The Spotlight Series on Cyber Security is our new feature by resident expert, James Holton, Trustmarque’s Cyber Security Sales Lead. In this series, James will share the latest trends, insights and his personal reflections and advice on issues affecting the security landscape in 2020.
For his inaugural post, James discusses the era of GEN II Security as more and more companies look to protect their assets as they move from on-premises infrastructures and applications to the cloud.
What do we mean by GEN II security?
Many of the earlier adopters of public cloud took a lift and shift approach to migration. This means that the traditional security applications that we saw in the on-premise world have often found their way to public cloud environments. Because controls have been applied that were not designed with cloud in mind, there have been numerous breaches. This is partly because the challenge of securing the cloud wasn’t yet mature, but also because the tools to do it properly didn’t exist.
It is fair to say that attackers have been thriving in the past few years. Wherever there is uncertainty and complexity, attackers flourish. And that is certainly true in the cloud. Over the last 18 months, we have seen a vast array of both new attacks and new breaches.
Some attacks are born from attacker ingenuity – think Tesla’s, Aviva and Gemalto’s Amazon account getting cryptojacked. Some are born from companies struggling to successfully implement new ways of working and modernise their software development process securely, like Heartbleed. And others breaches are born from a combination of the two. For example, the all too common AWS storage misconfigurations like Lion Air.
We are now reaching a point where we are seeing security applications that are born in the cloud. But don’t let the “marketing jargon” fool you. The reason these exist is to address the quickly evolving but specific cloud security risks that we face.
I want to talk about a few examples that we’re seeing and why I believe they’re worth consideration. In true security language, all three are acronyms – don’t shoot the messenger.
As a final note, it’s predicated that these technologies alongside FireWall as a Service (FWAAS), Cloud Access Security Brokers (CASB) and your Web Gateway will like a security optimix, prime into a single offering over the next five years. It therefore makes sense to look at vendors that have a breadth of coverage through all of these areas.
At Trustmarque we are committed to making security simple. We work with respected vendors across the security landscape to find the right solutions for your organisation. If you want to talk to us about any of the points in this blog or to discuss your Cyber Security needs you can contact myself and the team via firstname.lastname@example.org
About James Holton
James Holton joined Trustmarque in April 2019 after transferring across from the Capita Cyber Security Team. He is worked in the IT sector for around 13 years and has specialised in security for the last six years of his career. In his current role at Trustmarque he leads all Cyber Security customer activity, working with customers in both the public and private sectors. He is passionate about providing customer-centric solutions, applying a vendor agnostic approach.
He is originally from New Zealand and now lives near London with his wife and two children.