Cybernews interview: “Managed cloud services allow an organization to quickly secure its workloads”
Migrating the company workload to the cloud is a disruptive move. While it requires educating the whole organisation and adapting many daily activities to use the Cloud in the most efficient way, cloud solutions are becoming the new normal.
It is rather difficult to face new challenges whether they are bringing us good or bad. The cybersecurity sector is no different, perhaps, the challenges demand even more accountability and knowledge.
While antivirus software or VPN providers offer a decent layer of protection, large enterprises require more complex cybersecurity tools. Especially, when the organization’s data is on the line.
To find out what steps companies need to take toward protecting its large amounts of data, Cybernews has reached out to Christine Grassi – Senior Security Consultant from Devoteam Revolve.
Can you tell us a little bit about what you do? What are the main challenges you help navigate?
I am a senior security consultant specializing in support for AWS platforms. I am also the referent for Devoteam Revolve’s AWS security offer.
In this role, I help clients audit their environments, and identify the best technical and functional solutions to implement measures to protect their components or bring them into compliance with legal and regulatory requirements. I also help with security awareness and training activities.
Additionally, I provide support to Devoteam Revolve’s internal teams with pre-sales activities, recruiting new security employees, and leading the internal security community. I also contribute to the reflections on the cloud market via articles, podcasts, or by participating in conferences.
How do you think the recent global events influenced the way people perceive cybersecurity?
Over the past two years, there has been a massive increase in teleworking due to the covid crisis, and even more massive use of personal tools to access business environments or host business data. There has also been an increase in, and a greater focus on, ransomware attacks. I think through all of this, people are becoming more aware that cyber can be a weapon for a state or a group of malicious individuals to disrupt an economy or a competitor. It’s not just a « cinematic reality » anymore! But I note that there is still a long way to go to raise awareness that all this requires everyone to do their part to put in place protective and reactive solutions. I was recently reading the results of a survey which showed that people wanted to be « rewarded » every time they implemented a good security measure. But the « reward » is precisely the fact that they can continue to work under the best conditions.
Fortunately, I have also noticed daily with my clients that the security teams are increasingly involved in projects and cloud teams at an early stage, to take into account these specific requirements.
In France, the new threats have also given even more weight to the debate on the trusted cloud and the emergence of a whole series of offers to meet both regulatory requirements and the specific needs of public and private sector players.
With so many cloud solutions on the market, choosing the right one for your organization can be intimidating. Which services are better suited for small businesses and which types are recommended for big enterprises?
I believe in using managed services offered directly by cloud providers first, for several reasons. Firstly, because these services are interoperable with other services, they can be easily automated and they are sometimes offered at very low cost (some are even free). This initial grasp of security via managed services allows an organization to quickly secure its workloads from the very first experiments. It also allows an organization to understand precisely what its cloud security needs are and, above all, what the technical and organizational specificities of its ecosystem are. To outsource well, you must first know your stuff! Once organizations have learned their first lessons, it will be all the easier for them to identify their criteria for selecting third-party solutions.
These criteria may include cost, ease of use, the ability to develop specific functionalities, the ability to operate in a multi-cloud environment, the creation of a partnership relationship with the supplier, product knowledge by technical integrators, the presence of local sales representatives, etc.
What would you consider the main problems that companies run into on their digital transformation journey?
Most companies don’t fully anticipate the organizational change brought about by the Cloud. Moving to Cloud is a choice that impacts the entire company beyond the technical aspects. The Cloud raises learning and organizational issues, and to meet their companies have to create a new learning model and break down silos. Management often has difficulty projecting themselves into an organization that is different from the one they have known for years. It is our role to provide this transformation support because large-scale migration programs impact the entire company.
Which threats do you think can become a prominent problem in the next few years?
I think we will see an increase in software supply chain attacks. I read recently that these attacks have increased by 650% by 2021, and 66% are exploiting unknown vulnerabilities.
Similarly, I believe that ransomware attacks will continue to dominate the cyber landscape, whether they target the software supply chain or not.
In any case, in a context of highly interconnected and interdependent companies, we can expect attacks with a powerful domino effect, where a vulnerable supplier or partner puts at risk all the actors with whom it operates, including individuals. As such, the education sector was the most targeted in 2021, with a 75% increase in attacks compared to 2020, and these attacks impacted both students, teachers, and administrative staff. The healthcare sector should not be forgotten either. For example, there was a ransomware attack on the healthcare system in Newfoundland and Labrador, Canada, which rendered systems inoperable for over a week and forced the rescheduling of thousands of medical appointments.
I also think we will see more cyber threats in the IoT world. Already in 2016, the Mirai botnet was making itself known, via massive attacks on consumer IoT devices. There are currently a massive number of IoT devices configured by default, which makes them very vulnerable to this type of attack. We may have to suffer several more major attacks before we see the emergence of awareness in companies (in particular industrial information systems) and the general public of the security measures to be taken to protect themselves.
In your opinion, what cybersecurity practices will become crucial in combating these new threats?
Security teams must learn even more to work collaboratively. They operate in a world where responsibility for building and operating information systems is increasingly decentralized. Both organizational and technical decision-making and the implementation of measures must therefore also be decentralized, in consultation with all the players involved.
I think it will also be important to automate the monitoring, detection, pre-analysis, and alert chains as much as possible. The security teams will not be able to grow exponentially. The least ‘intelligent’ part of the security action must therefore be automated as much as possible, to gain in speed, cost, and also efficiency/standardisation. The teams must be called upon where they have a real added value, i.e. in the final analysis of the results, the implementation of reaction measures, and the a posteriori adaptation of protective measures. We could also assess the extent to which remediation can be automated. But for the moment I think that the level of control of the environment is not high enough and that the remedy may turn out to be worse, or at least as dangerous, as the solution!
Finally, we must keep an eye on the appearance of the market of solutions that promote the « mobility » of security and the pooling of discoveries from all security devices. This is what is advocated by the « CSMA » (cybersecurity mesh architecture approach). In my opinion, the technologies that can contribute to this are not yet all mature. But this situation will only improve in time!
Would you like to share what’s next for Devoteam Revolve?
From a security perspective, we continue to develop our service offerings, including security gamedays and our automated security audit offering. The aim is to help customers increase their security visibility and expertise in their cloud environment.
We are also in the process of making our sovereign encryption solution « Sovereign Keys » open source. This solution aims to meet the challenges associated with the Cloud Act and the desire of organizations to have maximum control over the protection of their data.
We are also working internally to develop the AWS security expertise of the other European entities of the Devoteam Group.