Cloud Access Security Broker (CASB)

Interview: Gee Rittenhouse On Streamlining Security During A Skills Shortage And Economic Unrest

Skyhigh Security’s Gee Rittenhouse discusses the benefits of consolidating your security stack, how economic downturn is affecting the security market, and how the rise of AI will impact the future of cloud data security.

GeeRittenhouse-SkyHigh-Interview

Over the last year, the world has experienced huge unrest with global conflicts, economic downturn, and the rapid advancement of new and emerging technologies. Because of this, the cybersecurity industry is going through a period of rapid change and adaptation. This is adding complexity to an already complex. One area of particular change is cloud security. 

“Cloud is a complicated environment. It can be cloud infrastructure, it can be SaaS, it can be working on the web. And of course, everybody is working—from remotely to the office—on all sorts of devices. So,” says Gee Rittenhouse, CEO of Skyhigh Security, “the cloud environment, from a security perspective, is fairly complicated.”

Gee has over 20 years of experience in data protection and is a recognized speaker among cybersecurity professionals. Prior to his role at Skyhigh Security, Gee was the SVP of Cisco’s Security Business Group. In his current role, he leads Skyhigh with a focus on innovation, collaboration, and operational growth.

In an exclusive interview with Expert Insights at RSAC 2023, Gee discusses the benefits of consolidating and unifying your security stack, how security teams can streamline IT processes amid a talent shortage and economic downturn, and how the rise of AI will impact the future of cloud data security.

You can listen to our full conversation with Gee on the Expert Insights Podcast

Replacing Disparate Tools With Unified Platforms

One of Skyhigh Security’s core aims is to provide cloud data protection across multiple layers, via a single, unified platform. Using a single platform (rather than managing multiple, disparate tools) has multiple benefits, says Gee. 

“First of all, there’s the operational efficiency; you’re able to simplify and operate at a lower cost,” he explains. “But I think increasingly, in this cloud world, the threats and adversaries coming in are always looking for the gaps. They’re always looking for an inconsistency between the way you think about data on an endpoint, or cloud, or SaaS. And that’s an exploitation area.”

When utilizing multiple tools, it can be easy for information and intelligence to slip through the gaps—whether that’s a vulnerability that isn’t picked up on and patched (due to too much noise being generated), data falling through the cracks (because it hasn’t been synced across platforms), or simply that one area of the network isn’t covered by any of the tools in use, and remains unprotected. 

Utilizing a single, multi-layer platform can mitigate these challenges by providing businesses with single pane of glass through which they can manage their entire security ecosystem. This is far easier than having to juggle or sync data across multiple management consoles. This reduces the likelihood of a vulnerability going unnoticed due to human error or an overwhelming number of alerts from multiple locations. 

“When you have a uniform and consistent perspective across that, not only do you operate at lower costs, but you have a higher efficacy,” says Gee. 

Economic Downturn Is Affecting The Security Market

Many parts of the world are currently experiencing economic downturn, and that’s having a huge impact on the security industry in three main ways, says Gee. 

First, a lot of conversations that take place when businesses are investing in a new tool are now centered around the financial benefit, whereas previously, they would be more focused on improving security posture and efficacy. This means that tools today need to be able to improve operational efficiency and reduce the workload of IT and security teams. This often involves the application of machine learning and workflow automation. 

Second, reporting is no longer just for the security professionals managing the tool; it’s also for showing board members and C-level executives the benefits of the tool through reduced risk.

“Security language and business language are very different. You come to a conference like [RSA], and it’s acronym soup – all the deep technical things. But boards and senior executives don’t think about it through that lens, so we have to translate this into business metrics,” explains Gee.

“It could be, for example, ‘here are the intellectual property assets that we saw people trying to use or exploit that we blocked’, or ‘we are now compliant’. When you think about it that way—being able to prove that we were not only compliant, but we did it at a lower cost with fewer people—that’s the language that they speak.” 

“And so, the more the platform is able to arm security professionals in that way, the easier it is for them to communicate that value upwards.”

Finally, the number of people investing in security hasn’t reduced, but the buying process is taking longer. 

“What we have seen is a lot more checks in the in the buying process; it gets reviewed at a higher level, or there’s one more signature required […] which adds a little bit of delay into the buying process,” explains Gee. 

Looking To The Future Of Cloud Data Security

When it comes to the future of cloud data security, we can expect generative AI and machine learning to play an important role, says Gee. 

“Let’s start with a defensive standpoint. First, machine learning has been a part of security for a long time. We look for the needle in the haystack of needles. We’re always trying to view what is normal, and then what is abnormal, and then focus on the abnormal as a potential threat. So, we’re very well versed in the security world around machine learning, pattern detections, things like that.” 

“What has been difficult is to bring in security professionals and have them search through this in a very simple way. Normally […] you have to be a security professional to really understand, query the data, and get the results back. I think that things like generative AI can simplify that interface – I can ask relatively simple questions and receive answers without getting into regex expressions… So, I do think it will help that security professional gap.”

“On the adversary side, I think they will be able to exploit gaps more readily, to write code more quickly, to obfuscate it more easily, to put it out there and always keep probing organizations for those gaps. I think that will continue.”

That’s why it’s so critical for organizations to take a unified approach to security, reiterates Gee.

“So, as everybody’s trying to poke and probe, the enterprise has a uniform perspective and consistency across their data protection platform.”

Listen On Spotify:

Listen On Apple Podcasts

About Expert Insights

Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions. You can find all of our podcasts here.