Sticking to traditional security playbook is mistake for cloud security: Palo Alto Networks SVP
Sticking to traditional security playbook is mistake for cloud security: Palo Alto Networks SVP
Your email has been sent
Ankur Shah of Palo Alto Networks’ Prisma Cloud security platform says he sees a bright future for AI in security operations, but not so much for DevOps using many tools with little left-to-right integration.
Worldwide spending on public cloud services is set to grow 20.7% to total $591.8 billion in 2023, according to Gartner, and threat actors are getting better at exploiting unpatched vulnerabilities.
Recent research by Palo Alto Networks’ Unit 42 found that more than 60% of organizations take over four days to resolve security issues, over 63% of codebases in production have unpatched vulnerabilities, and threat actors exploit a misconfiguration or vulnerability within hours.
The company’s Prisma Cloud is a top security player in spotting vulnerabilities in cloud-native application development and deployment. TechRepublic spoke with Ankur Shah, SVP and general manager of Prisma Cloud, about what cloud security means and how IT pros and decision makers should think beyond the traditional cybersecurity playbook when it comes to cloud security.
TechRepublic: How has hybrid work and migration to cloud business informed what Palo Alto’s Prisma does?
Ankur Shah: Before the cloud, security was like a house with one front door, a camera and a security guard: one level of security and you’re good to go. Now security is very dynamic. Every house looks and feels different. There are windows and doors and you don’t always know which are open, and the crown jewels are inside. So there’s a lot of “lift and shift” [the process of migrating applications and systems to the cloud] with customers rewriting applications — building “houses” in cloud infrastructure, and the security person at IT does not have as much control over how these houses get built.
TechRepublic: Developers do, nowadays.
Ankur Shah: … Because every company is becoming a digital company. If I’m Home Depot, I am a technology company that happens to be in home hardware; if I’m Pfizer, I’m a technology company that happens to be doing pharmaceuticals: today people are using AWS or another cloud service provider and developing their own software. So, yes, developers can have outsized influence because they have to build fast. Today there are over 33 million developers and fewer than three million security people who actually know the cloud. I don’t have data for this one, but I would guess that there are probably fewer than 20,000 people in the world who really understand cloud and security.
TechRepublic: But isn’t cloud security pretty much what most security is about now?
Ankur Shah: You have to understand that the bulk of the security professionals come out of an understanding of network and endpoint security. A lot of security people are using the same playbook that we used back in the day and applying it in the cloud. It’s a very different paradigm now, though. The way workloads get deployed in the public cloud — the windows and doors of the house — is very dynamic. You don’t rack and stack a server anymore. You click a button … or you don’t even have to click a button. Through automation, you can create literally hundreds of thousands of workloads in the cloud today. So these are the best of times, these are the worst of times if you’re in security.
TechRepublic: Should cloud providers be doing more in terms of securing what enterprises enact in cloud environments?
Ankur Shah: If you look at AWS, Azure, Google Cloud, IBM, Oracle and the others … you can have one cloud provider alone with over 200 cloud services that developers are using to build new applications. The cloud providers say, “Look, I will secure the infrastructure layer, but what you put in your applications, I don’t have responsibility, that’s up to you.” When I was a developer, we would ship that code once a year. Now customers are shipping code daily. So the CI/CD [continuous integration/continuous deployment] pipeline has reduced significantly now.
TechRepublic: Palo Alto Prisma Cloud is about securing that entire CI/CD process, correct?
Ankur Shah: The entire code-to-cloud journey … often involves 7, 8, 9 tools. The left doesn’t talk to the right, right doesn’t talk to the middle, middle doesn’t talk to the right. So, yes, Prisma Cloud’s mission has been to deliver code-to-cloud security at each stage of the pipeline. There will be security problems once things are in production. Continuously monitoring the final product to ensure that security holes are not left is also a big part of what we do.
TechRepublic: Even with code-to-cloud security there will still be exploitable critical vulnerabilities, don’t you need multiple tools to deal with this in development and production?
Ankur Shah: Well, there are two ways to not solve that problem. One is if you have multiple tools that aren’t integrated, which is what much of the security industry is today. There are 3,000 different vendors, 200 in cloud security alone. And everybody’s trying to sell point solutions. It’s not going to save the day for you. More tools make you less secure, not more.
TechRepublic: Which I assume is why enterprises are moving away from collecting point solutions toward platforms like extended detection and response, or XDR, in Security Operations Center contexts.
Ankur Shah: There is a big consolidation movement because customers can’t keep on repeating the sins of the past and have multiple tools, point products, but in security, good enough is not good enough. You have to be best in class.
TechRepublic: Is DevSecOps fundamentally different than what is happening in the world of SOCs and does Prisma Cloud respond to both contexts?
Ankur Shah: Tools like XDR for SOC are out there for doing threat detection prevention. If you have software already in production and an intruder gets in, Prisma Cloud will detect it and we will send those signals to the SOC. From the code to the cloud process, there are risk signals, and Prisma’s job is to prevent those problems to begin with.
TechRepublic: What are some uses of large language models in cloud security?
Ankur Shah: My vision is to leverage AI for two purposes: to improve the user experience and to improve the security outcomes. It’s really that simple. Customers today are asking simple questions, but to answer those questions we often have pages and pages of product information. With AI, why can’t you ask something like, “Hey, what’s my top security priority? What’s the next incident that I can expect?” In the future of security, users are going to be engaging with AI to help solve problems for these kinds of queries. That speaks to the user experience aspect of it. The security outcome is a lot of the stuff that we did already in AI. You can expect us to do more and more in the future with automation, more AI and machine learning because it’s really connecting the dots to ensure that if there is a breach — if there is a security incident — we’re able to detect it sooner than later.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Sticking to traditional security playbook is mistake for cloud security: Palo Alto Networks SVP
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
Get up and running with ChatGPT with this comprehensive cheat sheet. Learn everything from how to sign up for free to enterprise use cases, and start using ChatGPT quickly and effectively.
Get the most out of your payroll budget with these free, open source payroll software options. We’ve evaluated the top eight options, giving you the information you need to make the right choice.
We highlight some of the best certifications for DevOps engineers. Learn more about DevOps certifications.
With so many project management software options to choose from, it can seem daunting to find the right one for your projects or company. We’ve narrowed them down to these ten.
This Microsoft PowerToys app simplifies the process of visualizing and modifying the contents of the standard Windows Registry file.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
PURPOSE Industries that depend on information technology and related fields of research often call upon the computer research scientist for innovative ideas. This hiring kit from TechRepublic Premium provides an adjustable framework your business can use to find the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY TRAITS AND SKILLSETS …
PURPOSE The purpose of this policy from TechRepublic Premium is to provide guidelines for appropriate entry, presence and operations conducted within your company’s data center. This policy can be customized as needed to fit the needs of your organization. From the policy: DATA CENTER ACCESS POLICY DETAILS The following guidelines should be implemented: The data …
PURPOSE Before an enterprise can declare itself successful, it must first define what success looks like. Establishing a plan that defines success requires a specific skillset, which is often difficult to find. This Hiring Kit: IT Finance Manager/Budget Director, from TechRepublic Premium, will narrow the field of candidates for you. From the hiring kit: DETERMINING …
PURPOSE The Internet of Things is going to disrupt how just about everything industrial works. To keep up, companies need to find personnel skilled in programming sensors and other networked devices. This hiring kit for an IoT developer, courtesy of TechRepublic Premium, will narrow the field of candidates for you. From the hiring kit: DETERMINING …
source
