Cyberattacks like the WannaCry and Petya/NotPetya pandemic and the extraordinary growth of ransomware are often launched by sophisticated attackers; sometimes state-sponsored that bowl over traditional and legacy security.
To predict and defeat attacks in real time, cybersecurity future is sought to lie in the hands of the cloud.
Apprehending the know-how couldn’t be more apt than aboding an exclusive notion from Harshil Doshi, Security Strategist (Forcepoint India). BIS Infotech’s Consultant Editor, Niloy Banerjee extensively explores the cardinal role of Forcepoint in cyber security space and how its next-gen solutions are imparting the potential and fate of cloud security. Edited Nub.
- A confab on Security is a myth as in a time where cloud computing regardless of security tussle marks a billion-dollar industry. How Does Forcepoint catch the fire, wherein; “Digital transformation seems inevitable”?
As they say, change is the only constant. Forcepoint as a leader in cyber security embraces this disruptive change in digital transformation by relooking and rethinking cyber security using the human point system.
So what really is the Human point system? Imagine a sales representative of a manufacturing company accessing critical corporate information like a price list stored on Dropbox via their personal iPads, sipping coffee in Starbucks using their insecure Wi-Fi!! It’s as unsecure as it can get.
The essence of the human point is to understand the rhythm of the people wherever they are and understanding the flow of your data wherever it resides irrespective of how it is accessed. This means that wherever this salesperson is, and whatever information he is accessing from which ever device, the human point system is protecting him, understanding his behaviour and accordingly applying security controls on him and the data he accesses. So, if the sales representative had no business accessing that price list, or if he is accessing the information from an unauthorized device, he might be denied access to the data. We call this Risk Adaptive Protection.
This also means that the Forcepoint human point system is an integrated platform of capabilities with very high visibility on data, users, infrastructure and cloud apps, virtually making security boundary less. The portfolio of solutions including Cloud Security, DLP, CASB, NGFW and UEBA are very tuned towards ensuring a smooth and secure journey to the cloud and mobility. We’re hence not catching the fire, we are in-fact the fire, fuelling digital growth.
- Often report hits that there is a major gap of being coherent on unveiling the true potential securing data on cloud? Where has organisations lagged and how Forcepoint diligently mulls to catapult the notion of Securing Data on Cloud?
Cloud applications and service providers have always faced regulatory resistance and risk aversion due to the inherent security loopholes associated with it, irrespective of the value they bring around availability and ease of operations. It’s this fear which resists enterprises to unleash the true potential of cloud. Some observations we have seen around this phenomenon are:
a. Using cloud services as an extended local data center:
Some organizations allow the cloud service apps to be accessed only via corporate VPN. This defeats the purpose of cloud being accessible from everywhere and any device. Forcepoint’s CASB solution along with Integrated Web security and DLP helps enterprises take the plunge and open up access of the cloud from anywhere unleashing the true potential of the cloud while keeping the users and the data secure.
b. Very little to no visibility into the cloud
Since the cloud infrastructure is not locally managed, visibility into privileged user activity, data movement, legacy storage, infrastructure availability etc. become inevitable. A lot of insider risks emerge out of this weak visibility. Forcepoint’s CASB along with DLP solution allows enterprises to have a wide spectrum of visibility into privileged users, data life cycle into cloud applications. It’s more or less like a SOC for cloud applications.
The advantage of an integrated CASB and DLP is that we can then apply a protection layer on top of the visibility we have gained from the cloud. Forcepoint, with its CASB and DLP portfolio allows enterprises to seamlessly and securely adopt cloud to its full potential.
- What are the key facets Organisations should know about securing one’s data in cloud?
- That Visibility into data movement and storage is key
Once the data is stored into the cloud, the “who, where, how, when and why” of data sharing and movement becomes extremely important. If an enterprise can gain visibility and manage the movement of data without enforcing business restrictive controls. That’s the ideal state of using data on cloud.
- Integration with native and 3rd party security controls
Many cloud applications like O365, Box, Salesforce, Concur etc. provide APIs to enforce policies based on the risky activity detection by solutions like DLP, CASB etc. Also integration with data security solutions like IRM and classifications becomes key to classify and control movement of data.
