How multi-cloud visibility ensures business continuity
Article by Gigamon country manager for A/NZ George Tsoukas.
Today’s powerful digital applications often span multiple tiers running on various on-premises and cloud platforms. This can lead to a fragmented, inconsistent view of data in motion and visibility gaps and blind spots that make it hard to deliver a secure, optimal user experience.
New technology closes the hybrid cloud visibility gap by providing IT with a single, consistent view into all data in motion from layers 2–7 and east-west traffic across all platforms, including between clouds. This enables operations and security teams to ensure a positive, secure user experience and to optimise tools and traffic costs.
There are many ways that hybrid and multi-cloud visibility is beneficial, even critical, to ensuring application availability and business continuity.
One of the most common applications and use cases that we’ve seen for this capability is tracking the status of SSL/TLS certificates on the thousands of application and communication servers that make up an enterprise network.
At a business level, if a TLS certificate expires, it can take servers offline, leading to service outages, lost revenue opportunities, and reputational damage — which has happened in well-publicised incidents at organisations ranging from Adobe to Yahoo.
At the IT level, dealing with these fire drills is highly disruptive to IT operations and is very inefficient.
Of course, tracking TLS certificates is a complex process that is made even more resource and time-consuming by the sheer volume of certificates and keys, often as many as 50,000, that must be tracked.
Tracking expired, expiring, weak cypher, self-signed, or fraudulent certificates is very important and resource-intensive, making it a natural candidate for automation. Yet, as the hybrid network becomes ever more complex, so does automating this process.
Let’s take an example of an organisation that has decided to create a TLS certificate traffic app on Splunk running on AWS. This app needs to get its tracking information from servers in the public cloud, private cloud, and multiple on-premises data centres.
Ideally, this TLS tracking information should be sent as metadata to Splunk to minimise traffic flow and consumption-related costs.
While this process is easy to describe, it’s much more challenging to develop and implement. To approach it from scratch, IT would need to build a pipeline capable of logging in to each of the thousands of servers in the enterprise to check on the TLS certificate, and then report alerts of those that are about to expire, are self-signed, have weak cyphers, and so on.
As a result, there are many TLS certificate management solutions available. However, many of these are platform-specific, resulting in hybrid or multi-cloud enterprises running multiple certificate management solutions. This could lead to these companies being unable to easily gain a single view of their situation.
With the right technology, this process can be radically simplified. A fabric manager provides a single view into all hybrid platforms and is tightly integrated with cloud-native visibility tools, including AWS Traffic Mirroring, VMware ESX and NSX-T, Nutanix Flow and Prism, and OpenStack Tap as a Service.
This means that our solution has visibility into certificate status and can feed this into a tool like Splunk to automate the management process, saving significant amounts of the ops team’s time, heading off fire drills, and protecting the enterprise against outages.
For anyone wanting to deploy a TLS tracking app on Splunk, it’s much more efficient and potentially less expensive to send this data to Splunk as NetFlow metadata, not raw network packets. Specific new technology can make SIEMs like Splunk much more powerful, efficient and actionable by providing metadata collected from Layer 4 through Layer 7.
Using application intelligence, it’s possible to extract any of 5,000 application and network metadata attributes, including critical attributes related to TLS certificates. By sending the correct metadata information to our TLS Tracking app in Splunk, IT teams can quickly identify weak cyphers and expired or soon-to-expire certificates.
This is a practical example of the benefits of using advanced tech and a metadata intelligence application to automate a resource-intensive process and one that, if not correctly implemented, can have adverse effects on application availability and business continuity, and ultimately on customer and user experience.