With the rapid growth of cloud-native applications and kubernetes containers, new doors are also being opened to malicious actors, making data more vulnerable than before. In an interview, Ripu Bajwa, Director and General Manager, Data Protection Solutions, Dell Technologies discussed how cloud infrastructure as a Service (IaaS), which is being adopted on a much wider scale today, comes with its own set of pain points for Chief Information Security Officers (CISOs), the nuances of these challenges, and what CISOs need to do to address the same.
1) How is the adoption of cloud-native applications, Kubernetes containers, AI, and machine learning, leading to more malicious actors? Is data now more vulnerable with the adoption of these technologies?
Organizations are investing in a range of new technologies that are producing a massive data influx. Despite being an organization’s greatest asset, data can paradoxically become the biggest barrier and pose risk to data protection, organizations must ensure that their data protection infrastructure supports these technologies. However, leaders are still far from ensuring the appropriate skills and infrastructure to empower their organizations and IT teams.
With the hybrid work model, organizations also process complex amounts of data in environments where data is frequently exchanged from multiple touchpoints. Today, malware, ransomware and cyber threats have become more specialized and penetrative.
2) Studies show that Indian CIOs are expected to focus their cloud investment on IaaS. What are the challenges that these throw in terms of new challenges for monitoring, managing and protecting cloud assets?
IaaS is becoming the go-to choice for businesses of all sizes due to numerous benefits. However, it has its share of potential threats. Such as internal mismanagement, which is a big threat to securing infrastructure, especially cloud. While IaaS providers safeguard the infrastructure, corporations are accountable for the data they host. However, cloud service providers possess direct access to hardware networks, provisioning systems and authentication infrastructure. There could also be probable challenges that occur with the interaction of IaaS with existing systems. The complexity heightens the likelihood for errors and lastly, with differences in securing data across different fronts, threats can frequently attack separate entities, making data vulnerable for the public, organizations and the government bodies.
3) The term Cloud Security Posture Management (CSPM) was coined by Gartner, is it more than a marketing term? Can it ensure broader visibility to cloud infrastructure and assets?
CSPM helps secure data across cloud environments and acts as a security tool that checks for misconfiguration, gaps in cloud compliance and prospective breaches. It alerts a cloud customer upon identifying risk and initiates automated remediation.
Organizations currently lack the skills and IT infrastructure to amend a cloud environment, as revealed in the 2021 Global Data Protection Index study. With CSPM, organizations can ensure broader visibility to the cloud allowing them to extend their security practices to hybrid and multi-cloud processes. With greater visibility, response to risks, threat analysis and DevOps integration is made easier and secure. Data leaks and mismanagement of data in a cloud-driven environment can be prevented through CSPM, as it constantly monitors cloud infrastructure for gaps in security policy enforcement.
4) What is security orchestration, automation and response (SOAR)? Why is it critical now?
SOAR, coined by Gartner in 2017 essentially acts as an open platform that helps an organization automate their response to a cyber-attack or a threat to an attack by orchestrating the chain of actions. There are three key components of SOAR, which include, threat and vulnerability management, response to threat, and automation of security operations.
It includes pre-set guides that will lead individuals in the organization facing an issue, to take insights from the platform itself while resolving or dealing with an attack. The employees need not have data science skills to operate it. Recovery of data can be done in less time with aid from a SOAR platform while ensuring that the impact of the attack is controlled.
In SOAR, the response to an attack is automatically initiated when it detects an anomaly. Thus, it is able to reduce response time and control the damage caused by a cyberattack. This platform also has the added advantage of broader aggregates of security data from third-party sources and endpoints.