- Compliance reporting
With PII regulations like GDPR coming into enforcement, it’s important to understand if the data stored, used and moved from and to the cloud infrastructure conform to a certain standards. Example: PCI mandates magnetic card information to be stored in an encrypted form.
- Recent reports stated that there is a massive cybersecurity talent gap. Hence it puts an alarm for new recruitment and retention strategies to help organizations contain cyber risks and build competitive advantage. How does Forcepoint look into this talent-pool lacuna moreover how do you reckon these vigorous changing businesses will overcome this critical tussle?
Cyber security is a rare skill, specifically around threat analysis and incident response. Most SOC analysts aim for higher paying jobs abroad once they acquire a specific level of skills.
The need hence for cyber security innovators like Forcepoint is to address this in three dimensions- Automate Educate and Operate.
Automate: Since the key cyber security skills gap is around threat analysis and incident response, Forcepoint, with its Analytics and orchestration layer ensures that enterprise threat is displayed in a risk prioritised manner. The Orchestration cuts down manual human intervention to remediate risk by providing a single click remediation functionality.
Educate: Forcepoint is collaborating with universities and the cyber security channel ecosystem to educate and train cyber security professionals to address the skills gap.
Operate: Forcepoint has a pretty mature professional services team as a part of the larger customer success organization to ensure our customers get the right value for the solutions they have bought.
5. How eminent can CDO and CTO amalgam to play a key role in the Cloud Security world?
The cyber-security landscape has shifted in recent years. Cyber-security as an issue now demands the attention of decision makers at the top of the business. Data security is now an important aspect of any business. While CTOs are well versed in managing the systems, a Chief Data Officer (CDO) is required to work with them to make sure businesses manage these large amounts of data in secured ways that benefit both businesses and their customers. Both CDO and CTO need to be jointly responsible for ensuring data security and privacy policies are in place and implemented.
In many ways, a combination of the CTO, and a CDO’s job is to constantly reshape a company’s structure and strategies to ensure that the company takes advantage of new technologies and data security.
- In India, the top three snags companies face is lack of visibility into their public cloud data which includes: troubleshooting application performance and network performance issues, application outages as well as in responding quickly to the security alerts and network outages. How is Forcepoint slashing down these bottlenecks?
Cloud apps allow organizations to reduce costs and elastically allocate resources—but they also introduce risks to security and compliance posture. The acceleration of cloud app adoption in the workplace, along with the proliferation of BYOD, has created a need to secure cloud-based, sanctioned apps like Office 365, Dropbox and Salesforce. Preventing data loss and enforcing granular access controls are justifiably top of mind for IT.
Organizations require visibility into cloud access before enforcing policies to eliminate or limit risk. That’s why it’s important to have a set of offline features to help you identify and assess your risk posture. Once you have investigated the threat landscape and created the required policies to address security risks, you can turn these offline features into inline solutions to actually enforce those policies. Forcepoint Cloud Access Security Broker provides visibility and control over both sanctioned and unsanctioned cloud apps. CASB provides visibility into dormant (i.e., inactive) accounts, orphaned accounts (e.g., ex-employees) and external accounts (e.g., contractors) that present a variety of security risks.
By providing more visibility to applications and data on the network regardless of location, Forcepoint is delivering innovation and value that enables security teams to focus on high-risk employee behaviours required to protect all users throughout the enterprise
7. How challenging is achieving transparency or visibility across hybrid or multi-cloud environment?
Over the years, IT organizations have developed expertise and best practices for data center controls, but now face a myriad of challenges when attempting to address the visibility and control blind spot presented by cloud apps. Many traditional risk management practices lack effectiveness in cloud scenarios. Risks that can be managed inside the data center—where the app and infrastructure are accessible by IT—can’t even be understood with cloud apps and services where the infrastructure is no longer under IT control.
- TRADITIONAL SECURITY CONTROLS DON’T COVER CLOUD APPS: While the combination of existing infrastructure and the right cloud security tools can be leveraged to help organizations discover cloud apps, they cannot provide the visibility and control required for a comprehensive solution.
