Fabio Douek, Singlepoint’s Lead Cloud Architect was featured in this month’s TechPro Decisions – Security.

Artificial intelligence and machine learning are hot topics in security for enterprise right now, but not necessarily where one might expect. Paul Hearns examines the latest research.

Security – it is a constant problem for today’s enterprise. We are told that we need to be vigilant against advanced persistent threats (APT), zero-day exploits, cyber espionage, hackers, hacktivists and artificial intelligence-enhanced attacks, and yet it is clear that most organisations, including here in Ireland, are still failing on the basics of updating, patching, identity and access management and network segmentation.

But before diving into the thornier issues, it is worth taking a look at the real world to see how we fair, and the annual Verizon Data Breach Investigations Report (2018) is always a good place to start. For the 2018 report, 53,308 security incidents were investigated, covering 2,216 data breaches, across 65 countries, with 67 contributors, and the results are, as always, sobering reading.

The limits of traditional security

“The adoption of security products has changed significantly in recent times. The product selection process used to be focused on the traditional, large security players. Typically, those vendors were providing a product suite covering multiple layers of the infrastructure. This is no longer the case.

With the advent of cloud native applications, multi-cloud and hybrid cloud architectures, which is evolving rapidly, it seems that the traditional IT security vendors were not able to innovate at the same pace.

We have seen organisations adopting serverless functions and container-based solutions, such as AWS ECS and Kubernetes. Even though the development team has done an excellent job, the project was being blocked whenever the application had to be promoted to the production environment. The traditional security tools, to protect the operating system and the network, just do not work with these modern technologies.

When we are dealing with container-based applications, for example, there are very specific controls that need to be put in place for detecting vulnerabilities in the container image, detect unapproved changes and provide container level application firewall.

When leveraging serverless function, for example, we do not have control nor visibility of the underlying infrastructure. Therefore, the security controls need to be defined at a different level, mostly as part of the build process in the CI/CD pipelines, in order to ensure that configuration and permissions are being hardened. The key to selecting the security toolset is to ensure that it will be a good fit for your current and future workloads.”

TechPro Reporters

If you would like to speak with Fabio or one of his team, please contact  info@singlepoint.ie