If anyone knows about the importance of rapid response when it comes to effectively solving cloud security issues, it's Bill Ho, a Prisma Cloud Solution Architect and expert on cloud-native security.
I had the chance to sit down and talk with him recently. We covered many topics, including three of the most pressing questions we hear from the organizations we speak with, such as, why a Code to CloudTM approach to security is so important, what role Data Security Posture Management (DSPM) plays in an effective security strategy, and why cloud security platforms are more effective than standalone solutions.
Let’s dive into Bill’s insights.
Code to Cloud Security Enables Efficient Security Alert Triage
Question: Welcome Bill, we’re happy to talk with you today. Can we start by asking you what value a Code to Cloud security platform brings to gain an advantage over attackers, and how it makes it easier to triage alerts compared to a traditional monolithic application?
Bill Ho: Well, let’s start by noting how monolithic applications make it challenging for teams to isolate and address security issues, basically being a roadblock to rapid alert management and triage. This slowness in response is because a monolithic application has everything packaged into a single black box, making visibility and protection of the monolithic application difficult. Teams are ultimately challenged when they try to separate a vulnerability from the binary application itself.
The good news is that there is an easier way to identify vulnerabilities thanks to the modern cloud-native technologies we now have. For instance, Prisma Cloud by Palo Alto Networks can easily detect vulnerabilities in a code library or container image because it can leverage all the cloud-native intelligence gathered across the lifecycle and in production to help inform how to protect our applications.
As a cloud-native platform, Prisma Cloud can use a layered approach to securing applications and, with abstraction layers, clearly know what exactly a security issue is and where it originated from, right down to the exact layer. This granular visibility helps teams tackle security issues together as a unified team. With traditional monolithic applications however, every security problem usually goes through a single operations person. Today, with cloud-native modernization, we have abstraction layers that are clearly defined within the cloud-native application architecture, so different teams can contribute to solving issues in a unified and collaborative way.
Cloud-native applications have actually evolved to let teams tackle security issues with a broader number of people and across different responsibility areas. There is not a lot of orchestration to be done because we have abstracted the application into manageable layers. And it doesn’t matter where your application lives, whether on AWS, Google, Azure, Oracle or Alibaba infrastructure. A cloud-native platform like Prisma Cloud lets you know where a known asset is in your cloud, and what its risk posture is. You can even action discovery and alerting for shadow clouds and shadow assets that you didn’t even know you had. For Prisma Cloud, this is accomplished through our Cloud Discovery and Exposure (CDEM) capability that detects rogue cloud resources and internet exposure.
With cloud-native applications and today’s modern cloud environments that are largely event-driven architectures, security has to respond rapidly and be agile to fix the most critical problems as soon as possible, before they become breaches. The legacy, monolithic approach is to try to fix everything together at once, without knowing where the issues originate from. With cloud-native and a Code to Cloud approach, we can see the root cause of vulnerabilities and other security issues, which in turn empowers agile cloud security because of effective prioritization. Prisma Cloud knows which misconfiguration is the most impactful to fix first, for instance.
In this way, modern cloud-native security makes security teams faster and more efficient, and it also lets every team member leverage holistic, Code to Cloud intelligence to empower fixes across the lifecycle.
Data Security Posture Management (DSPM): Security Isn't Just a Technical Issue
Question: Thanks Bill. And what about data security and DSPM? I know you like to say that data security is not just a technical problem but relies on people and processes as well. Can you explain why continuously monitoring and protecting data integrity is important, and what you mean when you say data security is not just a technical problem?
Bill Ho: Yes, absolutely. First of all, Prisma Cloud has expanded with a new capability called data security posture management, or DSPM.
In modern application protection, we can break down the issues in an application into smaller, more manageable and fixable pieces, and we do the same for data. We break the data down into microsurfaces, which is a more agile and efficient approach.
When we are protecting critical applications, we need to be aware of where exactly our data is. That’s why data security posture management, or DSPM, is so important. With data existing across multicloud and different cloud services, for example Snowflake and others, how can we get a holistic view of all our data? Do we have insight into what type of data is being transferred and appropriately assess risk? With DSPM, we can secure data flows in transit and ensure data encryption.
Since applications interact with other applications and resources through APIs, a lot of customer data is transferred. We cannot just secure the data in transit but also need to secure access, and that means having the right access permissions to protect data at the right time. Knowing where our sensitive data is lets us secure that data, in transit and at rest, and further manage that data securely across clouds at scale. And we can prioritize assets so that the most impactful issues get attention first, even across multicloud environments.
But data security is not actually just a technical problem. It's more about putting security in the right place at the right time to be impactful, rather than trying to do everything at once.
Think of GDPR. How can we check our cloud environment and assess whether we are GDPR compliant? Is it just a security configuration check, like checking whether data encryption is enabled?
Data protection, like any protection, ends up being about more than just cloud configurations. It is about people and process as well, not just the technology. So, for instance, are cloud teams informed with continuous monitoring as part of their workflows? Is there a strategy in place to customize protections for different tiers of applications? And is the approach proactive, like using data detection and response (DDR) to detect issues anywhere in the lifecycle? The best defense includes every team knowing the outcomes they are trying to achieve and having a unified way to achieve it. In short, are you prepared with a strong data security posture? That’s the benefit that DSPM delivers in Prisma Cloud so customers can be prepared and ready.
Why Platforms Are a More Effective Approach to Cloud Security
Question: Thanks for that Bill. Now let’s talk about security platforms. I have heard you say that the threat landscape out there right now is an unfair game. Today you need to be fast, agile, and enable impactful prioritization. It is interesting when you say that it’s not about fixing everything. Instead, it’s about fixing the right things promptly. Can you tell us a little more about why security platforms matter?
Bill Ho: Sure. The reason why platforms matter so much is simple. It’s to gain an advantage for the defender. Attackers always have a huge advantage because they only need to succeed once with an exploitation. The defender, however, cannot let anything slip through. So, it is an unfair game that’s being played and it is a platform that can help defenders succeed in stopping relentless attackers.
Today, defenders are actually very reactive. This is mostly because defenders are using siloed point solutions that require time and labor to consolidate findings and make them actionable.
But attackers have been evolving. They’re starting to use a lot of automation and AI tools to speed up their attacks. This is another reason why point solutions are at a disadvantage when it comes to protection, and also why defenders need to evolve their tool sets toward more holistic visibility and control. Just doing scanning or reaching compliance isn’t enough.
With a security platform however, teams get the help they need by having multiple tools available in a single framework. Everything is available when needed and customers don’t have to go through multiple procurement processes. In short, a platform means you can respond fast.
You don't have to labor to find all the separate tools you have and then combine all the findings together somehow. With point solutions, the integration challenge is significant since point tools are not made to talk to each other. The blind spots with point solutions are also why a single platform is more effective. There are no gaps in coverage with a security platform and you can rapidly respond to stop an attack from happening.
Best Practices for Code to Cloud Security
That was a lot of information, so let’s recap:
- A Code to Cloud approach to security is more efficient at alert triage, delivering depth, breadth, and ease of use.
- Continuously monitoring and protecting data integrity with DSPM is an important security capability that every enterprise should adopt as soon as possible to safeguard their customer’s data.
- And finally, a platform approach to cloud security is more effective at defending against threats because it makes it easier to correlate findings.
Want to see more insights from Bill Ho? Check out Bill’s posts on LinkedIn and take a moment to like and follow Prisma Cloud on LinkedIn as well.