Cloud security has become a main focal point for cybersecurity across verticals. The move to the cloud creates many operational and cost saving benefits for organizations, but disparate architecture and poor visibility can also leave critical data exposed or unprotected.
You’ve said that “cloud security is like a multiverse.” Could you explain what you mean by that?
“Sure thing. Cloud security is akin to a multiverse of possibilities, with a single decision or misconfiguration branching off into an infinitesimal collection of various situations and outcomes. So, given the pop culture relevance of the word multiverse this year, it seemed like an accurate way to describe it.”
What are the most critical components to include in your organization’s security multiverse?
“Companies are looking at cloud security as a way to bring together network protection, identity and access management, data security, workload protection, DevSecOps, API security, security posture, compliance management, threat management, and more into one ‘sacred timeline’ that will keep their organizations secure. The problem is that, with so many access points, every component becomes critical. There are so many potential branches to a company’s security multiverse that the most critical part becomes maintaining your security posture across all of them.”
How can a company accurately ensure that all of their security elements remain in lockstep and not be out of sync?
“Human error happens. It’s a fact of IT life. Settings are misconfigured, policies and rules are forgotten - it happens all the time. That’s why automation is so key. With automation, you can ensure change requests, adjustments and the addition of new devices (or branches) across the organization are controlled - and done in line with your established security policy. Being alerted that a change request is not in compliance with your accepted guidelines allows you to work to fix it, instead of the request going live and opening your company up to a breach or worse.”
Why is automation so important to the security function of today’s organizations?
“Automation is increasingly important - especially as the number of endpoints and opportunities for access increase exponentially. Just think of how much the world has embraced mobile and hybrid work the past two years. Now think of all of the advances that innovations powered by IoT or 5G will bring. There are simply too many branches, too many possible issues that could arise for an IT team to keep tabs on. It becomes impossible to be successful without some form of automation helping to drive security compliance across the enterprise.”
Thinking about a company that’s new to this, what’s the best place to start adopting automation? Is there a preferred path to follow to implement it correctly?
“It’s all about reducing complexity and showing a return on your initial effort. Just like any business technology initiative, you need to prove it works and justifies further time and attention, as the payoff for the organization will be big. Start by reviewing your organization. What are some areas where automation can improve your security posture? Where can you eliminate menial or oft-repeated tasks? Maybe it’s change management, or onboarding/configuration, or simply issue alerting. Address those areas first and show how automation has improved security while freeing up valuable hours for your team.”
Why is accurate, near real-time visibility into an organization’s security environment so important, even when you’re adopting automation?
“Automation is critical, and will give you a large advantage, especially in understanding which issues are most important, and which can be handled as time allows. That said, automation cannot do everything. Accurate, real-time visibility into your security environment is important so you can understand what’s going on at a macro level, make any needed adjustments, and answer any questions. The automation may need to be adjusted. Policies change (remember the fears of BYOD a few years back?). You need visibility and control to help direct the automation to be its most successful self.”
How can the lack of visibility hurt you? How can you best achieve true visibility?
“Full automation without visibility can be a problem. Visibility allows for you to know If there are any errors or places where the automation is preventing legitimate, approved changes from going live - and lets you see if there are instances where settings need to be adjusted in the other direction. True visibility should also be supported by automation - giving your team reports on what issues were discovered, which were corrected, and which need attention. Without visibility into the security environment, it simply becomes difficult to track success and plan for future technology rollouts.”
As organizations continue their digital transformation efforts, how can a strong security multiverse aid them?
“A strong, automated security policy goes hand-in-hand with digital transformation. As the past couple of years has shown us all, change happens fast. The addition of new technologies or the replacement of traditional processes with digital ones is a fast, wide-ranging action - and if there isn’t oversight in place to ensure security rules are upheld, then you’re ripe for security disaster. Manually remembering to check each endpoint and every type of security used in the multiverse against your policies is also a disaster waiting to happen. Embrace security automation as a key component of any transformation efforts to eliminate human error and ensure there are no misconfigurations carried forward.”
Don't forget to also tune into our interview with Ruvi Kitov, CEO of Tufin on The Cyber Jack Podcast.