SafetyDetectives spoke with Anand Ramanathan, CPO of Skyhigh Security, about data security in the cloud, the biggest vulnerabilities with traditional data storage, the role of AI, and more
Can you introduce yourself and talk about your role at Skyhigh Security?
My name is Anand Ramanathan, and I serve as the Chief Product Officer for Skyhigh Security. In my role, I not only run product management for our business, but also oversee engineering and cloud operations. My focus is on product strategy and vision, so I spend a lot of my time researching where the markets are moving and shifting, and analyzing where Skyhigh Security can take advantage of the resulting opportunities. I am always trying to think a few steps ahead of where customers are today and make calculated bets on potential investments to drive our overall product portfolio.
Can you talk about Skyhigh – Who is your ideal client, and what are your main services?
Skyhigh Security protects the world’s data with cloud-native security solutions that are data-aware and easy to use. We go beyond traditional data access to focus on data use, allowing our customers to collaborate from any device and from anywhere without sacrificing security. At a time when users and data have never been more mobile, securing them has never been more complex. With a unified policy across a fully integrated platform, Skyhigh Security is the most comprehensive Security Service Edge (SSE) provider in the market for C-Suite executives in mid-to-large enterprises. Additionally, Skyhigh Security serves over 3,000 customers, which include 80% of global banks and 25% of Fortune 500 companies.
How do you ensure that data remains secure in the cloud while enabling seamless collaboration across devices and locations?
When employees collaborate remotely, it’s critical that organizations are able to secure data going to and from cloud services. This requires a comprehensive security solution that can deliver visibility and control over data, Shadow IT, and threat prevention, which a Cloud Access Security Broker (CASB) can provide. According to our recent Data Dilemma report, while 75% of organizations admit Shadow IT impairs their ability to keep data secure, only 42% experiencing Shadow IT use a CASB to monitor unauthorized cloud usage. This underscores the criticality for organizations to utilize solutions that add a much-needed layer of security and reduce the burden on IT through automated processes.
Additionally, by simply going beyond data access and focusing on data use, organizations have the opportunity to collaborate from any device and from anywhere without sacrificing security.
What are the biggest vulnerabilities with traditional data storage, and why is the cloud a better solution?
Today, data is everywhere. Organizations have responded to the shift to the cloud by stitching together disparate technologies and layering in additional security tools in an effort to produce a comprehensive solution. Unfortunately, this unintegrated approach results in security gaps, inconsistent application of controls and policies, and management complexities – putting unnecessary burdens on security teams that are already stretched thin. Instead of the traditional bottom-up process of starting from where data is stored, companies should utilize a top-down approach that focuses on the data itself. By expanding Zero Trust principles to how data is used rather than how it is accessed, cloud security is radically simplified. Luckily, we are seeing a strong push to the cloud, which was expedited in large part by the pandemic. In fact, the number of public cloud services used by organizations increased 50% from 2019 to 2022 alone.
How do you see the role of AI in data protection and cloud security evolving in the next 3 – 5 years?
Overall, AI will continually evolve and increasingly become a vital component in data protection and cloud security, augmenting human capabilities and providing advanced threat detection, response, and prevention mechanisms.
Anomaly detection and behavior analysis is one potential use case. By continuously monitoring and analyzing data, AI can identify deviations from normal behavior and promptly flag potential security risks. This can help detect insider threats, unauthorized access attempts, or unusual activities that may indicate a compromise. Additionally, AI will be able to automate incident response processes. By leveraging historical data, AI systems can suggest appropriate response actions based on past data security incidents, reducing the response time, and minimizing human error. Automated incident response can also aid in containing and mitigating the impact of security breaches.
Another potential use case is around cloud-native security. As more organizations adopt cloud computing, AI will be integral in securing cloud environments. AI-powered tools can continuously monitor cloud resources, identify misconfigurations, detect unauthorized access attempts, and provide automated remediation recommendations to ensure a robust and secure cloud infrastructure.
Lastly, we will likely also see AI-powered security analytics in the next 3-5 years. Advanced AI algorithms will be employed to analyze large volumes of security-related data from various sources, such as logs, network traffic, and user behavior. This will enable organizations to gain valuable insights into their security posture, identify vulnerabilities, and make data-driven decisions to enhance their overall security.
What are some misconceptions that companies have regarding data protection in the cloud?
We commonly hear from customers that “data is more vulnerable in the cloud than on-premises.” Enterprises in the early stages of cloud adoption often believe that moving data to the cloud exposes it to greater security risks compared to keeping it on-premises. By leveraging cloud security tools, enterprises can have advanced security measures that can enhance data protection. In such cases, data security can be stronger in the cloud if the proper security best practices are followed such as implementing appropriate security controls, conducting regular risk assessments, and staying informed about the evolving landscape of cloud security.
Another common misconception is that cloud service providers are solely responsible for data protection. Many companies assume that once they move their data to the cloud, the cloud service provider (CSP) takes full responsibility for its protection. However, the responsibility for data protection is typically shared between the company and the CSP in a shared responsibility model. While the CSP ensures the security of the underlying infrastructure, the company is still responsible for securing its own data and configuring appropriate access controls. It’s essential for companies to have a clear understanding of their responsibilities and take proactive steps to ensure data protection and security in the cloud.
We have also heard from customers that they believe compliance requirements are automatically fulfilled in the cloud – which is another misconception. Many organizations have specific compliance requirements, such as HIPAA or GDPR, and assume that since CSPs claim to have certifications, storing data in the cloud automatically makes them compliant. However, compliance is a shared responsibility, and companies must ensure that the cloud security solution they choose provides the necessary compliance controls and features.