Unisys is a large global technology company, involved in building multiple cybersecurity solutions for enterprises and governments all over the world. Through their multiple solutions and varied customer base, Unisys has a unique perspective on the cybersecurity challenges facing businesses of all sizes today.
At the 2020
RSA conference in San Francisco, Expert Insights met with Unisys’ Chief
Technical Officer Vishal Gupta, to talk through this unique security
perspective, global cybersecurity threats and trends, and the best ways for
organizations to keep themselves secure in the cloud.
worked in cybersecurity for over ten years, and prior to joining Unisys was SVP
at Symantec, which at the time was the world’s largest cybersecurity vendor. As
CTO at Unisys, Gupta is in charge of all of their technology platforms and
products, including security, as well as cloud compliance and AI.
The Shift to The Cloud
One of the
major changes over the last few years has been the shift from on-premise enterprise
infrastructure towards cloud-based technologies. There are often numerous
benefits for organizations to use cloud-based technologies, including improved
productivity, lower maintenance costs and less downtime.
the move to the cloud for enterprise applications and security tools have created
new security tests for organizations to overcome. In Gupta’s experience the
cloud has opened up three key areas where organizations are finding challenges.
challenge is one of visibility,” Gupta says. “In the on-prem world,
organizations had a lot of visibility and control, because their own IT
departments were doing everything. Now, technologies are very distributed, but
they still want visibility.”
This is especially
true when it comes to managing data. Organizations need to ensure they know what
information is being stored in which data centers and who is looking after and
handling their data. This is a key challenge with cloud-based technologies.
secure what you don’t know,” Gupta says. “So, visibility is king.”
issue Gupta commonly comes across is the need for organizations to implement
best practices. “One of the challenges
of the cloud is that it’s so decentralized,” he says. “And there are so many
kinds of configurations.”
means for organizations is that they can very quickly implement many security
platforms, and they can very easily be misconfigured. This can mean
organizations have security gaps in their infrastructure or miss events that
they should be logging.
has all these developers and IT people who are setting up things in the cloud,”
Gupta says. “But the challenge is how do you do it from a security perspective,
from an operations perspective, from a compliance perspective?”
introduced the CloudForte Navigator in a partnership with AWS and Azure to help
enterprise customers deal with this issue of best practices, which is designed
to help organizations build, operate and secure cloud systems.
challenge for organizations in the is how if important cloud accounts are
compromised, cyber-criminals have access to much more data than they would have
when technologies were hosted on-premise.
“If an attacker is able to compromise one cloud account, they can pretty much go anywhere and get anything. The challenge for organizations is, how do you micro-segment so that even if you get an exposure, you don’t end up losing a lot of different records?” Gupta says.
the example of a major financial institution, which recently had a devasting attack
in which a web application firewall was breached, which led to the personal
information of 100 million customers being exposed.
a number of container and isolation solutions designed to protect against this
kind of threat. Gupta argues that micro-segmentation, or the ability for
organizations to breakdown the attack surface of their organization into
multiple smaller pieces, is hugely important for organizations moving to the
Credential Theft and Biometrics
One of the
other big cloud threats that organizations are being exposed to is credential
theft, Gupta says. This is leading to an increasing challenge around how we
validate identities and manage access to important accounts.
Gupta argues that moving to the cloud have made the authentication and identity challenge more prevalent in two distinct ways. The first is that cloud-based accounts now have access to so much more information, increasing the value of account compromise for attackers.
“As we saw in a recent breach involving a major banking institution,” Gupta says, “Somebody can literally access terabytes of data, all your companies’ customers and all of their data. The impact can be massive.”
issue Gupta outlines is that it’s much harder to know where attacks are from, and
it’s harder for organizations to discover compromised accounts in the cloud.
Because of this, the security risks become much more acute.
argues this is leading to the use of biometrics becoming an increasingly
important security tool, as a way to help organizations better manage identity
“The use of
biometrics is becoming more and more important,” he tells me. “How else can we
get incontrovertible evidence that you are who you say you are? Because
credentials are so easy to steal.”
deployed a biometric security system that allows users to use their FaceID or
fingerprint to validate their identity. Gupta says the key challenges around
this technology is ensuring it’s easy to use, encompasses multiple layers of
security, and is fast to validate, in order to not impact the productivity of
The Cloud Is Not Less Secure Than On-Premise
challenges that are emerging from the move to cloud-technologies, Gupta says
that the cloud is not more, or less secure than the on-premise perimeter.
Rather, it’s the approach to the cloud that causes difficulties for
“One of the
things people are realizing is that the cloud is not inherently more secure or
less secure than on-prem, it’s just different,” Gupta says. “It’s now a shared responsibility
model. Organizations have to understand what they’re responsible for, and what
the cloud provider is responsible for.”
argues that organizations are starting to understand that the cloud providers
have to be responsible for their infrastructure, but at the same time
organizations have to be responsible for their workloads.
are also more often looking for a more holistic, or hybrid approach, Gupta
says. “More and more, organizations are not looking for just one solution that
works only on-prem or only in the cloud,” he tells me. “Organizations want a
holistic solution where they can form security policies, that will work across
their infrastructure, whether that’s on-prem, in AWS, in Azure, in Google, or
in their private data center.”
argues that increasingly, large organizations want flexibility, and the ability
to move their workload to wherever makes the most sense for them.
Advice for Organizations Moving to the Cloud
advice for organizations in the cloud, or considering moving to the cloud, is
threefold. His first advice is to remember the cloud is no more or less secure
that on premise technologies.
“The cloud is
no more or less secure, it’s just about making sure you follow best practices,”
Gupta says, “Make sure you follow best practices from a cost, compliance, application
modernization, and security perspective.”
look at biometrics. Account compromise is a risk, and implementing biometrics
is a great way to minimize risk, without compromising on convenience for the user.
Thirdly, organizations need to microsegment, and reduce their attack surface,”
“The cloud has a lot of a potential, it is fast, there’s lots of innovation available. But organizations need to move forward with confidence and the above three strategies will help them to do so.”
You can find out more about Unisys here: https://www.unisys.com/