Blog

SECURITY SPOTLIGHT FORUM SEP 2018 ROUND UP- SECURE CLOUD ENABLEMENT

Oct-2018 9 min to read

As the region’s trusted security advisor, Help AG plays an ongoing role in raising awareness about the latest cyber security trends in the Middle East. Our Security Spotlight Forum (SSF) event, hosted in premier venues across Dubai, Abu Dhabi, and Riyadh, has become an excellent platform for achieving this on a quarterly basis.
Recognizing the rapidly changing dynamics of cybersecurity in the cloud era, we decided to centre the September edition of SSF on the theme of ‘Secure Cloud Enablement‘. Supported by five of the industry’s leading cloud security vendors, SSF proved to be the perfect event not just for those who have already moved to the cloud but also for the several organizations that are still in the cloud assessment phase. So, whether your organization belongs to the former or the latter group, reading this summary of the information packed presentations at the event will no doubt give you plenty of points worth considering for your company’s cloud success. And while normally, we aim to keep our blogs short, we didn’t want to leave out any of the precious detail so if there’s a specific aspect of cloud security you’re keen to learn more about, here’s a quick reference for what’s ahead in this post:

Help AG: The evolution of cloud security and change in the focus of attackers to now exploit end users and their endpoints
Okta: Protecting identity with solutions such as multi-factor authentication (MFA)
Palo Alto Networks: Creating consistent and uniform cloud security policies and preventing known and unknown threats within application flows
Thales eSecurity: Keeping data safe- in the cloud, at rest, in motion and even in the application- with encryption
Mimecast: The new age of email security in the era of the cloud.
Tenable: Addressing the cloud impact on vulnerability management with Cyber Exposure

So, with that said, let’s dive in!

Help AG: It’s all about the cloud – Now let us secure it

Help AG CTO, Nicolai Solling, shared how cloud applications are secured and controlled and what organizations need to consider when they move to the cloud. Help AG’s cloud security architecture is greatly inspired by many of the challenges we experienced as an organization when we started our own cloud journey. Today Help AG has a cloud-first approach.
Cloud services are often more secure than standard on-premise deployments as cloud providers tend to invest heavily in security technologies that all subscribers then benefit from. However, in the era of the cloud, information security teams will be presented with a new set of security challenges that will require fundamental shifts in their approach as traditional security standards and methodologies will often not be easily adaptable to the cloud consumption model. While we continue to see the occasional data breach of large service providers that expose login credentials and the information of multiple users, the volume of cloud-related attacks is shifting away from the service itself to the endpoint and the end user.
As organizations migrate critical services to the cloud, their endpoints will be placed at the forefront of cyber-attacks. Only the right strategy that incorporates identification, authentication, policies, and education, can place them on the path to cloud success.

Okta: Identity is the key driver of the Security-First approach

Securing your workforce and users, in the cloud, and on-the-go can be difficult. A recent Enterprise Strategy Group (ESG) survey discovered that for nearly 75% of organizations a username and password was the only barrier between a determined attacker and access to your critical resources.
In their presentation, Okta spoke about how Identity is the new perimeter for cybersecurity. This session covered how the use of adaptive multi-factor authentication (MFA) will benefit users and admins, how identity protects cloud and on-prem applications, and how to go beyond MFA to manage secure access.
Okta Identity Cloud, with features like single sign-on, universal directory, lifecycle management, and adaptive MFA, enables modernization of IT for the extended enterprise while transforming the customer experience. Okta creates a seamless user experience by providing single sign-on to all of the web applications that make up an organization’s portal. Users log in once and then are passed on to each portion of the portal without having to re-enter credentials. Okta can easily integrate with custom-built applications, business processes, and even existing identity management solutions. With this solution, existing infrastructure investments are leveraged for fast implementation, while providing a consistent user experience across older and newer applications, whether on-premises or in the cloud.

Palo Alto Networks: Your move to the cloud, secured

Building seamless, consistent security policies across on-premise and cloud IT environments can be challenging without comprehensive workload visibility. Palo Alto Networks provides organizations with the visibility and automation needed to create and update security policies in one’s cloud environment in real-time. Their session delved into how you can gain greater control over your applications, automatically create consistent and uniform security policies, and prevent known and unknown threats within application flows.
Through 2020, it’s predicted that 95% of cloud security failures would be the customer’s fault. Securing the cloud can be hard, as one must worry about Fragmentation & Complexity, Manual Processes, Human Error, and New APP Architectures. Security needs to adapt, and your security strategies need to be broad to cover Mobile, SaaS, and Cloud. Palo Alto Networks vision of cloud security consists of Inline – Protect & segment cloud workloads; API Based – Continuous security & compliance; and Host – Secure OS & apps within workloads.
Palo Alto Networks’ approach to SaaS security is unique in the industry. The NGFW provides the inline capabilities needed for SaaS security. All these features are now extended also to their GlobalProtect Cloud Service (GPCS). With GPCS, one can now have a fully cloud-delivered inline CASB, without the need to deploy any hardware. Further, for sanctioned applications, where most of the sensitive data is likely to reside, one needs deeper controls. This is where Aperture fits in. It uses rich APIs to connect with the SaaS applications to deliver critical SaaS protections such as DLP, user activity tracking, advanced data classification, and many more capabilities. For comprehensive SaaS security, one needs both inline and API-based protections to be able to address the challenge of Shadow IT, as well as dive deeper into the activity within sanctioned applications.

