Despite growing investments in defensive technologies, cyber breaches continue to proliferate. As malware continues to evolve, critical data moves to the cloud, and criminals explore new vectors of attack, security professionals are expected to stay up to date with changes in the industry. How can CISOs mitigate risks and secure their organizations from deadly threats? In an exclusive interaction with CXOToday, Harshil Doshi Strategic Security Solutions Head, Forcepoint, explains how cloud behavior analytics is necessary to detect risky cloud usage, anomalous behaviors and the impact of the risk. He also discusses the company’s business roadmap for the next one year.
CXOToday: While Cloud has its obvious benefits – the reason so many organizations are switching over – the security part still remains ambiguous. What should CIO/CISOs consider when deciding on their cloud strategy?
Harshil Doshi: Adopting cloud has multiple benefits in terms of operational efficiency, high availability and accelerating business initiatives. These benefits are acknowledged by organizations who are moving to the cloud. Specifically, with mission-critical applications like e-mail communication and other business automation applications, organizations benefit by deploying newer modules faster and driving better productivity. However, these applications have their own set of cybersecurity challenges, such as, not having continuous visibility of users and protection of critical data in the cloud. While the cloud service providers manage the security around the cloud infrastructure, they don’t control or manage access to an organization’s data.
So firstly, it is important for organizations to look at how well are the cloud service providers certified with respect to compliances and security standards such as PCI DSS, SOX and ISO 27001, etc. Secondly, they should look to apply their own security controls in the cloud; for example, by deploying a cloud access security broker (CASB) solution, organizations can better understand their employees’ activities on the cloud infrastructure. They will have an understanding of users’ accessing different applications and critical data. They will also have visibility to users’ access to unsanctioned applications on mobile devices, which may pose a risk to organization’s IT security. There are security products like the Forcepoint CASB solution, which help organizations in securing their journey to the cloud in a seamless manner.
CXOToday: How have you seen the concept of information risk evolve over the last few years? Can you highlight some of the challenges faced by organizations when considering a move to cloud?
Harshil Doshi: Information risks have never been as important as they are today. The criticality of cybersecurity is going to peak as more regulatory compliances are introduced, not just locally but also globally, to safeguard the data. Previously, organizations didn’t have much compliance to contend with; if any data leak or a security breach happened, there was no major legal liability or indemnity that they had to deal with in terms of penalties. Now, organizations especially in banks, telcos and insurance sector, and government agencies, who are dealing with sensitive information such as customers personal and financial data, are mandated to report a breach as soon as they become aware of it. Since these breaches get reported publically, it has an impact on organization’s brand and also on the customers’ confidence.
Also, the risks have become more internal than external. When we talk about internal risks, employees of an organization could be responsible for a security breach. We call them ‘insider threats’, where someone inside the organization may be maliciously or accidentally leaking the data or their digital identity has been compromised which is leading to the data breach. The recent examples of insider threats could be the “Nirav Modi” fraud and the breach pertaining to the “UIDAI” where somebody inside the organization tried to steal the information. Looking at the situation five years ago to where the industry is today, the information risk paradigm has increased leaps and bounds. These cases are being discussed across boardrooms and organizations are looking to protect themselves from such breaches and process frauds.
CXOToday: How cloud behaviour analytics is necessary to detect risky cloud usage, anomalous behaviours and the impact of the risk.
Harshil Doshi: Behavioural analytics is used to monitor activities of users, machines, and accounts to an extent where we can figure out their behavioural patterns. This provides us with a persona of each user; if the user is risky, safe or ignorant. Behavioural analytics gives perspective and intent of a user to a particular activity – what was the intent behind a user performing a certain action. For example, today, if I go ahead and make all my data files publicly available on an external drive or, say, on the cloud file sharing and storage application, Dropbox, it is a behavioural aspect but my intent behind this action may not be clear. In such a scenario, behavioural analytics will correlate different activities and inform the security analyst about the motivation of the user – in this case, my motive could be to access these files after I leave the organisation. This is where behavioural analytics helps; it looks at the deviation from the base line behaviour to flag off any possible cyber threat.
Forcepoint is a thought leader in the cybersecurity world and we are reinventing cybersecurity industry by bringing in the human behavior aspect. We’re building human-centric cybersecurity platform which understands the rhythm of the people and the flow of data to predict cyber threats. The user & entity behavior analytics (UEBA) technology is at the heart of this system.
CXOToday: In what ways is visibility essential to control sanctioned and unsanctioned cloud apps to enable their safe and productive use in a Zero perimeter world.
