EXECUTIVE SUMMARY:

With more than twenty-years of marketing experience, Trisha Paine is currently the Head of Cloud Security Product and Program Marketing at Check Point Software Technologies, which acquired Protego Labs in 2019, where she led marketing. Previously, she led the marketing team, as CMO for ConnectYourCare, one of the largest providers of consumer-directed health care solutions. Trisha holds her B.S. degree in Marketing Management from Salisbury University; an M.B.A. and J.D. degree focusing on Business and Intellectual Property Law from the University of Toledo, and is currently licensed to practice law in the State of Maryland. 

Did you miss part 1 of this series? Click here.

What are the top “weak links” for CISOs to be aware of when it comes to cloud?

Truthfully, it’s your own people. Believe it or not, industry analysts believe that through 2025, at least 99% of security failures will be the customer’s fault. That’s huge. Many of these threats and issues tie back to speed and scale. You have teams developing new instances and new codes at a rapid pace and threats and issues get missed or left behind. Maybe an application is deployed that is overly permissive, for instance, and you’re giving someone too much access to something, which can have a vulnerability. Maybe someone’s bringing in open source code, and that code has vulnerabilities within it. It’s important for the CISOs to standardize and automate cloud security as much as they can so that they do not impede business and slow down progress.

Establishing guardrails, and creating a strong DevSecOps culture, where security is built into those workflows automatically, is critical.

What kinds of cloud threats should organizations watch out for right now?

In the first quarter of 2020, media outlets reported that large-scale breaches increased by 273%. A lot of these were dealing with ransomware attacks, phishing attacks, brute force attacks…etc. And, we’re still seeing a lot of these types of attacks right now, especially as the holiday shopping season continues.

But it is important to note that there are additional vulnerabilities that could impact your organization that are completely innocent. We mentioned earlier how open source API codes, while helpful for teams to use, can be riddled with vulnerabilities. All that needs to happen is for someone to harmlessly use that code for an open door to be created, or maybe it’s a permissions issue that gets overlooked.

To help with these difficulties, we should be leveraging security scanning tools throughout the lifecycle of our applications, and across our cloud infrastructure, to make sure we are addressing any types of security or compliance posture issues, and so that we can remediate any threats.

It is also important to leverage technology that is “smart”, intelligent, and can identify threats in a non-binary, contextual way from multiple inputs. This will help reduce alert fatigue and allow you to focus on the security issues that matter before they could potentially become big problems.

How can organizations ensure that they’re prepared to handle modern cloud threats?

If I had to give my top recommendations it would be as follows:

• You need to make sure that you have an enhanced tool in place that can integrate with your multi-cloud environments. Make sure that it is centralized so that it can provide the visibility, and intelligence needed to see what’s happening across all of your cloud environments.
• You need to have tools that can help you manage not only your public cloud environments, but your hybrid and private cloud environments as well. This will allow you to have a more seamless migration path across your environments and create greater versatility for your future cloud needs.
• In addition, you need to establish guardrails to ensure that instead of impeding business for security, you’re enabling business through enhanced security. Really focus on that DevSecOps culture.
• Lastly, you need to make sure that the tools selected provides for automation. The less humans have to do on the backend, the better. Let the solution automate as much as possible, based on the security parameters that were set and learned behavior, so that the human intelligence can focus and take action on the important alerts.