Executive Q&A: PJ Kirner, Co-Founder and CTO at Illumio

Share
PJ Kirner, Co-Founder and CTO at Illumio, spoke to Cyber Magazine about the development of the company and how people can deal with cyber risks

Can you tell me about Illumio? 

Despite record security spending, we continue to witness catastrophic breaches and ransomware attacks on a regular basis – reaffirming our position that the market is approaching cybersecurity wrong. The only way to achieve true cyber resilience at scale is through a Zero Trust-backed approach that focuses on containing attacks and isolating breaches.  

In 2013, when Andrew Rubin (CEO) and I founded the company, we were in the early innings of the rise of microservices and the cloud, enabling more connectivity and dynamic IT environments. The attack landscape was changing, the perimeter blurring, and traditional firewalls and perimeter-based security alone were no longer enough to defend against breaches. We decided to focus on creating a solution designed to stop the spread of breaches inside the perimeter.

Today, Illumio’s Zero Trust Segmentation platform is a modern security approach designed to stop the spread of breaches, ransomware and other attacks by isolating workloads and devices across the hybrid attack surface – from clouds to data centres to endpoints. Illumio’s Zero Trust Segmentation approach is based on the ‘assume breach’ principle of Zero Trust, enabling a scalable way for organisations to understand and manage communications between workloads and devices, create policies that reaffirm least privilege practices, and enforce perimeters across the hybrid estate. 

What is your role and responsibilities at the company? 

As Illumio’s Chief Technology Officer (CTO) and co-founder, I am responsible for understanding technology innovation trends and articulating and evangelising them both internally and externally. Internally we provide technology, vision, strategy and guidance to the product and engineering teams to both challenge and support them in delivering innovative products, aligned with our customers’ current and future needs. Externally, we collaborate closely with current and prospective customers to understand their challenges and advise them on how to use our products most effectively in alignment with the industry trends.

Over the years, my team and I have built and adapted the Illumio Zero Trust Segmentation platform to accommodate and cater to a variety of IT estates from large to small, as customer needs have evolved. Since our initial inception, which prioritised Zero Trust Segmentation at the workload level (with Illumio Core), we’ve since expanded our offerings. Today, organisations can use Illumio ransomware mitigation and segmentation solutions to see risk, isolate attacks, and secure data across cloud-native apps, hybrid and multi-clouds (with Illumio CloudSecure), data centres, and endpoints (with Illumio Edge).

Additionally, a large part of my role comes from having conversations with customers, colleagues and industry peers. Especially as the business expands and changes over time, I have a responsibility to evolve with it – to adapt my technological strengths and ensure we are bringing to market innovation that not only meets but exceeds our customers’ changing needs.

What is one of the best pieces of advice you have ever received?

A mentor once shared an architectural principle for distributed systems: “centralise what you can, distribute what you must”. It’s an evergreen principle, because as the technology landscape changes the “can” and “must” parts of an architecture change and develop. But what influences me more is that it’s a statement about balance, where we’re caught between these two tensions pulling us between these two extremes.  

What I believe a good technologist does is understand the pros and the cons, the shape of a technology, and where it fits in a larger picture. A good technologist must also be aware that this tension changes the technology landscape. It’s not enough to see the landscape, you must see how things are going to change - technology disruption can be anticipated or even taken advantage of if you can find that balance.

What is a Zero Trust architecture and how can it benefit businesses?

According to Forrester, “Zero Trust is not one product or platform; it's a security framework built around the concept of ‘never trust, always verify’ and ‘assuming breach.’” 

Zero Trust has gained traction over the years, and it’s exciting to see that interest is increasingly moving to industry-wide adoption and acceleration. According to research from ESG, 90% of IT and security professionals agree that advancing Zero Trust strategies is one of their top three security priorities for the year, and 39 percent of all security spending is earmarked to advance Zero Trust initiatives in the next twelve months.

Over the past 24 months in particular, Zero Trust has become increasingly recognised as a best practice for bolstering business resilience in the midst of an unrelenting threat landscape. It’s become clear that no matter how much organisations spend on prevention or detection technologies, they will be breached; that’s the reality of the world we live in today. Instead, modern organisations must start thinking about limiting access, minimizing the blast radius, and simply making it harder for attackers to reach crown jewels from the start. That’s the problem Zero Trust, and Zero Trust Segmentation, is custom fit to address. 

How can companies identify and deal with cyber risks? 

End to end visibility across hybrid infrastructure is central to dealing with cyber risk. Ultimately, you can’t protect what you can’t see. Security teams need real-time understanding of the communications happening across the hybrid estate to accurately manage and minimise threat potential. With modern solutions like Zero Trust Segmentation, visibility (in the form of data points) can better inform security teams and business leaders of what’s happened in the past and what is happening across the IT estate now, helping teams anticipate what security risks could emerge in the future.  

Additionally, organisations must put “assume breach” into practice. Identify and secure your most critical assets by building Zero Trust controls and policies around the pathways that are most at risk. Make sure you’re putting least privilege protocols in place proactively (this is where Zero Trust technologies like MFA and SSO can help), and leverage tools like Zero Trust Segmentation to contain threats and minimise business impact post-breach.

Lastly, account for scale – because as your business grows, you can expect your threat landscape will widen as well. As you build out your Zero Trust plans, ensure that you’re accounting for solutions that enable business growth while limiting risk exposure.

What do you see as being one of the top emerging cyber trends this year?

As organisations continue to integrate cloud and data centre ecosystems or move to hybrid cloud environments, the risks presented by this dynamic, complex IT landscape are becoming more prominent. In the past two years, 76 percent of organisations have suffered a ransomware attack and 66 percent have experienced at least one software supply chain attack.

Anytime there’s surface between two distinct infrastructure types, understanding and securing the middle area between the two is a serious challenge. Right now, people are uncovering more risks in their hybrid/multi-cloud environments than they first realised, and this will continue to be a key concern moving forward.

Additionally, despite new trends and cyber concerns constantly emerging, we know that ransomware attacks (44 percent), supply chain attacks (48 percent) and zero-day exploits (46 percent) are still keeping security practitioners up at night. Tried and true exploitation efforts like these will continue to be a trend for the foreseeable future, though their tactics will evolve. And sometimes just practical cyber hygiene is what is needed.

What can we expect from Illumio in 2022? 

As more customers, partners and organisations increasingly look to Zero Trust to bolster cyber resilience, it’s rewarding to see the vision and promise we had for Illumio nearly a decade ago taking shape in the market today.

Our advancements in the market in 2022 will continue to evolve. We are ever learning from our customers about the challenges and the successes they make in adopting the organisational changes necessary for a successful Zero Trust journey. We strive to find new approaches and techniques for minimising risk on the way to achieving your Zero Trust goals, making our technology even more seamless and easy to deploy, focusing on enhancing the user experience, bolstering relationships in the channel and catering to mid-market customers. 

More than anything, our goal in 2022 is to enable more businesses, across industries and of all sizes, to harness the power of Zero Trust Segmentation to bolster business and cyber resilience.

 

Share

Featured Articles

Resilience: Firms Fail to Grasp Cyber Financial Impact

Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

Darktrace Reports 692% Surge in Black Friday Cyber Scams

Cyber Security

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI

Gen Reports 614% Rise in Command Prompt Manipulation Scams

Cyber Security