Key Takeaways
Cloud Security Challenges
- Asymmetry in security - mountain of alerts and false positives, talent and skill shortage, growing complexity of security stack and applications
- Increased cloud breaches due to adoption and sophisticated threat actors
- Disconnected cloud security tools leading to inefficient investigation and response
Approach to Improve Cloud Security
-
Evidence-based Proactive Health
- Validated exploit paths to prioritize and communicate risks
- Offensive security engine to dynamically test vulnerabilities
- Communication of "so what" impact to bridge security and engineering teams
-
Autonomous Reactive Security
- AI-powered detection and response at machine speed
- Supervised and unsupervised ML for pre-execution and runtime protection
- Conversational interface (Purple AI) to simplify investigation and response
Bridging Security and DevOps
- Integrating security tooling and workflow with DevOps processes
- Shifting security left by automating security checks in CI/CD
- Improving communication and collaboration between security and engineering teams
- Leveraging security learnings to proactively fix issues in the pipeline
Conclusion
The key to improving cloud security is to achieve a balance between evidence-based proactive health and autonomous reactive security, while also bridging the gap between security and DevOps teams. This approach helps to reduce the asymmetry in cloud security, accelerate investigation and response, and build better working relationships across the organization.