Thales eSecurity: Hey…Let us encrypt

The single biggest inhibitor of utilizing cloud services is the perceived lack of control. With cloud services we trust someone else with our data and expect them to take good care of it – but what if they do not?
Thales eSecurity is a leader in encryption management on-premises and in the cloud, and they presented how the key topic of confidentiality and data control can be extended to cloud applications. This way organizations can still own their data-even in the cloud, at rest, in motion and even in the application.
With the various business and security benefits that encryption technology and services can offer (especially with the more widespread adoption of cloud services), the value and return on investment with encryption technology likely makes a lot of sense for organizations both large and small. Thales Vormetric Transparent Encryption can create by policy detailed data access to audit logs that show Who, What, Where, When and How data was accessed or attempted to be accessed. These logs are structured in the standard formats needed for Security Information and Event Management (SIEM) systems and can be collected from individual systems, or aggregated and collected at the Vormetric Data Security Manager. Thales eSecurity helps one secure digital transformation with multi-cloud advanced encryption and multi-cloud key management solutions that keep one in control of their data.

Mimecast: Honey, I just got phished

E-mail continues to be one of the most important business communication methods and therefore the single most targeted application for fraud and cyber security related incidents. In their session, Mimecast talked about the biggest issues in cloud-based e-mail solutions and how they address big issues such as CEO fraud, fraudulent invoices, common spam, and malware as well as availability and recovery of data in the most popular cloud and on-premises e-mail environments.
Mimecast advanced security capabilities provide an evolving and comprehensive protection called Targeted Threat Protection or TTP. They have evolved their service over the years starting with URL protection. As the threats evolved delivering ransomware or malware via attachments they incorporated safe file transcription service and pre-emptive sandboxing. 90% of global organizations have seen the volume of phishing attacks increase over the past 12 months. There is a proliferation of threats, you can’t keep up, it constituted an arms race that keeps one in a reactive mode vs the adversaries. With Mimecast Threat Protection via the Email Security Inspection system one will be able to have increased efficacy without the complexity of point solutions to manage.
Mimecast also spoke about Ataata, that combines effective, modern training techniques with predictive analytics to solve for a company’s vulnerability to human error.

Tenable: I feel so vulnerable

When moving to the cloud you may sometimes think that all your security concerns are gone. Unfortunately, adopting cloud services does not mean you can forget the good old ABCs of security — vulnerability management being one of them.
Tenable is the first and only provider of Cyber Exposure solutions and a leader in vulnerability management. They talked about some of the most common misconceptions around cloud security and how the cloud impacts approaches to vulnerability management. Cyber Exposure translates raw vulnerability data into business insights to help security teams prioritize and focus remediation based on business risk. It builds on the roots of Vulnerability Management, designed for traditional assets such as IT endpoints and on-premises infrastructure, moving from identifying bugs and misconfigurations and expanding to live discovery of any digital asset across any computing environment, continuous visibility into where an asset is exposed, or secure and to what extent, prioritization of remediation based upon business risk, benchmarking of cyber exposure, and measurement of cyber exposure as a key risk metric for strategic decision support.
Tenable’s presenters also discussed Tenable.io Container Security, which allows one to seamlessly and securely enables DevOps processes by providing visibility into the security of container images. By integrating with developer build systems, Tenable.io Container Security brings proactive visibility to solve the security challenges of containers at the speed of DevOps.
As you can probably tell from reading this post-show report, we covered a lot of ground in just half a day. This is why our customers unfailing look forward to attending our SSF to ramp up their knowledge on key cybersecurity topics in the quickest and most effective manner.
The theme for our next edition of SSF is SMART Approach to CYBERSECURITY. As the gap between demand and supply of cybersecurity expertise continues to grow, it makes all the more sense than ever before to opt for a smarter, consolidated and all-integrated approach. The key is to optimize available resources, detect and remediate threats faster. This in turn is driving the uptake of SOAR (Security Orchestration, Automation and Response) solutions in the enterprise space. According to Gartner, there will be a 15-fold increase in the use of orchestration tools across the security industry by the end of the year 2020. SOAR would be best complemented with User and entity behavior analytics (UEBA) that would not just facilitate a more comprehensive approach to IT security, but also helps detect elements of compromise. Another trend that’s being seen is that instead of dealing with endpoint security and network security in separate siloes, businesses are gravitating toward advanced detection and response service models such as MDR. Our upcoming Security Spotlight Forum in November will delve into all this and more. Stay tuned.