Growing cloud consumption has created new blind spots: Oracle

Cloud has become a key business pre-requisite. The CISOs need to make sure that all teams take ownership and collective responsibility for securing organization’s mission-critical data across the board.

Vaibhav Gawde, Head, Solution Engineering, Oracle India, tells us more. Excerpts from an interview:

DQ: Are businesses moving to cloud increasingly finding security issues a top challenge?

Vaibhav Gawde: Organizations acknowledge that cloud has become a key business pre-requisite. However, there is still a lack of depth in the understanding of most organizations when it comes to cyber security responsibilities. Part of the reason is the lack of an ‘always on’ security mind-set. Plus, stringing together a bunch of piecemeal security solutions adds to the complexity.

In fact, the Oracle KPMG Cloud Threat Report 2020 offers a great perspective on organizations’ security maturity. While 75% of IT professionals tend to believe that the public cloud is more secure than their own datacenters, at the same time, 92% feel that their immaturity and lack of depth in understanding, when it comes their cloud security programs, is leading to creating a readiness gap.

DQ: What are some of the common causes for security lapses?

Vaibhav Gawde: One thing we have noticed is that a traditional approach to data security often leads to gaps in an organization’s overall cloud readiness. We have observed that, typically, when organizations do not nurture a top-down, security-first culture with the top management’s push, it has led to sub-optimal security postures leading to cases of data theft, and at times a reassessment of the quality of security offered by the cloud service provider.

A lack of understanding in some of the foundational elements of cloud, like in the case of the cloud security shared responsibility model, adds to the challenge. It is therefore, imperative for the CISOs to make sure that all teams take ownership and collective responsibility for securing the organization’s mission-critical data across the board.

Moreover, growing cloud consumption has created new blind spots as IT teams and cloud service providers work to understand and delineate their individual responsibilities in securing data, so arriving at a clear understanding of mutual responsibilities is vital.

DQ: Can you outline some of the steps that organizations can take to ensure that they are not just cloud-first but also cloud-secure?

Vaibhav Gawde: As simple as it may sound, it is critical for businesses to adopt a security-first culture within their organizations to help them improve readiness, assess risks in advance and reduce the number of security lapses.

A good sign we are seeing in the market now is the organizations are investing in hiring more cloud-experienced CISOs to help drive the overall security strategy. In fact, it has resulted in creation of a new role in many organizations.

As per the findings of the KPMG Cloud Threat Report 2020, 53% organizations that were surveyed cited that they are investing in a Business Information Security Officer (BISO) role to help bridge the divide between the CISO and each of the lines of business. This is a great step, very much in the right direction to help improve overall security posture of organizations.

DQ: How is Oracle innovating to strengthen cloud security services to make it easier for customers?

Vaibhav Gawde: Oracle has been securely managing the bulk of the world’s data for more than four decades. Security is ingrained in everything we do, so much so that it has been our top priority, while designing all our products and services. As a result, our second-generation cloud infrastructure is the most secure cloud platform in the market today.

In addition, our flagship innovation, the Oracle Autonomous Database, which is the world’s first self-securing, self-repairing and self-driving database, allows the organizations to bid goodbye to complex, routine database management, such as database tuning, applying security patches/updates etc and instead empower customer IT teams to focus more on higher value tasks that can unlock more value for the business.

Two of our most recent cloud security innovations are Oracle Maximum Security Zones and Oracle Cloud Guard. These pre-built tools will automate threat response, reducing customers’ cloud security risk quickly as well as efficiently - at no additional costs.

By making available Oracle Maximum Security Zones, we are the first public cloud provider to activate security policy enforcement of best practices by default, i.e. automatically from day one, helping customers prevent misconfiguration errors and deploy workloads securely.

For the routine, daily operations, Oracle Cloud Guard continuously monitors configurations and activities in order to identify threats and automatically acts to remediate them across all our global cloud regions. In summary, we are the only cloud service provider to offer a robust cloud security posture management dashboard, at no additional costs, along with numerous pre-built tools that automate response to reduce customer risk faster and in a more efficient way.

We will continue to innovate and bring to market advanced cloud security solutions to help our customers strengthen their security posture on an ongoing basis.