CISOs Should Rethink their Security Strategy in the New Normal

The pandemic and resulting migration to remote work emphasized the importance of having a digital transformation process in place. Hence, almost every organization has adopted cloud computing in varying degrees within their business. However, with this adoption of the cloud comes the need to ensure that the organization’s cloud security strategy is capable of protecting against the top threats to cloud security. However, the downside was the lack of cybersecurity effort, as Gartner forecasts that through 2025, 99% of cloud security failures will be the customer’s fault. As cloud infrastructure becomes more vulnerable to cyberattacks, CIO/CISOs need to rethink their approach to protecting information, especially as the workforce continues to work remotely.

In recent years, especially with the launch of Oracle’s second-generation cloud infrastructure, the company has been working relentlessly with customers to help strengthen their cloud security posture. In a recent conversation with CXOToday, Vaibhav Gawde, Head-Solution Engineering, Oracle India, explains the changing threat landscape, challenges security teams are likely to face and how Oracle is helping its customers move their mission-critical applications to cloud infrastructure with no disruption to business and many more. (Excerpts)

How has the threat landscape changed in the last few months?

The threat landscape is dramatically evolving. Businesses do realize that their data is now a critical asset, and are trying to strengthen their data security mechanisms on an ongoing basis. Further, the rise in remote working has increased cyber-risks for all organizations, perhaps even more so for those that don’t have a strong cyber-security fabric. The good things is there’s growing consensus among IT leaders that security needs to be an ‘always on’ element, and a ‘security-first’ mindset is a prerequisite for long-term success.

What cyber-security challenges are organizations tackling in the new normal?

In a cloud-first world, CISOs acknowledge that traditional approaches to data security can often lead to gaps in an organization’s overall cloud readiness. Also, we have observed that when organizations lack a management-driven, security-first culture, the organization has more chances of witnessing data theft. Further, without proper knowledge about some of the foundational elements of cloud, such as the shared responsibility model for cloud security, the challenge gets bigger. Therefore, the sooner an organization ensures every employee and stakeholder understand that security is “everyone’s job” and assume individual as well as collective responsibility, accountability for organizational security, lesser will be the chances of data theft or misuse.

How can CIO/CISOs strengthen their security posture in an increasingly cloud-first world?

Organizations are finally considering security as a business critical issue. More and more organizations are investing in cloud-experienced CISOs to lead, manage their overall security strategy, paving the way for the creation of a new role – a Business Information Security Officer (BISO) – per the findings of the recent Oracle KPMG Cloud Threat Report. Such progressive measures will help organizations strategically plan and improve their overall security posture.

At a time when remote working has become the new normal, raising massive security concerns, how is Oracle helping its customers in protecting their data?

Oracle has a proven track record of securely managing the world’s mission-critical data for forty plus years. Security is embedded by default in our products and services. Unlike first generation clouds, our second generation cloud infrastructure is the most secure cloud platform available to organizations. Oracle Cloud Infrastructure (OCI) helps organizations reduce risks from constant threats with security-first design principles that utilize built-in tenant isolation and least privilege access, and offers easy to implement security controls. OCI benefits from tiered defenses plus highly secure operations spanning the physical hardware in our data centers to the web layer, along with the protections and controls available in our cloud. A lot of these protections also work with third-party clouds as well as on-premises solutions to help secure modern enterprise workloads and data wherever they reside.

Further, our generational innovation -the Oracle Autonomous Database, which is the world’s first self-securing, self-repairing and self-driving database -empowers organizations to bid goodbye to complex, routine database management, such as database tuning, applying security updates etc. and instead allows employees to focus more on higher value tasks that can unlock more value for their business.

Can you mention some of your latest cloud security innovations?

We are the first public cloud provider to activate policy enforcement of security best practices automatically – from day one – so that customers can prevent any misconfigurations errors (inadvertent or malicious) and deploy workloads more securely.

We recently made available Oracle Maximum Security Zones, which extend IaaS access management that will restrict insecure actions and/or configurations using a new policy definition, which applies to designated cloud compartments. This helps ensure resources are more secure from inception by enforcing rigorous security best practices for highly sensitive workloads. And for day-to-day operations, Oracle Cloud Guard will continuously monitor configurations and activities to help identify threats, while automatically acting to remediate them across all our global cloud regions. With these two capabilities, we are the only cloud service provider that’s offering a cloud security posture management dashboard at zero additional costs, along with numerous pre-built tools that help automate response and reduce customer risks, quickly and efficiently.

We also realize that our customers’ IT environments continue to evolve rapidly, but their observability and management solutions are not keeping pace. With the recently launched Oracle Cloud Observability and Management Platform, we are bringing together a comprehensive set of management, diagnostic, and analytics services to help customers eliminate the complexity, risk, and cost that come with the siloed approach of managing multi-cloud and on-premises environments. With built-in machine learning, the service automatically detects anomalies as well as enables quick remediation in near-real time.

What is Oracle’s security roadmap for the next 12-18 months, considering more enterprises are adopting technologies such as AI, blockchain, IoT etc.?

We’ll continue to innovate and bring to market advanced cloud security solutions to help our customers strengthen their cyber security posture on an ongoing basis.