As organisations turn digital and more sophisticated, breaches have also grown exponentially, both in terms of numbers and the extent of damage that they do to businesses and their reputation.
Increasingly, the cloud is becoming the sole route to market for new application deployment in many companies. It affords greater agility and scalability, higher performance, and faster access to innovative technologies, all of which help a business gain a competitive edge. “We are focusing on cloud security as the key growth driver,” Anil Bhasin, regional vice-president, India & Saarc, Palo Alto Networks, tells Sudhir Chowdhary in a recent interview. Excerpts:
How is the security landscape transforming?
As organisations turn digital and more sophisticated, breaches have also grown exponentially, both in terms of numbers and the extent of damage that they do to businesses and their reputation. Therefore cybersecurity is no longer a tactical necessity but an existential issue which is being increasingly discussed in boardrooms.
If one were to look at attacks like NotPetya, WannaCry and even Bad Rabbit, the main objective was to cause damage at multiple levels. Today, cybercriminals send out malicious codes which lure you to open an attachment. Once you open the attachment, they hold you to ransom by asking for an exorbitant sum in Bitcoin. Companies need to secure themselves from such cyberattacks by thinking ahead of cybercriminals.
What is Palo Alto Networks’ strategy towards securing data on cloud?
Increasingly, the cloud has become the sole route to market for new application deployment in many organisations. It affords greater agility and scalability, higher performance, and faster access to innovative technologies, all of which help a business gain a competitive edge. As a result, data and applications now reside in a multitude of cloud environments, including private and public clouds, spanning infrastructure, platform and software as a service—IaaS, PaaS and SaaS, respectively.
This year, we are focusing on cloud security as the key growth driver. We acquired RedLock in October 2018, a public cloud security analytics company, which allows us to offer the most comprehensive security for multi-cloud environments, including Amazon Web Services, Google Cloud Platform and Microsoft Azure. We enable security teams to respond faster to the most critical threats by automating, real-time remediation and reports that highlight an organisation’s cloud risks.
In case there is a data breach, what must organisations do?
There are severe ramifications of data breach. The first priority should be the customer—it’s important to be transparent with customers and tell them the story first: what happened, what you’re doing about it, what your specific risks are. The company’s reputation is at risk, too. A possible benchmark could be: Can your department tell the CEO within 30 minutes of detection of a breach how it happened, which data was impacted, how it was stopped and if forensic evidence is safeguarded?
In case of a breach, security teams or anlaysts first need to understand what exactly happened by combining network, cloud and endpoint data with threat intelligence. Advanced analytical and forensic tools are then used to interpret data across different data sources, to develop a plan to be able to respond faster and more efficiently to successful attacks, and to communicate effectively with the board about the impact and counter measures.
What are the challenges faced by companies are gearing up to migrate to cloud?
Organisations tend to feel that when it comes to your data sitting on cloud, they have less control as opposed to having physical infrastructure that we can see and touch and that gives a sense of security. The challenge for these organisations today is consistency, visibility, control of how their IT people are putting information in the cloud and what the compliance parameters are.
Cloud has three nuances—IaaS, PaaS and SaaS. At Palo Alto Networks, we are trying to address all three with consistency. So for us it doesn’t matter if you are using IaaS, PaaS or SaaS. This is where we are trying to simplify.
Palo Alto Networks also encourages various functions in an organisation to talk to each other and ensure that they are on the same page but there has to be an aggregation point, whether it is at the board level or collaboration between the CIO and the CISO.
What is your go-to-market strategy for India?
India is a huge market for us. We are looking at addressing the cybersecurity market opportunity by solving the problems which organisations face these days. We carry out security lifecycle reviews which examine an organisation’s network traffic and then generate a comprehensive report unique to that particular organisation. We have seen customers becoming increasingly comfortable with mission-critical, cybersecurity SaaS offerings. As consumption habits change, our partners will have a major role to play in the adoption of managed security services.
Channels will remain critical for us in terms of market coverage. We align with partners with a local presence through a two-tier model. The optimised channel strategy includes the entire pool of distributors, systems integrators, service providers and small resellers. But both endpoint and cloud will be the main run rate business.