In this dynamic tell-all conversation, excerpted from The TechArena podcast, VP of Cloud Security for Check Point, Tsion (TJ) Gonen, shares his views about the evolution of cloud, contemporary cloud security challenges, and the future of cloud security.
Please start by introducing Check Point. Please share a bit about the solutions for enterprise cloud customers:
Check Point was founded 30 years ago. Gil Shwed founded it in Israel. He invented the firewall- literally invented the firewall and got the first firewall out there on the market. And since then, for 30 years, Check Point has been one of the biggest companies in the cyber security space, growing its capabilities in a variety of areas, as the field of cyber security itself broadened.
In the last few years, Check Point expanded to cloud security, as it was becoming increasingly critical for organizations that moved to the cloud. In the cloud security space, we started by extending our network security solutions, which is sort of a natural expansion of network security. Since then, cloud security has evolved dramatically, and to some extent, as I like to say, cloud security is as big as cyber security.
Check Point’s cloud security solutions have evolved dramatically over time. From Cloud Security Posture Management (CSPM) to workload protection, to detection and response, to application security in the cloud – it’s a very broad portfolio.
What do you think is the state of cyber security today and what do you say to customers in terms of the best approach in ensuring that they have the protection that they need?
Think of what’s happening in the cloud. It’s one script and boom, you have a data center. And if you want another one, boom, the space is available immediately. And you can make it happen across three different clouds. And if you want to launch 50 machines, it just takes a second. And if you want to launch 5,000 machines, it’s also only a second.
And then, the cloud providers are innovating. They’re introducing new types of workloads and new ways to connect, and everything is code, so you have a gazillion developers manipulating the components.
The complexity is astonishing. If people thought that cyber security was complex prior to the cloud, then the cloud makes it even more complex. Why? Because the speed and scale enable organizations, developers and applications to move ultra-fast.
To your question, I would say that even though Check Point is a security company, and the obvious answer is ‘protect everything,’ there’s just no way you’re going to be able to cover absolutely everything – at least, definitely not at the fast-moving pace and in the fast-moving space that is cloud.
I think the first thing is, start with the basics. Most problems start with posture. Get the posture right. Minimize the attack surface. Minimize the probability of negative events. Roughly 92% of attacks could have been prevented with the right cyber security controls in-place.
If I don’t leave anything open, it’s going to be harder for hackers to it. So the first thing is, get your posture right. Now, ‘how do you get posture right?’ is a very broad topic in and of itself…But if you don’t get posture right, you’re at a disadvantage, as you’re then trying to chase attackers – which is very difficult.
The second thing is ‘think prevention’ rather than just detection. I always give this example around the inbox: My inbox is full of emails that I’ve never read, and that I’m never going to read, because at some point, I just get too tired of emails. Email fatigue. Along the same lines, if you just pursue detection, when your environment grows, you’ll just be spammed with alerts, and you’ll get overwhelmed. Don’t detect if you can’t prevent. It’s useless to detect if you can’t do anything about it or if you don’t have the resources with which to do anything about it. Implement tools, technologies and processes that are focused on taking action – whether that’s around prevention or remediating.
And within all of that, the right mindset involves zeroing in on prioritization of risk. Not all risks are created equal. Effectively, the biggest challenge is ‘how do you manage risk’?
Because the cloud is so easy to spin up, we see lines of business spinning up cloud on their own, and sometimes IT organizations may not even be aware of what their organization is using. How do you protect against threats and vulnerabilities if you don’t even know what your organization is using in terms of cloud services?
When I talk with organizations, what you just mentioned is the No.1 source of fear. When platforms like Azure and AWS were built, they were built for developers and practitioners – not for the security people. Everything Azure and AWS do is for the developers.
You now have these armies of developers with tools that were hyper-optimized across the last 10 years, and they can move exceptionally fast. So, you effectively asked the question, how can security keep up?
I would say that there are two ways to look at this. I call the two modalities ‘the trust zone’ and the ‘no trust zone,’ and I’ll tell you what I mean by that…
For the full conversation with Check Point’s VP of Cloud Security, Tsion (TJ) Gonen, please enjoy listening to the podcast here…