With more than twenty-years of marketing experience, Trisha Paine is currently the Head of Cloud Security Product and Program Marketing at Check Point Software Technologies, which acquired Protego Labs in 2019, where she led marketing. Previously, she led the marketing team, as CMO for ConnectYourCare, one of the largest providers of consumer-directed health care solutions. Trisha holds her B.S. degree in Marketing Management from Salisbury University; an M.B.A. and J.D. degree focusing on Business and Intellectual Property Law from the University of Toledo, and is currently licensed to practice law in the State of Maryland. 

In this two part interview series, Trisha Paine will discuss cloud-related security issues that many businesses currently face. From complexity, to costs, to automation, this interview provides premium cloud security insights.

What cloud computing developments are you most enthusiastic about right now?

To say the world has evolved is an understatement, and this holds true for the cloud as well. We have gone from hosting infrastructure in the cloud, to now developing new microservice applications at accelerated speeds.

And with these new cloud services, applications are being broken down into finite components or pieces; you have containers, you have serverless, you have all of these new technologies that mean an evolution as to how we can address cloud security for different applications.

Developers can now leverage new mechanisms, like serverless function and containers, to bring applications to market faster than ever, and to save their companies money, while reducing overarching operational complexity. But with this evolution there are security implications and considerations that companies are not sure of where or how to begin.

And this is where I am the most excited to be a part of Check Point, as we are in the position to help these companies with this migration, and to advise them on how to best secure, and optimize, these new applications and services.

How has the appetite for cloud-based risks changed over the past few months?

That is an interesting question, as risk aversion has always been a critical barrier, but in many cases now, those risk averse organizations no longer have a choice if they want to survive. Cloud adoption has been growing at historic rates, even leading into in 2020. But when it comes to the pandemic, cloud adoption has accelerated faster than ever before, and faster than anyone had expected.

When you look at the cloud providers, like the AWS’s of the world or Azure, their growth increased by 47% quarter-over-quarter in Q1 alone, largely due to the pandemic and organizations needing to accelerate their cloud adoption and spring up new infrastructure, applications and services.

The challenge at that point in time, was that organizations who were more risk averse and late adopters when it came to cloud deployments, were then forced to adopt new cloud models to address the needs of their remote workforces. And because of the velocity of change in organizations, there were unfortunately many security gaps as a result. So back to your question, it is not that their appetite for risk changed, it’s that they were forced to accelerate faster, and now we are working with them to optimize their cloud deployments and to establish best practices to address any cloud security gaps.

Have there been issues with availability or scalability of cloud services amidst the pandemic?

When it comes to an unexpected demand on an infrastructure, you are going to have points of stress that may cause issues of availability and scalability. But that is the beauty of the cloud so you can scale up as demand increases. The cloud providers have had to manage their own infrastructure to address these high demands and needs of scalability and availability. And this is what makes the cloud so beautiful, it is theirs to manage; they are the experts.

Just imagine the demand on these massive infrastructures with the rapid adoption of large teams using video chats, all happening overnight. Or the number of classrooms that are being forced to connect virtually. This puts immense pressure on the cloud providers. However, they’ve handled it very well.

Because of the nature of the cloud, providers have been able to quickly scale their infrastructure, and organizations as a result have had fewer issues with scalability and availability than people might have imagined.  In fact, the cloud has aided our world and has even helped us to prosper, amidst a tragic pandemic.

More organizations are relying on multi-cloud services. How can leaders improve control over these environments?

So, it’s interesting. Check Point issued a survey this year for cloud security, and what we found is that 68% of organizations have two or more clouds that they manage. This causes a lot of complexity, as it’s double the cloud, more assets and resources to manage, in more places, and a lot of times, organizations lose visibility, security and control. It is important to emphasize that having multiple cloud providers is not a bad thing. Organizations chose more than one provider for a multitude of reasons= different business users may have different requirements, which may require different cloud environments. The key to saving your sanity is centralization.

To pull the management of those clouds into one single pane of glass is really important. So you have one place where you can manage all of your clouds, all of your assets. You have the ability to see what is happening across your assets and regions, see who is accessing your resources, and have the ability to centrally detect, analyze, and remediate threats. So the more that you can pull into a single system, the easier it is for your leaders to maintain control, regardless of your cloud.

The multi-cloud has increased complexity and costs. How can organizations keep costs down?

This is a conundrum many organizations face, whether is from the consumption costs or the operational costs from managing multiple clouds.  This is where centralization and unification across your providers is because important. If you can consolidate the security management for all of your providers, you can address the cost and complexity from a security perspective- thing like setting up security guardrails to help aid in security deployments, visibility and intelligence when it comes to threats, and the ability to address security gaps and issues before they become costly problems. This means that you can cut down on your breach exposure. If you’re able to detect a breach of a vulnerability, you’ll get an alert early on. So you’ll have more time to resolve that breach, which, in essence, helps you from a management ops perspective later on, down the road. Similarly, if you’re able to manage your utilization and consumption in one platform, it helps. The more you can unify, the better, from both an operational cost and security perspective.

What should organizations consider in relation to their own cloud security?

When you are an organization used to traditional development and IT practices you often had long development cycles where things were staged. You had a developer who created the code, and then it went to the compliance and security teams before it went out to market.

Well, in the cloud, it’s different, right? In the cloud, people move fast. Things are agile. Organizations need to scale at infinite paces and instantaneously. The key to staying organized in this environment is automation. The more that you can automate into your business’s process into your DevSecOps culture and your development culture, the better it is for you to have control over your security. So automation is critical in enabling people to “own” their cloud security and also to be able to scale it in accordance with business needs.

You also need to look at things like whether or not a security vendor will be able to adjust and accelerate your cloud needs in the future. So if you’re using containers today, and you want to do more microservices in the future, does the organization have the ability to grow with your business and to address your security concerns? Where does the vendor pull intelligence to help your organization thwart, identify and address threats? Is their solution smart, AI based, or does it rely on human input? You need to look at the holistic solution and make sure it addresses your organizations needs now and in the future and in context.

Did you find this interview informative? Check back for Part 2, next week.