This article is part of OpsCompass' State of Cloud Security 2021 Series which interviews a diverse mix of cloud security experts, design-makers, and practitioners with a goal of better understanding their perspectives on the current state of and future of cloud security.
The following is an interview OpsCompass CTO, John Grange recently had with Jen Ayers, Chief Operating Officer at DNSFilter, and former VP of Security Response at CrowdStrike.
JG: What is the state of cloud security today?
JA: With the transition from bare metal to cloud-based security, many people thought that the onus of keeping systems and businesses secure would transition to the purview of software and cloud-service vendors. However, the opposite has actually become true. With more integrated systems you have more potential entry points for threats, and so the stakes for internal security and IT professionals are actually higher.
This, along with the adoption of remote work means that a layered security stack is more essential than ever. You want every possible tool at your disposal to block threats and keep your business safe. An old school approach to network security just doesn’t cut it.
JG: What are the most common challenges organizations face when it comes to cloud security today?
JA: We’ve moved the internet, especially over the last year, to different levels than what it had ever been in the past. And the downside is, despite the warnings, despite the advice, despite the tools and the regulations that have been put in place, we continue to press forward into this boundary-less space without protection. And I think it’s really good that the real threats are starting to come to light and get media visibility, though.
JG: What lessons can be learned from the biggest cloud-related breaches of 2020?
JA: A lot of breaches come through really sophisticated threat vectors and machine learning and DDoS attacks. But some of the largest breaches in 2020 and early 2021 were just brute force attacks that were made easy by really weak passwords. So a big lesson is: never give up on the fundamentals.
JG: What are 3-5 pieces of advice for organizations looking to improve their cloud security in 2021?
JA: Invest in security. Security should be another department within your organization, just like sales, marketing, or development.
JG: What’s the future of cloud security?
JA: I think zero trust is really exciting and probably the biggest buzzword for the next couple of years. It really is the best methodology to address a parameterless environment and I think the fundamentals of zero trust dovetail nicely with the type of security culture that businesses will need to adopt to stay secure in 2021 and beyond.