Successful Cloud Adoption Lies In A New Operational Model: DataSecOps
Expert Insights speaks to Eldad Chai, co-founder and CEO of Satori to discover how organizations can better manage and secure their cloud data.
Since the mid-2000s, organizations have been steadily adopting cloud infrastructures, technologies, and processes, moving their data from on-premises databases to more flexible and efficient cloud-based alternatives. However, the COVID-19 pandemic was a catalyst for cloud adoption, causing many organizations globally to implement their existing cloud adoption strategies more rapidly or, for those who’d not yet begun the process, scramble to provision employees to work remotely using new technologies.
A year on, cloud spend is continuing to rise as enterprise organizations adopt hybrid or multi-cloud strategies and continue to move data to the cloud to help manage their IT workloads. However, while these architectures provide more flexibility, they’re also more difficult to manage than on-prem or single-cloud architectures. Because of this, increasingly more organizations are leveraging multi-cloud management, security, and governance tools, and 61% of businesses currently using cloud technologies say that optimizing their use of the cloud is a top initiative for 2021.
To find out more about how organizations can get the most out of their cloud data, we spoke to Eldad Chai, CEO and co-founder of Satori. Chai started his cybersecurity career 15 years ago, first working in technical roles and gradually progressing into business-oriented roles. Chai spent numerous years working for the security team of software application security vendor Incapsula, which was acquired by Imperva in 2019. With this acquisition, Chai joined the Imperva leadership team as SVP of product management, working alongside then-SVP of product development, Yoav Cohen. In 2019, when Imperva was sold to Thoma Bravo, the pair co-founded Satori Cyber.
Satori Cyber helps organizations to streamline their data security, governance, and access management. The platform analyzes how data flows within a company’s cloud environment and helps that company to apply appropriate access policies based on user identity, regular access behaviors, and the nature of the data being accessed. As well as enabling admins to configure access policies, Satori provides key insights into data usage across public, private, and hybrid cloud environments, making it easier for IT teams to meet compliance needs, as well as monitor and control access to sensitive data and prevent unauthorized access.
The Challenges Of Cloud Adoption
A hybrid or multi-cloud infrastructure can make database management more flexible, scalable and, if implemented properly, affordable. It can also enable organizations to secure their data more effectively, from access management to disaster recovery that only takes minutes, instead of days.
However, before a company can reap these benefits, they must go through the process of cloud adoption and learn how to use their cloud architecture efficiently.
When companies embark on the journey to transform their data infrastructure and practices, they drive two major changes, says Chai; a cultural shift that requires every business domain to be able to work with cloud data and generate meaningful insights from it, and a technological shift in the actual move to the cloud. As companies move their databases to the cloud, these shifts present scaling challenges.
“You can store and analyze a lot of data in the cloud—it’s easy for someone to access data and work with it. But everything in between, such as security, privacy and governance, doesn’t scale, because data cloud platforms don’t support these use cases,” explains Chai. And, unfortunately, it isn’t simply a matter of moving existing processes into a new environment.
“You can’t employ traditional IT and database administration practices in a cloud environment. For example, requiring every data access request to involve changes at the identity layer and database layer as well as custom development of objects on each database simply does not scale. At some point, companies hit a glass ceiling with their legacy data initiatives,” says Chai. “Organizations need to overcome those scaling challenges, streamline their operations, and be able to move faster with their data objectives. That is why you need DataSecOps.”
However, this in itself presents the new challenge of integrating controls and security into an existing cloud environment. The answer, Chai says, is to find management and security solutions that are transparent about their integrations, and don’t require organizations to make further changes within their cloud environment to accommodate them.
“Many solutions force an organization to fit their model—but you want an integrated solution that doesn’t add friction, but removes friction. Satori requires really low effort from the customer to start using the product because it fits their existing and future data projects, simply by not interfering,” Chai says.
Creating a scalable, integrated infrastructure is crucial if you want to profit from the advantages of hosting data in the cloud. However, it’s impossible to do this without changing your database administration processes. That’s where DataSecOps comes in.