Harshil Doshi: This is a huge issue that organizations face today because cloud adoption can become a Frankenstein monster if you do not control it right. Even though there are threats to critical data while adopting sanctioned cloud applications such as Office 365 or Amazon Web Services, you still embrace them by using appropriate security solutions. But what about users downloading cloud applications that are not sanctioned? For example, what if Dropbox’s use is prohibited by an organization but users still go ahead and download it? Then, the organization would need to have the visibility into who these users are, the critical data they are storing in the cloud and data they are sharing, and with whom all? Visibility is very essential to understand what is happening to your critical data – who is accessing it and where all it is travelling in a cloud set-up – as there could be thousands of users in an organization accessing multiple unsanctioned applications and, therefore, the risk multiplies to that extent.
Solutions like Forcepoint CASB crawls across the user browsing behavior and informs the security analyst about the percent of users accessing unsanctioned applications, and the risk associated with those apps and the security solutions to mitigate them. Unless there is a continuous visibility, no action can be taken. We call this “Shadow IT” visibility in the cybersecurity parlance.
CXOToday: What are the most important elements to consider when establishing the best possible cyber security strategy? What are the most common security mistakes that could lead to a data breach?
Harshil Doshi: There are some bare minimum essentials which organizations need to have in order to ensure a healthy state of cybersecurity like an antivirus, a firewall, and an IPS solution to protect the IT infrastructure from endpoints to networks to data centers. Then, there are security technologies like e-mail security, anti-spam or web proxy solution to protect against threats coming from email and web.
Information security has become the most spoken about cybersecurity threat today. Data Loss Prevention (DLP) solutions have become an essential part of the cybersecurity framework for organizations. The list of solutions is endless – there is Security Incident Email Management (SIEM) solution, Security Operation Centre (SOC) solution and so on.
There are multiple mistakes that organizations can make which may lead to data breaches. First, most of them assume that a data breach can only happen from certain “type of users” or “business units”, which is not true. Anybody on the inside or anybody who has access to the IT infrastructural application can be responsible for data loss. The cybersecurity spectrum which an organization needs to cover as far as data loss is concerned has to be 360 degree. The solution should cover the entire organization and not just certain types of users or business units. This will cut down the loop holes for any kind of data breaches. Hence, transparent cyber workforce monitoring at all levels and for everyone is important.
Secondly, profiling which data is critical is essential. For example, for a bank, customer’s credit card and debit card details, their personally identifiable information (PII) and even transactions information is critical. Similarly, for a manufacturing company, engineering design, R&D data, bid contracts are critical which should be protected at all times. Like this, based on an industry, profiling of critical data is extremely crucial for a strong data security posture.
Thirdly, giving too many exceptions or having a loosely defined security policy becomes an issue. Information security policy needs to be watertight, crisp and clear, and needs to encapsulate all the products and data rights for a particular organization.
CXOToday: How can CISOs adopt newer technologies such as AI-ML, IoT into business operations in an agile but secure manner?
Harshil Doshi: The new trend of machine learning, artificial intelligence, internet of things (IoT) is at a very nascent stage. From cybersecurity perspective, they are supposed to use collection of data to respond to cyber threats in real time and in an automated manner.
CXOToday: What are your growth plans for the next one year?
Harshil Doshi: Forcepoint is investing heavily on human-centric, risk-adaptive security, which focuses on understanding behavior and intent of users, machines and accounts, and their interaction with data across networks, where any anomaly from a baseline behavior will help to quickly respond to cyber threats. This Risk-Adaptive Protection approach not only protects organizations’ from cyber threats but also protects users incase their digital identity is being compromised, and helps to drive a responsible cyber behavior.
Secondly, we are also focusing on automation as there is a lot of skills and resources shortage as far as cybersecurity is concerned, both in India as well as globally. Forcepoint’s Risk-Adaptive Protection continuously assesses risk and automatically provides proportional enforcement that can be dialed up or down. Intelligent context speeds decision-making and security controls specific to changing risk in enterprise networks. With the industry’s first automated enforcement capability that dynamically adapts, security analysts are now freed to focus on high value activities and eliminate the backlog of alerts from traditional security tools. This approach also reduces the time required to detect and mitigate risk from days or months to a matter of seconds.
The third area we are focusing on is adaptive security, which means that the security will change as per the risk perception of a particular individual. For example, if Harshil Doshi’s risk profile is low, the enforcement levels on what all I can do will be lesser. But, as the risk profile of Harshil Doshi increases, the amount of control on what all I do keeps increasing. Hence, as the risk profile of the person decreases or increases, the amount of controls also changes accordingly. Previously, only static policies were designed that allowed or disallowed actions but now as per the risk perception of an individual the control levels are proportionately applied.
Another area of focus for us is next generation firewall (NGFW) and network optimization. Forcepoint NGFW is the industry’s top rated NGFW and combined with the SD-WAN capability, organizations can reduce their dependency on MPLS (Multi-Protocol Label Switching) while being secure. This automation of network with our SD-WAN capabilities can reduce the operational cost for organizations by as much as 70%. In addition, we have all this on a single-management console and organizations can look at this in a single pane of glass.