Tackling Data Breaches and Enhancing Cloud Security Posture: An Interview with Nathan Wenzler

A look into securing cloud environments, managing APIs, and addressing third-party risks.

As a result of the world’s increasing reliance on digital systems and the internet, businesses face constant cyber threats that compromise sensitive data and create significant risk. Nathan Wenzler, Chief Security Strategist at Tenable, brings more than 20 years of public and private sector experience to the task of helping executives and security professionals develop robust security strategies, understand their cyber risks, and improve their security posture.

In this exclusive interview with AIM, Wenzler discusses critical topics in cloud security, including dealing with threats from APIs, third parties, and the challenges of cloud security posture management.

AIM: How can businesses ensure that data is more secure in the cloud?

Nathan: The dynamic and complex nature of cloud environments can make securing them difficult. Traditional network security measures, like firewalls, are often less effective in cloud environments due to the lack of a defined perimeter. Security solutions must function at the scale and speed of the cloud, and they need to support both developer and security workflows throughout the software development lifecycle.

In cloud environments, Infrastructure as Code (IaC) has emerged as a powerful tool for automatically defining the infrastructure on which organizations build their services. Ensuring IaC is secure from the outset is critical, and using IaC security tools that generate remediation code allows developers to mitigate risks before deployment.

A developer-first approach, coupled with the right cloud security posture management tools, can help organizations better understand and address security risks, enabling them to innovate confidently without worrying about security vulnerabilities.

AIM: How can organizations deal with the challenges posed by insecure cloud APIs?

Nathan: Cloud apps and APIs are particularly vulnerable to attacks, as they are designed to be exposed to the internet and serve large user traffic. Attackers can exploit insecure cloud APIs to gain access to cloud networks and critical business databases. These APIs often integrate with third-party APIs for purposes like notifications, monitoring, and data aggregation, which can create additional security risks.

To address these risks, organizations need a strong partnership between development and security teams, as well as security solutions that offer automated API discovery capabilities and API scanning. Rapid remediation of misconfiguration errors is also essential to prevent breaches, which requires security tools designed to support both developers and security teams in avoiding bottlenecks in the DevOps process.

AIM: What strategies can help organizations tackle the risks posed by third parties?

Nathan: Supply chain attacks have become increasingly common in recent years, making preventative security approaches crucial for organizations. A formal exposure management program can help businesses deal with risks before and after exploitation. This approach encompasses technologies like vulnerability management, web application security, cloud security, identity security, attack path analysis, and external attack surface management to provide a comprehensive view of potential exposures and vulnerabilities.

By understanding the full extent of their attack surfaces, organizations can develop more proactive strategies for securing their environments and minimizing the impact of third-party breaches.

AIM: What are the key challenges of cloud security posture management, and how can organizations address them?

Nathan: The SolarWinds attack highlighted the dangers of insecure code or pipelines. If an attacker compromises the CI/CD pipeline, the malicious changes can be automatically deployed throughout the entire production environment. Traditional CSPM tools struggle to mitigate such misconfigurations at runtime, as they do not address security when code is written.

Identity and access management have also emerged as significant challenges as cloud environments become more complex. Organizations need strong processes, automation, and consistent configuration management throughout the deployment pipeline to manage the thousands of roles and identities supporting cloud-based applications and services.

AIM: How can changing security posture help establish deterrence against cyberattacks?

Nathan: Outrunning cybercriminals is not a viable strategy, as they continually find new ways to exploit vulnerabilities and breach organizations. More mature organizations are embracing a preventative approach to risk identification and management, rather than relying solely on traditional reactive security measures.

It is essential to accept that attacks will happen and data breaches will occur. Relying on older methods of simply building walls of defense and hoping for the best is not effective given the speed and scalability of modern attacks. Instead, adopting a risk-centric approach to proactively address problems can help organizations make better decisions about where, when, and how to mitigate risks so that traditional defenses can be more effective.

A preventative approach involves utilizing discovery and assessment technologies, incorporating threat intelligence and business context into risk evaluations, and creating prioritized remediation plans that address the most likely areas of risk before attackers can exploit them.

While this may seem like a continuation of past practices, relying solely on tools like firewalls and endpoint security has put organizations in a purely defensive position. By proactively addressing and eliminating potential breach points before cybercriminals can exploit them, organizations can significantly strengthen their security posture and protect sensitive data.

CDO Vision Dubai

26th October, 2023 | TAJ JUMEIRAH LAKES TOWERS | Dubai

Unite with Dubai's foremost Chief Data Officers at an exclusive networking event brought to you by AIM Leaders Council.

Our Latest Reports on Artificial Intelligence & Data Science

  • State of Global Capability Centers (GCCs) in India 2023

    The “GCC in India 2023” report offers a comprehensive examination of the rapidly evolving landscape of Global Capability Centers (GCCs) in India. It explores the different types of centers, including their functionalities and operational aspects. As businesses globally aim to centralize specific functions for better efficiency, India continues to be a preferred destination due to its talent pool and cost advantages.

  • Data Science Skills Study 2023

    In an era defined by the data revolution, the field of data analytics has become the backbone of decision-making across industries. As organizations strive to harness the power of data, the role of data and analytics professionals has evolved into one of paramount importance. The “Data Science Skill Study 2023” by AIM-Research delves into the multifaceted landscape of these professionals, shedding light on their skills, preferences, and the ever-evolving trends that shape their work.

  • Tackling the major roadblocks of text-based GenAI

    In recent years, the field of text-based generative artificial intelligence (AI) has witnessed remarkable advancements, revolutionizing natural language processing and generating human-like textual content. These AI models, such as GPT-3, have demonstrated unprecedented capabilities in generating coherent stories, answering questions, and even simulating human conversation.

    However, within this realm of immense promise, lie substantial challenges and obstacles that demand prudent navigation. As text-based generative AI achieves unprecedented capabilities, it simultaneously encounters complex roadblocks that necessitate careful consideration. These challenges encompass a range of intricate issues that span from accuracy and coherence to ethical considerations and contextual understanding.

    This report aims to explore and dissect the major roadblocks encountered in the domain of text-based generative AI and present effective strategies to overcome them.

     

  • Generative AI Tools: A Comprehensive Market Analysis

    The market for Generative AI tools is thriving, propelled by the expanding applications of these technologies and the growing recognition of their potential benefits. Industries across the spectrum, from tech and entertainment to healthcare and finance, are leveraging these tools to streamline processes, enhance creativity, and make strides in innovation.

    This report aims to provide an exhaustive analysis of Generative AI tools that are dedicated to individual functionalities. By investigating the market dynamics, uncovering trends, and identifying key players, this report offers essential insights into the current scenario and future prospects of these tools.

     

Subscribe to our Newsletter

By clicking the “Continue” button, you are agreeing to the AIM Terms of Use and Privacy Policy.

Supercharge your top goals and objectives to reach new heights of success!