A New Way Of Approaching Cloud Operations
Just as agile software development and the migration of applications to the cloud brought about DevOps and, with the integration of security into the development process, DataSecOps, the migration of data operations to the cloud is crying out for DataSecOps.
DataSecOps is the idea that security needs to be built into your data operations, including your cloud migration, from the outset, rather than adding it at the final stage of data processing. This helps core processes to run more quickly and efficiently, rather than having to be re-started because they failed when it came to security. When building a cloud environment, a huge part of this approach is the implementation of security automation. This means to automate repetitive tasks that take up valuable time to action manually, and the streamlining of security, governance, and access requirements.
Traditional security solutions block threats and notify an admin, who then has to record and remediate that threat. This creates friction within the process being run, such as someone logging in, as admins wade through security tickets. Automating simple remediation tasks, such as creating access policies, can remove this friction and help processes to run more smoothly.
“Think of your cloud infrastructure as a highway,” Chai illustrates for me. “Without any lanes, cars wouldn’t know where to drive, they wouldn’t want to move fast, and you’d end up with a traffic jam. Now imagine the same highway, but with lanes. Every car knows where to go, and they move faster.”
In this example, the lanes represent security automation functions.
“Satori does have the ability to prevent and stop threats but, generally, the concept is to provide these traffic lanes to optimize scalable, streamlined, low latency access to data, but to make sure that no-one is switching lanes when they’re not authorized to do so.”
Satori’s “traffic lanes” or “guardrails”, as Chai refers to them, are determined by admin-configured policies that outline who is permitted to access which data.
When security is integrated with operations, organizations can focus on their analytics requirements, says Chai.
The Multi-Cloud Movement
As with many technological trends, cloud adoption is expected to snowball in the coming years.
“During the pandemic, industries that we thought would take years to move to the cloud have been pushed into it rapidly, and that created a ripple effect,” says Chai. “When part of an industry moves to the cloud, they gain a competitive advantage. As another player in that industry, you either join in that motion and move to the cloud yourself, or you get left behind.
“It’s really hard, in our fast-paced, technological environment today, to stay competitive without being at the edge of technology.”
As more organizations face the challenge of cloud adoption, one of the first decisions they’ll have to make is to decide which type of cloud infrastructure they want to use: public, private, or a hybrid combination of the two. Some organizations may even decide to use multiple cloud computing services within their architecture, thus creating a “multi-cloud” environment. These can be all-public, all-private, or a combination of the two, and they prevent an organization from being completely reliant on any single cloud vendor.
When making this decision, companies should consider which third-party solutions they’ll need to integrate with their architecture. Some software-as-a-service (SaaS) products only operate within a specific data cloud, such as AWS or Snowflake, while others can be implemented in a variety of cloud environments, including the customer’s own private cloud. When building a cloud environment, it’s important to consider how compatible your SaaS technologies are with that environment. This requirement has led to the increasing popularity of hybrid or multi-cloud environments, which enable organizations to choose third-party solutions without being restricted to one particular cloud environment.
“In our space of securing cloud infrastructures, it’s the strong preference of customers to work with vendors that can support a hybrid or multi-cloud environment,” says Chai. “This is because they had a strong push internally to work with the best solution on the market, rather than being boxed into a specific cloud environment.
“It’s common for companies to use technologies on the AWS, Azure and Google Cloud, combining them and creating a multi-cloud environment.”
The Secret To Cloud Success
…Is not only to adopt new technologies, but also to adopt new operational models, says Chai.
“You should think about how you can operate within a new environment where you have not only different technology, but people who are interacting with that technology in a different way internally, and you need to build a strong operational foundation around that.
“That’s where Satori and DataSecOps provide an answer. It fits your cloud environment today and in the future, and allows you to avoid the mistake of thinking, ‘We’re just going to copy what we have on-prem into the cloud.’ That’s going to fail really quickly.
“As you’re adopting new technology, you need to adopt new operational models and think about that as well, not just the underlying tech.”