How Gigamon Helps Ensure Hybrid Cloud Security at Micron

As the global cybersecurity leader at Micron Technology, one of the top three semiconductor manufacturers in the U.S., I’ve been part of cybersecurity engineering and operations for the past 15-plus years as we’ve built our vision for cybersecurity strategy. In my role, I maintain the company’s worldwide corporate information security for hybrid infrastructures, security platforms and services, security engineering, and operations. Since we have many different sources of security data from multiple vendors and products, it’s critical for us to maintain visibility across the network, and Gigamon has been an important partner in helping us fine-tune our cybersecurity strategy.

During the recent webinar “Ensuring Security for Hybrid Cloud Companies,” I spoke with Martyn Crew, senior director at Gigamon, about how Micron Technology fortified our security posture as we rapidly scaled our usage of virtual and containerized environments to support new applications. Here are some of the important topics we covered.

Maintaining Visibility in the Hybrid Cloud

To start, Martyn asked me how we make decisions about platforming and applications when looking at a new workload. I explained that we establish our goals from a workload perspective in terms of what is most important for the organization.

We take a hybrid-cloud approach, where we deploy applications close to our manufacturing units, which gives us better control over how we run and scale the applications, as well as containerization requirements. It also helps us keep our data secure within our own data center boundaries.

As many of you already know, however, hybrid-cloud security maintenance is extremely difficult when it comes to leveraging policy enforcement consistency, as each platform has different levels of exposure and policy enforcement challenges. It’s no longer enough to merely look at the metadata from the network packets; these days, the data, and how it’s associated with potential threats, is becoming more important.

I explained to Martyn that at Micron Technology, we defined our cybersecurity needs from a controls and technology platform perspective. We require more visibility in these environments, and that’s why we’re leveraging partners like Gigamon to give us deep observability in both the private and private public cloud, as well as the on-premises data center.

Handling Encrypted Data

One of the specific cybersecurity strategies we’re now utilizing at Micron Technology, which Martyn and I spoke about next, is to leverage Gigamon Precryption™ technology to change how we handle encrypted data. As security ambassadors, we’re asking all the business units to start using top-grade encryption protocols for their communications, but that also creates some new challenges.

When you introduce encryptions, you’re also making it difficult to break in and look for sessions. We’re now using Gigamon Precryption technology in our private cloud so we can look at traffic before it gets encrypted or decrypted and send that traffic feed into our threat detection and response technology platforms. That gives us better visibility so we know what kind of lateral movement is happening within the environment.

Securing High-Value Assets in High-Risk Markets

Next, we discussed how to safeguard sensitive data. Micron Technology has 50,000 patents, so ensuring the right people have access into the right environments and the right data is critical. If you don’t have the visibility into who is accessing what level of data, it’s very difficult to define role-based access controls in those environments. We get a huge amount of visibility with partners like Gigamon.

The Role of VARs/Integrators

Martyn and I also talked about the advantages of using value-added resellers (VARs) or integrators to facilitate system deployment. For Micron Technology, we see value both pre- and post-process. Pre-process, integrators can help you refine your vision in terms of finding the right vendors that meet your business requirements, understanding the procurement and execution process, and ensuring interoperability. And post-process, they can help ensure that partners remain connected when running these implementations.

Micron’s Zero Trust Journey

Finally, we discussed Micron Technology’s Zero Trust journey. The underlying principles of the Zero Trust framework can be very different at different organizations depending on their priorities and objectives. At Micron Technology, we started our journey by identifying our business requirements — what we’re trying to protect and what we’re trying to accomplish.

Then we defined the approach in terms of applications, devices, identities, and workloads. Making sure we have visibility around sensitive business applications is an important part of the approach. In the next three to five years, we plan to target our business-critical applications and workloads and then create and evolve our frameworks and compliance around Zero Trust, as well as measuring and maintaining our approach going forward.