Cybercriminals are the modern-day Vikings. When they strike, they shake an organization’s confidence, damage the brand, and steal or destroy priceless sensitive data. Today, they have more ways to break in, plus there is the element of human error and the insider threats within the “borderless” walls.
One company that has stood up to fight these attackers as they continue to use the current crisis as a “mask” for phishing, ransomware, supply chain attacks and other malicious campaigns is Trend Micro. It has been at the forefront to thwart cyber-attacks and help enterprises fight this universal and faceless enemy.
Last month it opened a 6879 square foot office space Bandra Kurla Complex, Mumbai that boasts of a Center of Excellence (CoE) and an Executive Briefing Center with the aim to expand its cloud business in India and also strengthen its incident response and local support team.
Ashwani Mishra, Executive Editor, DynamicCIO.com sat down with Nilesh Jain, Vice President, Southeast Asia and India, Trend Micro and Vijendra Katiyar, Country Manager, India & SAARC, Trend Micro to discuss the company’s focus areas, role of DevSecOps, shared responsibility model in a multi-cloud world and how a Zero Trust model can make life difficult for attackers. Excerpts:
Q. Tech adoption, usage and delivery models have changed drastically over the last two years? How are you enabling these for your users, and what are changes that you have brought within the company?
Nilesh Jain: Absolutely. The way we deliver products has changed. We are upskilling and recruting people on the DevOps, Security Operations Centers (SOCs) and cloud areas.
OEMs like us are heavily involved in customer success journeys. This is right from customer first-hand experience to expansion of the customer footprint and everything that happens in between.
We have taken a lot of data localization initiatives. For example, we launched our first Cloud One regional data centre in India to uphold data sovereignty and safeguard data privacy. The data centre is aimed at helping enterprises securely adopt a software-as-a-service (SaaS)-based security framework. We also had launched a local managed XDR data centre service to secure data from multiple protection points such as email, server, cloud workloads, and network which is critical to find hidden threats.
Q. A fundamental goal of DevOps is to shorten software release cycles and bring software products to customers faster and with greater quality than ever. DevSecOps extends that goal to include security along with quality and speed. What according to you are some of the noticeable positive impacts of this change?
Nilesh Jain: DevSecOps has empowered product development and made it accessible to everyone. it is no longer limited to a R&D team or a development team. I think this has changed the dynamics of the entire industry.
We can now develop new products overnight, create new features, get feedback from our users and course correct if needed within few hours. This was not possible before. There is a lot of agility.
DevSecOps is based on the shared responsibility model. It means that security is everyone’s responsibility. A successful DevSecOps culture builds security in the DevOps processes and encourages collaboration amongst developers and security teams.
Security cannot be an afterthought. ‘Secure by design’ needs to become the core approach to avoid cyber chaos. Security needs to be built-in, and not bolted-on.
Q. We are in a multi-cloud era where organizations work with multiple cloud providers. Now each of these providers have their own version of “a shared responsibility model.” Who takes ownership in case of security incident? This lack of clarity – in terms of the responsibility of who owns what – can also bring with it a risk of misconfigurations, software vulnerabilities, human errors, etc. How does one address this concern?
Vijendra Katiyar: Most public cloud providers operate with a shared responsibility model. While the onus is on them to protect the infrastructure, it is up to enterprises to be responsible for securing their applications, data, operating systems, access management, and firewalls. Preventing misconfigurations then becomes the vital first step in ensuring security for assets on the cloud.
Q. Zero Trust cybersecurity approach is on the verge of gaining ground in 2022. How are you looking to help enterprises in this journey to deliver high quality protection without impacting the existing controls?
Nilesh Jain: Zero Trust is not a product feature or a destination. Simply put, it is a philosophy or a journey that can be used to improve overall security.
While Zero Trust isn’t a product that you can plug in and achieve optimal security, it can be leveraged to design solutions that provide risk insights by assessing, validating, and monitoring the health of endpoints, users, applications, and devices across your entire network.
Vijendra Katiyar: This is a very different approach, but it’s a very effective approach at making life more difficult for attackers. Attackers have more trouble moving laterally. They have more trouble successfully leveraging a dumped credential. This complements an XDR approach.
(Image Courtesy: www.cpomagazine.com)