Antonio Amador joined Check Point in 2015 as Country Manager for the northern part of Latin America and has more than 25 years of experience in IT and in the cyber security space.  His team has been recognized as worldwide leaders in the promotion and adoption of secure digital transformations in their region. Former employee of Imperva, NeoSecure, Microsoft, HP and Carvajal, Antonio is an electronics engineer with complementary studies in business administration and MS degree in sustainable development projects. Antonio is author of multiple essays, scientific articles for a sustainable cyber security and is a speaker in different IT forums.

In this interview, Antonio Amador shares exceptional, in-depth insights into the world of cloud security. See what he has to say.

How is the cloud threat landscape changing and evolving?

The cloud serves as a fundamental pillar of computing architecture, ensuring business continuity and sustainability. Increased reliance on cloud was accelerated by the coronavirus pandemic. The cloud’s diversity and flexibility are undeniable. However, cyber threats and cyber attacks have also migrated to the cloud.

We are facing a global cyber pandemic: ransomware attacks have increased 62% in the last year, and more than 100% in some regions. Malware is becoming more sophisticated, targeted and diverse in its variants. The cloud and its supply chain are no doubt attack surfaces with high potential for criminal success.

What cloud-related challenges are you seeing across organizations right now?

First of all, we must understand that the cloud is already an integral part of business. Use of the cloud means taking risks. These risks are associated with inexperience, lack of awareness, lack of visibility and control, the diversity of cloud services and their consumption models, the speed with which they are implemented, and the human factor. These elements combine to create a perfect setting in which cyber attackers can achieve their objectives. They know this and have the tools, time, financial resources and structure to act accordingly.

How are new cloud developments changing CIO, CTO and CISO responsibilities?

Today more than ever, adoption of the cloud, as well as the changes resulting from the digital transformation, require leaders and those managers responsible for digital strategy in the organizations to work more closely with their teams. They also need to strengthen their relationship with the business and to be more flexible and agile in the decision-making process, proposing new formats, and increasing efficiency. The primary objective of their organization should be to offer a positive experience to the end customer.

What types of cloud security questions should organizations ask themselves?

The natural question is, “What can and should go to the cloud?” Once defined, it is understood that the organization is willing to assume certain risks; the next step is to adequately resolve how to mitigate those risks from the human, business and technology perspectives.

What are the best ways for newly remote organizations to improve their cloud/cloud security infrastructure?

From experience, I believe these aspects are essential:

  • Be specific in the responsibilities of technological assets; a clear and precise SLA.
  • The cyber security approach must be preventive. It is useless to react. Zero trust is a recommended practice.
  • The security architecture must be flexible; the cloud of today is not necessarily that of tomorrow. Investment in cyber security must be protected.
  • Consolidating, automating and managing processes is imperative to be able to respond to constant change in a timely and cost-effective way.

How can organizations ensure the security of their supply chains’ clouds?

From a practical approach, it should be as follows:

  • All technology adoption must be implemented preventively in all security layers.
  • There should be a clear access control policy based on the user, not on the device.
  • All data must be encrypted.
  • Cyber security management should be simple and unified for private data centers, public or private clouds, or a mix of these.

Are there accepted cloud security frameworks upon which organizations can build their programs? 

Yes there are, and there are many, ISO27001, NIST, IEEE, SOX, COBIT, ITIL, etc., multiple academic organizations, public and private, that have become concerned with best practices for implementation and management, even focusing on compliance with industry standards on data protection, such as GDPR, HIPAA, PCI-DSS. In particular, I think that each company should adopt and adapt the best practices inherent to its capacities and business processes.

What should organizations look for in a cloud security service provider?

Preventive approach, flexibility in implementation, agility, automation and simplicity, management of services, policies, cyber security vulnerabilities. Whatever they do should always be done in real time.

Automation is an essential aspect of being cost-efficient. I suggest always testing it, as there are multiple easy and simple ways of measuring a provider’s capacity before progressing.

What are your predictions regarding the future of cloud and cloud security?

Growth of multi-cloud and hybrid environments will mean expansion of cyber threats. The cloud will be fundamental in the development of 5G and it is, I believe, in the Internet of Things (IoT), artificial intelligence, and automated learning, which means a greater surface of risk. Open source will allow more developments, more interconnected DevOps, with which we will have more decentralized data with a greater use of serverless, [Kubernetes], and containers in all areas. The attack surface will be larger and more dispersed. Cyber security must be adaptive, unified and simple, always with a preventive approach.

Anything else that you wish to share with the Cyber Talk audience?

The problem is not the cloud. Your company, your data, your users and clients are already in the cloud. The challenge now is to minimize the risks of this new reality and to avoid becoming a victim of the cyber pandemic.

Did you like this interview? Be sure to check out another recent cloud-focused interview, here.