The cloud is changing, and not just mildly. As enterprises increasingly adopt hybrid cloud, multicloud and edge technologies, the ways in which to secure data within all these infrastructures are becoming increasingly intricate.
Problems with securing data and other critical assets within the cloud have subsequently increased as organizations refactor their strategies to accommodate in-demand technologies like AWS S3.
“The big thing that we’re seeing is that customers are blind to the fact that the data itself must also be protected and looked at,” said Ed Casmer (pictured, left), founder and chief executive officer of Cloud Storage Security. “And, eventually, we find these customers who do come to the realization that it needs to happen. And so, really, the blind spot is the fact that we find most customers not looking at whether that data is safe to use.”
Casmer and James Johnson (pictured, right), associate vice president of research and development at iPipeline Inc., spoke with theCUBE industry analyst John Furrier at the “Cybersecurity — Detect and Protect Against Threats” event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the areas organizations must begin to pay attention to as they run large swathes of cross-infrastructure, cloud-based data. (* Disclosure below.)
Customer examples further explain real-world applicability
iPipeline, a leading purveyor of cloud-based software for the insurance and financial services industry, is also one of CSS’s customers. The company is in the process of fleshing out its digital ecosystem in the cloud, away from the traditional data center implementation. In doing so, iPipeline has had to rethink its approach to file storage and vulnerability scanning, according to Johnson.
“It was really necessary for us to identify a solution that both solved for these vulnerability scanning needs, as well as enabled us to leverage the capabilities that we get with other aspects of our move to the cloud — things like being able to automatically scale based and need,” he said.
Speed and scale were the main drivers for iPipeline’s decision to move to CSS, according to Johnson. As the company’s infrastructure requirements increased, it began to feel like it needed a cloud-native solution that could perform dynamic security scans without worrying about manually spinning up new engine instances.
“Being able to scan dynamically and also being able to move that out of the application layer is crucial for us, basically doing it all behind the scenes,” Johnson stated. “We are now able to scan with the file saved in S3, allowing us to release the file once it’s been deemed safe, rather than blocking the user while they wait for that scan to take place.”
Security for real-world data safety, not just compliance
With solutions providers that bear custody of corporate data at any level, there’s always the question of compliance and auditing. They are answerable to two tangentially different stakeholders: their customers and the regulatory bodies.
“Traditionally, we’ve looked at that compliance requirement as endpoint data and the data that you see in your on-premise world,” Casmer explained. “It doesn’t translate as directly to cloud data, but it’s certainly applicable. And if you want to achieve SOC 2 or you want to achieve some of these other pieces, you have to be scanning your data as well.”
A solution like iPipeline’s will inevitably have to ingest data from a vast multitude of sources. And the onus is on the company to ensure the data from all these disparate sources are risk-free, according to Johnson.
“As we ingest that data, there’s minimal impact to each one of those integrations, because everything comes into the S3 bucket and is scanned before it is available for consumption or distribution,” he explained. “This allows us to ensure that no matter where that data is coming from, we are able to verify that it is safe before we allow it into our systems or allow it to continue on to another third party, such as a customer.”
Security solutions for cloud data have been available for a while. However, the reason why the enterprise keeps falling prey to malicious actors is that the floor keeps shifting beneath companies as malicious actors change approaches, according to Casmer.
“It is a moving target,” he said. “As new technology becomes available, that opens additional attack vectors. The challenge is keeping up with the changing world, including keeping up with the new ways that people are finding to exploit vulnerabilities.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the “Cybersecurity — Detect and Protect Against Threats” event:
(* Disclosure: Cloud Storage Security sponsored this segment of theCUBE. Neither Cloud Storage Security nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)