Digital transformation has reshaped enterprise IT as we knew it. The ease and availability of the cloud provides businesses with dynamic options for developing and deploying services and applications at a fast pace. These advances drive business performance, but they have also resulted in security that just can’t keep up. 

Telindus is perfectly aware of the new challenges caused by cloud security. Together with cyber security specialist Check Point Software Technologies, Telindus offers businesses the tooling and knowledge for safely navigating under increasingly cloudy conditions.

We held a discussion with Peter Sandkuijl, VP engineering EMEA at Check Point Software Technologies, on how to secure cloud environments at scale, provide protection to IoT networks, and in what way AI actually helps improve an organization’s security posture.

Peter Sandkuijl, VP engineering EMEA

Check Point Software Technologies

Q. There is no question that cloud computing offers numerous advantages to those who adopt it, not the least of which being lower cost, faster time to market, and increased worker productivity. However, the security of data in the cloud is a key concern for IT departments. What are the specific risks associated with cloud computing and how do you address them?

PS: "Cloud computing is all around us and there is no doubt it comes with a large amount of opportunity and promise. For the last five years, we have been closely following this movement, applying dedicated resources to better understand customer needs and tooling. Cloud providers speak about a shared responsibility model, whereas a better term would be a split responsibility model. The cloud provider takes care of the infrastructure, but the applications and data storage you run on top is your sole responsibility".

"Next to the traditional security topics to be addressed such as access control, intrusion prevention and other advanced threat prevention technologies, new challenges have arisen. Since the move to the cloud is often not handled by the traditional network and security team, we have a different audience to speak to. Who knew the term DevSecOps five years ago? They have different KPI’s and don’t necessarily have the same security background that we can assume when talking to the former group. This brings us back to the need to discuss why dedicated and focused security technologies are required rather than using native controls only". 

"Next to the traditional security topics, new challenges have arisen"

"Next to that, we also see new needs as we are no longer in full control of the infrastructure. That means a focus on cloud security posture management, for instance, or CPSM which continuously monitors the state we expect the cloud compute to be in. This will help ensure least privileged accounts and access, the need to have data encrypted, specific version control and such like. Check Point offers a lot of canned checks - i.e. GDPR and PCI - and reports but also offers a user-friendly language to write one’s own checks".

"Lastly, as everything gets automated, traditional change management procedures go out of the window and security has to become an integral part of the deployment cycles. All of this has to be applied in cloud technology in on-premises and public cloud deployments. More often than not, we see multi-cloud deployments and this is where we offer a lot of value: the ability to create a consistent implementation of appropriate security across any environment, cloudy or not cloudy".

Q. IDC predicts that by 2025 there will be 55.7 billion connected devices worldwide, 75% of which will be connected to an IoT platform. The future of IoT has the potential to be limitless. This potential is not just in enabling billions of devices simultaneously but also and above all in leveraging the huge volumes of actionable data that can automate diverse business processes. On the other hand, due to their inherent vulnerability and growing use, IoT devices also extend the attack surface. What do you recommend to better protect IoT devices, networks and data?

PS: "The numbers are so enormous that it is clear that traditional approaches alone will not be enough. With the introduction of Check Point IoT Protect,  we allow our customers to address the key topics. We roughly see the needs segmented across traditional industrial control systems, building automation and healthcare. From IP cameras to smart elevators, medical devices and industrial controllers, many IoT devices are inherently vulnerable and easy to hack. The challenge lies in their diversity and sometimes limited control over the actual application or OS. With the sheer volume of devices, focus is shifting towards discovery, automatic categorization and having the security solution suggest a security policy. The discovery is performed by partners and we created an API to allow a continuous update of the currently live devices". 

"Many IoT devices are inherently vulnerable and easy to hack"

"Consuming this information bridges the gap between the teams deploying these devices and the teams managing security in IT networks. It even allows a seamless integration without any human interaction, providing zero day protection from the get go. This decreases the need for policy changes and allows for the addition of ThreatCloud intelligence around the vulnerabilities surrounding these devices. Doing this provides both an overview of exactly what a customer is operating, a graphical overview of how that relates to their IT network, in addition to a fine grained policy as to expected behavior and enforcement of that".

Q. While cyber attacks continue to evolve at an accelerating pace, threats have become more sophisticated and dangerous compared to just a few years ago, making it impossible for human-created models to provide comprehensive and up-to-date protection. This is where advanced technologies such as artificial intelligence, machine learning or deep learning come into the equation, helping under-resourced security operations analysts fight the new generations of threats. How does Check Point leverage advanced technologies to strengthen its cyber security solutions?

PS: "Personally I started in this market in 1995, so I have seen many evolutions pass by. In recent years, both the way we publish and consume applications, and how we need to secure them, has changed faster and faster. We actually started categorizing them into five generations; on average, we see that enterprises are running behind two generations. Doing what we did before will not mitigate that or close the gap. Check Point has been collecting threat information for many years and is making that available as a service through the ThreatCloud online portal". 

"This is about continuously enabling and securing business operations"

"It’s important to highlight here this crosses platforms such as regular gateways, cloud based security, SaaS environments up to endpoints and mobile devices. Correlation is a keyword to analyze everything we learn and technologies such as machine learning - the market likes calling this AI - are key. It’s not a single technology however; we use up to 64 technologies to ensure our hit rate is high with the least amount of false positives possible. We frequently get tested on that by external organizations such as formerly NSS Labs and more recent Mitre. For a customer, after all, this is not a one-time prize. This is about continuously enabling and securing business operations". 

Q. Now that they have overcome the worst effects of the Covid-19 crisis, organizations of all shapes and sizes are starting to return to some degree of normalcy. However, it appears that some of the measures adopted during the crisis – like the large-scale use of remote working – are here to stay. What is your view on the post-Covid cyber security landscape and what advice would you give an organization that seeks to navigate safely through the coming months and years?

PS: "First of all we cannot declare victory too early and I would urge each and every one to stay as safe and well as possible. Where lots of roadblocks have forcefully been removed, a lot of business leaders and executives have realized that there is opportunity in change and disruption, isn’t there always? Once the pressure is off, things will go back to the new normal. No one actually knows what that looks like and what I have been telling both my teams as well as customers is the fact that it is up to us to shape that future. I do expect that a new balance will be agreed upon, what it will look like will depend on each company". 

"We are digitally transforming and that is not simply lifting and shifting the datacenter to the cloud"

"With regards to working remotely, how we spend our time efficiently and run the business, this crisis has shown, on the plus side, that we can survive even when we work from home and hardly meet in person at all. That balance will attempt to get back to the center but never as far back as where it was. That will be a good thing. On a security level it should open the discussion about the fact that we are digitally transforming and that is not simply lifting and shifting the datacenter to the cloud. It’s a cultural and technical change, and a big one at that. Further dissolving the perimeter as we think about it, we need to consider how to secure beyond that perimeter. This means how we do secure data, applications and identities on a plethora of devices, especially considering these live outside of our building and potentially outside of our managerial control. For instance, did we take any shortcuts on GDPR that we really need to address now? Connecting all the dots, providing continuous protections, while allowing our customers to sit in the driver’s seat doing their business, is the promise we will deliver on".

Interview by Michael Renotte