How CISOs Can Change The Game Of Cloud Security
Akshay Aggarwal, Cloud Specialist Director – Manageability & Security, Oracle APAC, discusses why it’s time to think differently to improve security effectiveness
Enterprises that move to the cloud enjoy clear redundancy, cost savings and easy integration. Yet cloud brings to the table a host of new security threats and challenges, giving CISOs sleepless nights. In a recent interaction with CXOToday, Akshay Aggarwal, Cloud Specialist Director – Manageability & Security, Oracle APAC, discusses why it’s time to think differently to improve security effectiveness and how businesses can come up with an effective cloud security strategy.
CXOToday: Can you share views about the current cyber threat landscape?
Akshay Aggarwal: When it comes to information security, the volume, variety and velocity of threats is unrelenting. The findings of the recent Oracle and KPMG Cloud Threat Report expound this in great detail. Cloud security is now a strategic imperative, thanks to the mission-critical nature of cloud services. In fact, from a local perspective, India ranked third in the list of countries with the highest number of cyber threats, and number two in terms of targeted attacks in 2017. No wonder Gartner finds enterprise spending on information security products and services in India on pace, and expected to reach US$1.9 billion this year.
CXOToday: Can you throw light on a few common mistakes that businesses make when it comes to information security management?
Akshay Aggarwal: Based on umpteen discussions with CISOs on this very point, two key yet common scenarios have emerged:
- Many businesses often don’t realize (or realize it pretty late) that we now function in a post-perimeter world.With organizations increasingly using cloud and mobile applications, it’s important to understand that relying on firewalls only or perimeter-based security technologies does not suffice in the new cloud economy. Identity is the new perimeter, because it remains a constant irrespective of deployment models across application usage. That said, there are still security risks and challenges to be factored in.
- It’s no longer enough to rely only on people. Even if your organization has a full-fledged, dedicated security team,its human nature to become quickly overwhelmed by the pace and variety of enterprise cybersecurity threats.The sheer volume and variety of devices, applications, users, and the plethora of log files is indeed daunting for people to make sense of it all.
To improve security effectiveness, it’s time to think differently, deploy new systems and let machines tackle the rogue machines.
CXOToday: How can businesses overcome such challenges with new technologies?
Akshay Aggarwal: More often than not, it takes very long for an organization to actually realize that there’s a problem, and then take corrective action. Relying only on people to respond quickly can be devastating. Therefore, organizations need autonomous capabilities – a combination of automation and advanced machine learning, to put it simply. Such capabilities can quickly detect out-of-pattern user activities or behavior anomalies and take action proactively to address such inconsistencies. The beauty of such an autonomous solution is that it continuously learns how to deliver increasingly greater security. This not only speeds the time to detection, but also expedites the time to fix the problem.
CXOToday: With perimeters disappearing, how can a business integrate its security approach?
Akshay Aggarwal: To keep pace with the digital economy amidst rising cyber threats, businesses need a holistic, integrated, future-proof security strategy spanning the entire IT environment – across public, private and hybrid clouds. Further, businesses need AI to enable rapid detection, investigation, and remediation of the broadest range of security threats across on-premises and cloud IT assets. But often, businesses find it hard to stay ahead of cyber threats with disparate, piecemeal security solutions.
An effective cyber security strategy offers visibility via a single pane of glass, delivering a more cohesive threat management and data protection proposition. It typically starts with data at its core, followed by identity and access management, after which we get into user monitoring and cloud access visibility, thereafter coupled tightly with analytics.
CXOToday: What’s the impact of government regulations such as GDPR on the security strategy of a business? In particular, how is GDPR impacting Indian businesses?
Akshay Aggarwal: GDPR is one good example to understand how and why businesses need to be cognizant of regulations across the globe. Given this regulation broadly impacts any and every organization, government agency and company across the world that collects or uses personal data tied to EU residents, it would be a blunder for any business with origins outside of the EU to assume that GDPR doesn’t apply to it. For simplicity sake, let me take the example of a global airline company which operates within as well as outside the EU and is headquartered outside. Such an organization will also be impacted by GDPR if its systems are recording/storing and/or processing the personal data of EU citizens.
Indian businesses which come under the ambit of GDPR need to ensure that they are always aware of the PII (personally identifiable information) data being stored in any of their applications and systems and make sure it’s completely secure. Any laxity by Indian organizations in handling this data and making use of it for business benefit without getting the consent of the end user can lead to tough penalties up to 4% of their annual global revenue. We’re working closely with several Indian organizations in improving their understanding of why and how GDPR is relevant to them.
CXOToday: How is Oracle helping organizations to better secure their business?
Akshay Aggarwal: Oracle’s Gen 2 Cloud uses AI/ML to offer a secure layer of defence across users, apps, data, and infrastructure – through a single pane of glass. What this means is with Oracle Cloud, we help businesses prevent, detect, respond to, and predict sophisticated security threats starting with the ‘core’ of data all the way to the ‘edge’ of the network, encompassing the below elements:
- Highly automated security based on ML across all data (system, apps, users, devices)
- Support for securing and managing hybrid and multi-cloud environments
- Through a single “pane of glass” that includes orchestration and automation
- Security from core-to-edge gives application delivery and security professionals the tools they need to intelligently defend their sites, systems, and applications
- All of this in an open and secure platform that businesses can integrate with their existing environment
Further, Oracle’s Gen 2 Cloud powers the Oracle Autonomous Database, which has three core attributes that leverage the power of AI and machine learning that let organizations lower cost, reduce risk, accelerate innovation, and gain predictive insights.
CXOToday: Can you share specific examples of some Oracle cloud security solutions/services that a business can deploy?
Akshay Aggarwal: Oracle provides an overarching Trust Fabric like security to ensure all the enterprise wide IT assets are always secured whether on-premises or on multiple clouds. For simplicity sake, let me give you twoexamples: Oracle Web Application Firewall can secure web applications running anywhere – be it in the customer datacentre or any of the public clouds – by providing a single layer of security to thwart away any DDoS attacks to your web applications. Oracle Identity Cloud Service provides a single access security gateway to all the on-premises applications as well as applications hosted in multiple or individual public clouds to ensure only the people with the correct identity have access to these systems.