Act on preventive measures at the earliest to reduce exposure to cyberattacks, say experts

Enterprises are transforming to accommodate the hybrid workforce, data center cloud migration, and SOC automation. Besides, the adoption of a hybrid cloud has spurred a growing demand for consumption-based IT, where the cloud consumption models are making their way into on-premises data centers, creating opportunities for channel partners. While resorting to the various modes of cloud consumption, enterprises are being habituated with cloud security as a practice.

Responding to this, several security vendors have begun to recommend Zero Trust for the cloud as an approach to cybersecurity that simplifies risk management to a single-use case. Irrespective of the situation, user, user location, and access method, the security becomes one single use case with the most extreme cybersecurity checks, owing to Zero Trust.

Cyber threats are making their presence felt everywhere, and legacy security is no match for them. Thus, the future is zero trust with zero expectations. To explore the future of this, YourStory along with AWS and Palo Alto Networks, recently organised a roundtable discussion that was a part of the three-event meetup series titled ‘Security Conclave: Transforming Cloud Security with Zero Trust.

The conversation in Mumbai featured Yashoraj Tyagiat, Chief Technology Officer and Chief Business Officer, CASHe; Ashish Mehta, President, Group IT at AGS Transact Technologies; Ravindra Ved, Security Solution Architect, AWS; and Huzefa Motiwala Director, Systems Engineering, India & SAARC.

The counterpart event in Bengaluru featured Ashish Tewari, Head of Engineering at Niyo Global; Navaneethan M, Chief Information Security Officer at Groww, and Senior Vice President & Chief Information Security Officer at PayU; Aditya Veer Singh, the founding member and head of engineering at WeRize; Vikas Purohit, Partner Solution Architect at Amazon Internet Services Pvt Ltd; and Suvin Mullaseril, Manager of Systems Engineering at Palo Alto Networks, South India and Sri Lanka.

Security in times of cyber threats

In a post-pandemic era when digtalisation has scaled up, what would be the amount of emphasis placed on cybersecurity practices for businesses? Here, Yashoraj felt that cybersecurity is sacrosanct, especially in the fintech domain. “For the last six years, we have been dealing with millions of data points that classify strongly as PII or personally identifiable information. I would like to describe this as the bread and butter of my business as every transaction resonates to PII,” he said.

Risk, vulnerability, and threat, in the context of security, is commonplace. “Threats arise from vulnerability while targeting your assets. Interestingly, the attacker can opt for hundred attempts, but one wrong move of carelessness would spoil the entire game. Of course, it’s an unfair game, and yes, it’s tough,” added Huzefa.

Ashish also envisioned the implementation of some of the best practices of security for the betterment of data center infrastructure. “The organisation needs to have a defensive technology to ensure that right from perimeter to the endpoint, the structure should have complete protection from the third parties. Second is the technology of defensive mechanisms, where you need to be convinced that even after adopting a very high defensive mechanism, vulnerabilities and threats still exist. Finally, how soon we can respond in mitigating the damages that have been already caused by the threats,” he explained.

Cybersecurity is a shared responsibility

Navaneethan feels that questioning the importance of cybersecurity is nearly equivalent to asking why the heart is important for the human body. Cybersecurity supports the growth path of an organisation, thus, needs to be nurtured, maintained, and taken care of.

Here, Niyo Global’s Ashish added that cybersecurity has played a crucial role in protecting the digital assets of the company, especially in the post-pandemic paradigm. But, that also leads to threats, risks, and vulnerabilities. Suvin replied, “Threats and vulnerabilities have become a way of life, especially in the cloud scenario. Thus, we need to understand the risk and then comprehend ways of mitigating it.”

Thus, implementing the zero trust model is the best option for empowering cyber security while simplifying risk management. Vikas added, “Zero trust should be more than a concept, thereby not making security a hindrance.”

So, while we are discussing cybersecurity threats, Ashish Tiwari felt that creating third-party apps is a major loophole that organisations create while doing e-commerce applications. “Thus, a system update is the required option here whenever you see it coming,” he noted.

Besides, Suvin also added that prevention is always better than cure, and security is continuous vigilance, thus organisations need to be proactive in terms of monitoring.

So, while we had dealt with organisations, what would be the points to remember while launching an app, adhering to the measures of cyber security? Here, Aditya had a befitting reply about making security aspects a part of your organisations’ culture. “The surface standpoint security measures should be comprehensive enough for adapting them,” he added.

Ashish Tiwari spoke of never sharing the data or compromising it, while Navaneethan would rather prefer perceiving the 360-degree approach with a holistic measure. Suvin suggested acting on preventive measures at the earliest by consulting with the DevOps team, both Vikas and Aditya felt that having the right amount of visibility in the infrastructure while making security aspects a part of our culture is the best option.