Grant Asplund is a Growth Technologies Evangelist and proven multi-channel senior sales and marketing executive with history of exemplary achievement introducing/launching new products and establishing large, long-lasting pipelines and revenue growth within leading technology companies and start-ups.
Yuval Shchory is the Head of Product Management for CloudGuard at Check Point Software. Shchory has previously served as a CISO for a large service provider, a co-entrepreneur and co-founder of an elite security system integrator, a line of business manager at Cisco, and Head of Product for multiple market-dominating security product lines across enterprises.
EXECUTIVE SUMMARY:
At the industry-leading global cyber event of the year, CPX 360 2022, thousands of guests watched incredible presentations delivered by some of the best security experts of our era. Defining, explaining and exploring security complexity and design are critical in leading successful 21st century enterprises.
Cloud security experts Grant Asplund and Yuval Shchory offered outstanding insights into why the future of compliance is not just about technological improvements, and describe how additional attentional needs to be given to Zero Trust from operational and permissions perspectives. They also covered how machine learning and artificial intelligence will help security practitioners shift from reactive approaches to proactively risk-mitigation frameworks.
In this Cyber Talk interview, explore key takeaways from their talk…
Grant Asplund: What’s keeping security practitioners up at night?
Yuval Shchory: Whenever we talk to anyone from sec-ops to CISOs, the first thing that comes up is “Listen, I have virtually no visibility.” And for those come from a more old-school background, they talk about how data centers used to be back-in-the-day, and they knew where the servers were located, and they knew where the “crown jewels” were; but today, because a lot of the decisions have ‘shifted left,’ a lot of folks feel like they don’t even know what crown jewels they’re protecting.
This ambiguity and uncertainty leads CISOs to wonder ‘am I even still relevant?’ And many also wonder about whether or not they can stay relevant as they learn how to operate a tremendous number of new technologies. We’re talking about VMs, and containers, and pods, and clusters, and functions that operate as different cog-wheels working together…
Grant Asplund: How has cloud security changed across the past few years?
Yuval Shchory: Cloud security is significantly more complex than ever before. Today, cloud security is no longer a single item, technology or solution – but instead a plethora of solutions we have to look into. It now reflects the need to secure so many different things. The traditional security infrastructure is there and it’s always going to be there. But on top of that, throw securing virtual machines, securing containers, securing serverless functions, and applications into the mix.
Everything now changes at a much faster pace; at the speed of cloud.
Grant Asplund: Can you highlight the areas that are of the utmost concern?
Yuval Shchory: When you have such an immense process that takes source-code –and let’s say that we manage to secure the endpoint, and we manage to secure everything on the developers’ side- there are so many openings where adversaries could actually hack the entire process; tamper with source-code as it goes into the version-control system; tamper with configurations and Docker files…etc.
And then, as it goes through the CI/CD pipeline, it actually opens up new opportunities for adversaries to hit those base images and as we heard about with Log4j – just think about a vulnerable dependency that now impacts your entire application…
Grant Asplund: Tell us a bit about the new shift in mindset known as SecDevOps:
Yuval Shchory: SecDevOps is a brand new mindset that we’re seeing among customers, which is again, called SecDevOps, where security is just like a virtual overlay across everything; it’s holistic. It’s not just something that happens once a week or once a day. It’s really embedded into the build process. It means that security isn’t an afterthought and that completed pieces of software aren’t being retrofitted.
If you would like to learn more about the future of cloud posture management, get additional in-depth information via this superb CPX 360 on-demand talk.