- LACK OF VISIBILITY INTO WHO IS DOING WHAT: The lack of visibility into the risks and usage patterns of cloud apps is a major challenge for organizations. Cloud apps unknown to IT result in information assets that are uncontrolled and outside the governance, risk and compliance processes of an organization.
- PROLIFERATION OF MANAGED AND UNMANAGED ENDPOINTS: The BYOD phenomenon has resulted in several risks to an organization:
- Restricted cloud app access to a defined set of endpoints in which access policies are based on whether the endpoint is managed or unmanaged
- Organizations must prevent attackers from using stolen credentials to access cloud apps. It is important to note that cloud app providers do not distinguish between managed and unmanaged devices and don’t provide effective endpoint control capabilities.
- MALICIOUS INSIDERS: It can be difficult to guard against the malicious intent of authorized users since they are more likely to use approved devices and may have knowledge of thresholds for alerts and notifications.
- ATTACKERS MOVING TO THE CLOUD: The critical threats for organizations include outside attacks using one of several exploits to steal account credentials to commit fraud and steal sensitive data.
- Why modern organisations should invest in security technology such as user behaviour analytics (UBA)?
Frank Abegnale shared his experience of countering financial fraud that every investigation that he has been a part of, there was always, always an insider involved. This paradigm shift of perceiving cyber security threats only occurring from the outside is slowly sinking in. Let’s face it, no one can rob your house unless you leave a window open.
UEBA as a technology exactly addresses this concern of assessing user risk via analysing human behavioural patterns. It looks at a very wide spectrum of user behaviour ranging from things as simple and trivial as what time does a user take his/her coffee break to as important as a user logging in to the servers from a black listed country. Collection of behaviour data from multiple spectrums and sources provide the UEBA platform unprecedented visibility into intent by applying analytical patterns and rules and detecting the outliers amongst peers.
A technology like UEBA not only helps detect cyber breaches but also business process or financial frauds in an organization. That’s also a key difference that UEBA goes much beyond cyber risks to non IT related risks to an enterprise.
9. How eminent is cloud security for SMBs and new-entrant businesses and what you cater to these customers?
Cloud Security is a mandatory requirement for SMBs to run smoothly and efficiently, regardless of the sector they are in. Small businesses have a lot of digital assets compared to an individual user and more often they have less security than large companies. Small businesses may feel that they aren’t likely to be a target due to their size and that hackers couldn’t possibly be interested in what they do, but in reality the exact opposite is true. In an increasing phenomenon of cyber-attacks, SMBs are increasingly targeted because of their general lack of cyber defense. With cyber-crime on the increase, it is imperative that SMB’s are made aware of the security threats that they face every day. Most countries rely on SMB’s for more than half of their national GDP and this makes SMB’s an essential part of any economy. The importance of IT security within organizations of all sizes, including these SME’s, is very critical as a majority of these SME’s have suffered from a data hack, showing that security needs some serious attention.
Every year, companies invest more than the previous year and the industry as a whole suffers more than the previous year as the number of attacks has increased. This has become a pattern, so what we are doing in terms of positioning, in terms of our technology is to address a completely different angle. If you look at what has been constant right from the time cyber security started till now, is the people. Newer technologies have come, with its newer problems but the person involved has been constant, even though the technologies have changed. Forcepoint is looking at the entire cyber security through a prism, through a human- centric angle.
- Lastly, any key announcements Indian market shall wait from Forcepoint in FY 2018?
Forcepoint has already made some significant enhancements to its portfolio by acquiring a CASB and UEBA platform in 2017. We are now in the midst of delivering our Human Point System of integrated capabilities that offers precise data control and visibility into user identity, activity and intent across cloud deployments, applications and complex distributed networks to help organizations effectively secure users and IP in a digital world they don’t fully control.
Forcepoint’s Human Point System brings together best-in-class capabilities including Data Loss Prevention (DLP), User and Entity Behavior Analytics (UEBA), Cloud Access Security Broker (CASB), Web/Email Security and Network Security that can stand alone or integrate within an existing environment.