Organisations across the Middle East are increasingly adopting cloud applications and platforms. Given the remote nature of modern workforces, it’s important they do not overlook security. Arie de Groot, Senior Director Middle East at Netskope, tells us why organisations should be prioritising cloud security and how Netskope is helping its customers to achieve this.
Recent research published by Netskope in the 2021 Cloud & Threat Report revealed that 61% of all malware was delivered via a cloud app – that’s up 48% year over year.
What would be your message to organisations on building security into their Digital Transformation strategies?
When it comes to building an information security strategy, it’s all about the move to the cloud. Organisations need to be aware that their existing security tools and infrastructures are blind to the new languages of the cloud.
The old-fashioned model that organisations used to have – where you protect your datacentre and then backhaul traffic from mobile or home users to the datacentre and block or allow users to access a certain static website – no longer works.
Why? Users are no longer full-time in the office . As an organisation, you need to cooperate with customers, partners and contractors and simply saying that certain websites are allowed while the rest are blocked no longer works. Employees now use their own devices for corporate purposes and need access to numerous cloud applications so something needs to change.
Similarly, the old model of using a VPN is no longer scalable or adequate. So, when we talk about strategy, organisations need to look at two things: 1) security and 2) speed of security. If security tools are slow, or slow down users, people will try to bypass it.
The other question is around data – where is your data, what intellectual property are you trying to protect, what data are your users accessing and sharing, which devices are they using, when and where are they dialling in from?
There are also thousands of cloud applications that people use on a daily basis – not just the common and well known apps – and you need to control the data that’s in those applications.
How can organisations bolster their defences, given the continued and growing use of cloud technology?
Organisations need to adopt a security platform that runs on a secure infrastructure of worldwide data centres and which doesn’t just cover security, but also speed.
As a cloud security provider you need to ensure your infrastructure is always close to where the users are. Because if security slows down traffic, it doesn’t serve its purpose.
Milliseconds count. If users spend 5, 10, 15 or 60 seconds waiting to download a document or use an application, the waiting time is too long and it’s unacceptable.
Speed is of the essence, so an organisation would need to adopt a security platform that is quick and speaks the new languages of the cloud. They need to secure cloud traffic and data in real time and know who is using what application, how, when, where and from what device, and they need to be able to build security policies around this.
Why is it important that the organisations prioritise this, especially with employees being split now across both office and home environments?
The move to the cloud has created blind spots for organisations. You have to be able to secure those tens of thousands of applications out there and you need to secure it in real time. That is why there’s an urgent need for companies to do something, to solve this blind spot.
What would you say is the impact to users of implementing Netskope’s cloud security?
If I’m an employee I just want to use whatever device I have, wherever I am, to do my work. Using Netskope positively impacts ease and speed. So, an employee will be able to use whatever device they want, wherever they are and it will be as if they are in the office. That’s what we are trying to achieve.
Who should be responsible within organisations for implementing cloud security?
Ultimately the CEO is responsible. It’s no longer sufficient, should an organisation experience a breach, data loss or ransomware attack, for a CEO to say their IT lead ‘got it wrong’.
That doesn’t work because perhaps the CEO didn’t allocate enough budget to the IT team, or maybe they were using old fashioned tools. CEOs are ultimately responsible and should care.
The role of the CIO is also very important because, as I mentioned, there are two integral components to a cloud security strategy – 1) the security itself and 2) speed. That covers the work of the Chief Information Security Officer or the security people, but also the infrastructure and network teams.
We see that, with the adoption of new strategies and applications and tools for the cloud, cloud security often falls between the cracks. So, the CISO will say it’s an issue for the infrastructure team, the infrastructure team says it’s an issue for the security team and the CEO will revert back to their ‘IT guy’, because they don’t understand what’s going on.
The CIO is crucial to bridge this gap and has to implement strategies where the CISO and infrastructure teams work together, cooperate and give budget to adopt modern technologies.
In addition, companies increasingly have compliance officers – but how can a compliance officer do its work when he or she doesn’t know where the data is stored?
If you have no grip on what’s going on how can you do your job as a compliance officer? They need to be given the infrastructure and the tools that they need to do their work.
Do organisations need to migrate all security to the cloud?
They don’t have to migrate all their infrastructure to the cloud – some organisations will always have a hybrid structure where some applications are hosted in the datacentres and others in the cloud.
We recommend our customers to start small, using cloud security to secure some applications and take it from there.
We offer cloud security which integrates with your existing tools and applications. And gradually, you can migrate to the cloud, without ever having to migrate everything to the cloud.
Can you tell us how Netskope is working with customers to solve their security challenges?
We run what I think we can say is the fastest security network in the world. We have global datacentres and we’re always close to where the user is.
We work through partners which is very relevant to how we go to market because the partners know the customers and their requirements.
We work with small and large partners, managed security service providers, traditional security resellers and consultants because it is about building an ongoing relationship with partners.
It’s about trusting each other, working together and cooperating to make sure that a customer’s environment is always secure.
What does the year ahead look like for Netskope in the region?
The year ahead is going to be very busy, especially in the Middle East. We’ve seen enormous adoption of clouds and cloud security, following what has already happened in the US, UK and Europe.
Adoption is happening extremely fast and organisations are increasingly aware they need to do something. This has been accelerated by COVID-19 as organisations have more employees working from home. It might never be exactly as it was before.
We have data centres in the Middle East and are compliant with local legislation. We’ve made a large investment in the region and are continuing to expand our team.
Click below to share this article