This article is part of our State of Cloud Security 2021 Series which interviews a diverse mix of cloud security experts, design-makers, and practitioners with a goal of better understanding their perspectives on the current state of and future of cloud security.
JG: What is the state of cloud security today?
GF: The state of cloud security is a bit perilous. With so many apps out there, from collaboration to file sharing, and of course email, the sheer amount of attack vectors has skyrocketed. Hackers are getting ever-creative with their attacks. They’re doing everything they can to leverage the cloud to launch attacks. Unfortunately, many legacy security solutions weren’t built for the cloud, and have sought to deploy an on-prem solution to the cloud. That works with mixed results, at best, leaving organizations and users more exposed than they should be. However, newer technologies, including inline security, have come to the market and have utilized a cloud-first strategy, leveraging APIs and AI more effectively, helping to thwart many of these attacks.
JG: What are the most common challenges organizations face when it comes to cloud security today?
GF: Not having enough visibility. Threats are coming from everywhere, often on many services and platforms. Organizations might see simultaneous attacks on email, Teams and Dropbox. Many security solutions don’t have full visibility, meaning organizations can’t see the entirety of the threat landscape. They can’t connect the dots and see where attacks are coming from, where they’re most vulnerable, how they can beef up their defenses. They can’t monitor changes and suspicious behavior, and thus can’t respond accordingly. Without understanding the full picture, threats will be missed, users will be attacked and data will be stolen.
JG: What lessons can be learned from the biggest cloud-related breaches of 2020?
GF: Hackers will do everything they can to get information, in particular credentials. We’ve seen a tremendous amount of creative attacks over the last year. Whether it’s leveraging COVID-19 or the vaccines, whether it’s talking about stimulus payments or the election; from bitcoin to Wall Street, hackers will stop at nothing. They are getting ever more creative at launching these attacks, getting past traditional solutions and getting the end-user to click. It’s no longer enough to just train users. Training needs to be combined with advanced, AI-driven security. Organizations have to do a better job of implementing cloud-native security for cloud products.
JG: What are 3-5 pieces of advice for organizations looking to improve their cloud security in 2021?
GF: Go cloud-native. Trying to fit a square peg into a round hole doesn’t work. Trying to conform an on-prem solution to the cloud is bound to fail. The cloud is different; a different solution is needed. Organizations really need to employ inline security, whereby the security connects via API. Inline security is a must, whereby the solution can have the internal context to know what’s legit and what isn’t. That allows the solution to better stop Business Email Compromise attacks, one of the biggest scourges of 2020. Further, no app can go unsecured. Work is done everywhere, from Slack to Teams to Dropbox. Where work is done, there must be security. Everything that has data is a target. Leaving one app exposed is like having a car with three wheels.
JG: What’s the future of cloud security?
GF: The future is API-based, cloud-native with tools to secure the entire collaboration suite. All lines of business communication should be secured in the same way so that organization can work and communicate without worry. This means securing every app to protect against data loss, malware, insider threats, ransomware and Business Email Compromise. It means defending against account takeover and spoofing and impersonation. The attack landscape has never been greater; the tools at your disposal to stop them, though, have also never been more advanced, and they will only get more so.