Crisis and the Cloud: New Security Challenges of Accelerated Adoption
The coronavirus pandemic has caused a number of disruptions in the world of tech industry events – and next week’s now virtual Black Hat is no exception. In response, businesses are getting creative and rethinking their approaches to the usual networking, presentations and panels we see at in-person conferences. This week, Highwire’s Security Practice is hosting a series of virtual panels titled “On The Record: Cyber Edition” featuring a lineup of executives from top clients to highlight some of the key topics we’ll see at this year’s virtual Black Hat.
Monday’s panel, “Crisis and the Cloud: New Security Challenges of Accelerated Adoption,” was moderated by David Spark, producer of the CISO Series, and featured an all-female lineup of executives from Intel, Rubrik, Forcepoint, and vArmour, focusing on the acceleration of cloud adoption driven by the coronavirus pandemic, cloud security issues resulting from rapid deployment, and how to best address cloud risk.
In attendance were Don Clark (@donal888) from the New York Times, Jessica Hardcastle (@JessicaHrdcstle) from SDxCentral, Tony Bradley (@RealTonyBradley) from Forbes and Techspective, Fahmida Rashid (@FYRashid) from Decipher and Bree Fowler (@BreeJFowler) from Consumer Reports.
Spark kicked off the panel by pointing out that a significant cloud transformation has taken place over the past few months, largely driven by the pandemic, and asked the panelists what they are doing differently now compared to what they were at the beginning of this year.
“It was actually a really smooth transition to have folks completely work from home – we’re already about 99% SaaS and cloud,” said Rinki Sethi, CISO at Rubrik. “I think the biggest change for us was our customer base. Many of our customers we help with cloud data management, backup and recovery and many of them weren’t using cloud. They were fully in their data centers and we were helping them manage backup and recovery there, and now they wanted to shift to become hybrid to have some other means of making sure they have their data hosted somewhere else because they can’t send folks easily to the data center. There was a drastic change.”
Cloud migration acceleration was seen by all the panelists, as was the concern for how security would be able to quickly translate to this remote, cloud-based world. Many of the traditional CISO best practices simply did not match the times and crisis.
“We’re seeing 3-5 years of business transformation happen in months,” said Rebecca Weekly, Sr. Director of Cloud Business Strategy at Intel. “Normally, when a company looks to a cloud strategy for disaster recovery or business continuity, they want to do a detailed risk assessment of their entire security process – their assets, vulnerabilities that they might be facing, the likelihood of exploitations, anything they might want to do around expected loss analysis. Usually this is a very detailed, well-thought-through, CIO-led process, and we have not necessarily seen such a detailed process coming across because this is being viewed as a disaster.”
This sentiment was reflected by some of the other panelists as well, who agreed that business transformation has accelerated significantly, and that while CISOs may not have the time and flexibility for their usual risk assessments, the overall transition to cloud presents a greater opportunity than risk. CISOs are now looking at new ways to combat risk, like Forcepoint’s human-centric cybersecurity approach that looks past the traditional network security philosophy and concentrates on the behavior of human and digital identities to protect against theft of critical data.
“For the first time in modern business history, CISOs do not have the comfort level of their traditional security program and controls because the network has dramatically changed,” said Myrna Soto, Chief Strategy and Trust Officer at Forcepoint. “Not only have companies that were just considering or slowly moving towards digital transformation been forced to jump in, but clients that were already adopting are beginning to look at different capabilities, like cloud-secured gateways, insider threats and understanding behavioral analytics.
“Our network is our kitchen counter, our home office – we’re dealing with consumer-grade networks, so the need to really look at data protection and user protection at a very, very granular level is one of the things that we’re seeing our customers talk to us about,” Myrna concluded.
When asked about their plans for their future, the panelists seemed hopeful, but remained conservative in their strategies for looking ahead.
“We hoped that it would be short term, but we actually planned for long term.” Kate Kuehn, SVP Alliances at vArmour sees customers taking security concerns outside their offices more seriously. “We’re seeing customers say ‘ok, we need to continue to accelerate our hybrid model, to accelerate our cloud, move to SaaS, because we may not be full force back in the office until next year sometime.’ What does that mean? We’re seeing a shift into more focus on the interdependencies of infrastructure and supply chain, the dependencies between energy companies and healthcare companies, financial services. We’re seeing companies start to plan for the long term, that we could be trenched in for another year or two before they go back.”
Overall, the panelists provided thoughtful insights into the current state of accelerated cloud adoption and offered their advice for CISOs looking to strengthen their security infrastructure. You can watch the full panel here and below.