The TAG Cyber Security Annual Series is the work of Dr. Edward Amoroso, a renowned cyber security expert with over 30 years of industry experience. Amoroso spent eleven years as the Chief Security Officer at AT&T. Since 2016, he has dedicated himself to educating the industry through his annual publications and faculty positions researching and teaching cybersecurity at leading US universities.
The latest TAG Security Annual has just been published. Volume 2 of the 2018 TAG cycle takes a unique approach. Dr. Amoroso interviewed 47 CEOs of leading cybersecurity companies to understand their visions for the future of the industry. Today’s threats evolve rapidly and push the envelope of information security practices, so it is important to look to the experts on the cutting edge of emerging technologies.
Skyhigh Networks’ CEO Rajiv Gupta participated in this year’s report. Their conversation covers the latest threats to data in the cloud, challenges of securing information across multiple cloud services, and an introduction to the fastest growing security technology to date, cloud access security brokers (CASB). You can find his full interview with Dr. Amoroso along with dozens of startup executives in the report here. Below are excerpts from the interview.
Dr. Amoroso: Do you see more enterprise teams converging on a single cloud provider, or are they more often shifting to a hybrid collection of different cloud offerings?
Rajiv Gupta: We do not know of a single enterprise team who is converging on a single cloud provider. The reason is simple: There is no one cloud provider who covers the breadth of needs of any enterprise. In fact, many enterprises use multiple service providers for the same function, such as OneDrive and Box for file storage – either because of legacy, transition, purpose, or preferences of their customer, partners, or employees.
Dr. Amoroso: What sort of threats do you see in public cloud infrastructure?
Rajiv Gupta: Threats in public cloud almost always result from the enterprise not delivering on their part of the shared security responsibility model. Inappropriate use of cloud services can lead to a range of threats including the use of high-risk cloud services, open S3 buckets in Amazon, over-provisioned admin accounts in Salesforce, and storing and disseminating malware…
Dr. Amoroso: How do CISOs orchestrate security policies across different public clouds?
Rajiv Gupta: If a CISO wants to ensure that confidential data is not inappropriately shared, the security team needs to have several capabilities. First, there must be a way to specify that policy, defining what is confidential data and what constitutes inappropriate sharing. There must be a way to map that policy to the different ways data can be shared through each cloud service, which typically offer different actions such as copy, share, invite to collaborate, upload, and download. Finally, they need a consistent platform to get the visibility into the data and to enforce the policy.