remove the barriers between data and action, generating data insights that could fuel innovation in the areas of product or service development, operational efficiency or citizen experience.
Additionally, the Splunk Observability platform provides application performance management and AIOps as well as infrastructure and digital experience monitoring to provide full-stack visibility. This allows agencies to improve customer experience, innovate faster, and run services with greater resilience, scale and efficiency.
4. How has Splunk’s Security and Observability platform helped public sector organisations in their digital transformation so far? Can you share an example?
Globally, numerous public sector organisations use Splunk’s security, IT and observability solutions in their digitalisation journey and to make confident decisions.
As an example, in Asia, we helped the Government Service Insurance System (GSIS) in the Philippines improve the efficiency of their security operations. The GSIS is a corporation that offers social security, insurance and financial benefits such as pension funds, retirement schemes and loans to 3 million active and retired government personnel and their dependents.
By using Splunk’s platform, the GSIS’s security operations team of four no longer needs to toggle between over 20 different security applications. Instead, they can now use a single Splunk dashboard to gain visibility into the whole organisation’s security posture while maintaining successful operations during remote work amidst the pandemic.
Splunk supports government agencies worldwide and has over 2,400 partners and professional services that meet agencies at various levels of their digital transformation and cloud migration journey.
Learn more about Splunk’s Security and Observability platforms at GovWare! Catch them at Booth R22 to find out more.