In an interview with ETCISO, Akshay Aggarwal, Director, Solution Specialist, Oracle India discusses the security challenges that CISOs face while managing the hybrid IT environment. Further, he talks about how security professionals can manage the fraud and risk management across the systems.What next-gen security model you would suggest organizations?
Organizations are transitioning from on-premise to cloud world.
As Gartner says, by 2020, 50% of the critical workload will move on the cloud, hence the organisations need to as ensure that the existing system gives a hybrid visibility of on-premises and cloud assets. Secondly, organizations need a system based on AI, machine learning which can actually detect next-gen threats; and the data hunters should be able to analyze that data using these algorithms and able to provide the much more predictive environment.
Moreover, the cloud is just the blessing to the emerging technologies like AI, ML, etc; because for these technologies lot of computing and data points are required.
On one side the enterprises cannot ignore the cloud as it provides that innovation and digital agility, but when it comes to assisting these technologies, they rely on their manpower. The security industry is facing a major shortage of skilled professionals. Organisations cannot have enough people to take care of the emerging security challenges; therefore, they need a system that is completely running outside the data center and no monitoring is required.
What are the potential threats?
According to the recent Horizon’s data breach investigation report, outsiders contribute to 73% of breaches and insiders are responsible for rest 28%. Internal factors are the most important area where enterprises have good control, and 76% of these breaches have financial motives behind.
Hackers siphon-off the money from banks, healthcare, telcos, etc; but the real victims are the small business, 58% of SMBs are getting impacted by these cyber crimes.
Firstly, having Identity Access Management is mandatory which helps in tracing the accuse and privileged access management. Oracle has introduced an Identity SOC, which has a secret incident and event management system with the ability to perform remediation actions in real time.
How can CISOs manage the fraud and risk management across the systems?
CISOs need to have a very clear cut security strategy which is adaptive in nature and keep on applying new security systems. And continuously assisting the risk and putting security controls as per the changing the technology.
Hence, having a system which provides complete visibility is important, but also those systems should be able to predict, analyze, detect and take remediation actions.
Lately, Oracle has come up with Autonomous, which is about system able to take care of itself on its own. Otherwise, organisations put huge workforce just to manage the systems, 80% of these workforces will not be required, with technologies like self-repairing, controlling and updating systems and are available all the time.
Having configuration and compliance solution is extremely important because it informs the exact security posture of the organisation and helps in decision making to keep on filling those gaps.
It is always good to have data activities being closely monitored and providing the privileged access control for the database users. Having Cloud security in parallel to the existing security measures is extremely important as organisation adopts more and more systems in the cloud. Newer technologies like CASB – Cloud Access Security Broker are available to exactly track the activities happening in the cloud environment.