Justice Anyai, CISSP CCIE, is a senior security architect and evangelist for Check Point Software Technologies. In his current role with Check Point, he helps organizations to architect, design and optimize security and data center-based IT solution across heterogeneous and complex environments. He is also one of Check Point’s cloud subject matter experts, driving digital transformation via cloud security adoption with enterprises and telco-based customers and organizations.
In this interview, join Justice Anyai as he discusses cloud security threats, challenges, automation, best practices and more. This is exclusive, premium content that you won’t want to miss!
How are cloud security threats different from traditional security threats?
It is no news that the threat landscape has recently seen the most sophisticated threats to have impacted organizations in the last few years. These threats have extensively targeted cloud based infrastructure. Cloud security threats are usually very sophisticated in comparison to traditional security threats. The impact spectrum is usually wide, as cloud threats target the most commonly adopted cloud and IoT based platforms. They are also stealth in nature and very difficult to identify compared to traditional threats, which are signature based, and can easily be identified by traditional security solutions. So there is a huge difference between cloud security threats and traditional security threats in terms of sophistication and mitigation steps that can be employed. The increase in cloud adoption and the many attack surfaces that the cloud presents make cloud security threats complex and hard to defend against.
How do cloud threats differ across industry sectors?
Cloud-based cyber security threats are industry agnostic, the same way cloud infrastructure deployment models and methods are similar across the board. Every organization that has adopted some form of cloud would be using any of these service models; IaaS, SaaS, PaaS or cloud native services like microservices, containers and kubernetes platforms. The threats faced by these cloud deployment models span across all industries. The defense methods that should be employed by the different industries against these threats are a factor of a given organization or industry’s risk appetite.
What are key challenges for cloud?
One of the key and major cloud challenges is security. Security in the cloud is a totally different ball game in comparison to securing on-premise infrastructure. The speed at which workloads are deployed in the cloud and the dynamic nature of cloud-based services pose a huge security challenge. A new way of securing these cloud-based assets is needed.
Complexity is another major cloud challenge. Most organizations will be adopting multi-cloud strategies; using more than one cloud platform, hybrid deployment models and running cloud-native solutions. Mistakes within these complex platforms will be inevitable. Automating day-to-day operations, processes and security will go a long way to address these concerns. The skills shortage is another key cloud challenge. IT professionals will need to up their skills to support the new cloud platforms, even as the technologies change and evolve.
Are there security standards for cloud computing? If so, who issues these?
There are security standards for cloud computing that can be leveraged to better ensure that the right risk management practice and controls are in place to secure any cloud-based environments. The two major bodies that produces these standards are the International Organization for Standardization (ISO) and the United States government, which operates the National Institute of Standards and Technology (NIST). A series of cloud computing publications can also be leveraged by cloud customers.
How can automation either help or hurt when it comes to cloud security?
Automation is the answer to a lot of challenges when faced with the operation and security of complex cloud-based infrastructure. The death of the perimeter, the ephemeral and dynamic nature of cloud-based services, and the speed at which changes occur within cloud-based environments gives security professionals little or no room for static security controls. If security is to be effective and proactive in the cloud and slated to be a business enabler, automation is the key. Automating cloud infrastructure deployments and management will also enable business agility. The drawback to this is that new concepts and cloud automation tools have to be adopted by organizations going forward.
What are cloud security best practices that can be applied across industries?
There are some industry concepts and best practices that would be helpful to organizations, assisting them in building a more cyber resilient cloud architecture. One of the most widely adopted is the zero-trust model. It introduces the concept of never trust, but verify first across your cloud infrastructure. Security automation is another best practice, as it will ensure proactive responses to threats, from development to runtime, specifically addressing code deployment in the cloud-based environment. Segmentation is another very important best practice to ensure that the blast radius of any attack is minimal– helping to contain any threat.
In 2021, what should business leaders think about in relation to cloud?
I think business leaders should be thinking about how to leverage cloud native technologies to transform their businesses. 2021 is the year of cloud native technologies and every organization that wants to transform should be thinking cloud native.