Neil Thacker, CISO of cloud security firm Netskope, speaks to Felix Todd about the importance of using the cloud in digital transformation for businesses
For some, the process of digital transformation has been a smooth and fortuitous journey – but for others it’s been an uphill struggle.
Now, the chief information security officer of cyber security firm Netskope has shared his thoughts on why the cloud is the answer for those who have experienced more headaches than results and, subsequently, why ensuring it’s completely secure is vital.
Prior to joining the company, Neil Thacker served at Camelot Group, Deutsche Bank, Forcepoint and Swiss Re, and has been involved in building security programmes across all domains in various industries.
Here we speak to him about the importance of the cloud in digital transformation and how businesses can keep their use of it safe from cyber threats.
What is Netskope and what does your role within the company involve?
Netskope is a leader in cloud security. We help the world’s largest organisations take full advantage of the cloud and web without sacrificing security.
We offer what we call smart cloud security – this means that our customers get comprehensive data protection that guards data in the cloud as well as advanced threat protection that stops elusive attacks.
Our Cloud XD technology eliminates blind spots by quickly targeting and controlling activities across thousands of cloud applications and millions of websites.
As both chief information security officer and data protection officer for Netskope in EMEA, I help the company support customers with their security challenges, as well as looking after Netskope’s own security through product security, incident management, data protection, security audit, governance, risk and compliance.
I also currently lead the GDPR programme and data protection function in EMEA.
When did the digital transformation phenomenon begin and why has it picked up so much steam over the past few years?
It actually started as far back as the 1970s, as businesses began to digitally automate processes and operations.
Since then, it has gained traction and increased in speed, initially helped by advances in technology and the internet.
With the birth of the internet, businesses began to implement digital tools into their organisation.
In the last decade we’ve seen consumers become a lot more digitally competent, and a whole host of new industries and business models established to capitalise on that competency.
It has now become a question of competition, with businesses in all leading industries having to adapt or fail.
According to the International Data Corporation, as many as 89% of organisations have adopted a digital-first mindset to accelerate their businesses to operate more cost-effectively, deliver on-demand customer service, and accommodate a globalised workforce.
However, this has significantly increased the attack surface of all enterprises, leaving security teams without the means to protect these new threat vectors.
As a result, enterprises are in need of a new approach as legacy security solutions were designed for a world where data and applications were placed in centralised data centres and IT teams were responsible for application selection and deployment.
Business of the future systems that were developed in the 2000s for digital transformation cannot keep pace with today’s cloud systems and so we have witnessed a systematic shift to cloud-first strategies.
Which sectors are most in need of digital transformation?
The vast majority of businesses across all sectors are currently implementing digital transformation projects of one kind or another.
Digitisation is impacting all areas of our lives and consequently all industries need to transform to keep up with the resulting changes in expectation and behaviour from their customers.
I do not feel there are any sectors that are completely immune.
Which ones have fallen behind the curve, and what can they do to catch up?
In some industries that are highly regulated, like healthcare, financial services and defence, compliance requirements makes digitalisation more complex and it can be a lengthy process, however this isn’t to say that these sectors have fallen behind the curve.
Many will have been given direct orders from the board to accelerate their transformation.
The simplest, quickest and most cost-effective path is to move to a cloud-first strategy.
What can companies do to be more digitally secure as they move more of their business onto the cloud?
Deploy a cloud access security broker (CASB) – a security technology that sits between an organisation’s devices and infrastructure, and a cloud provider’s infrastructure.
A CASB can make a big difference as it takes the strain of gate-keeping away from team members and adds additional data protection pervasively across the business.
It is important to realise that working with leading names in the cloud space doesn’t mean security is guaranteed or enabled by default – it is still vital to invest in cloud security.
For instance, 71.5% of CIS Benchmark violations in Amazon Web Services (AWS) occur in the identity and access management category, potentially allowing unauthorised access to these systems.
The changing dynamics of the modern workforce should also be kept in mind when moving to the cloud, factoring in the likelihood that employees across an organisation will be accessing cloud services from an array of devices from a number of locations, often outside of the corporate network.
What are some of the threats they face in a cloud-reliant world?
We hear the word “innovation” constantly associated with positive developments in the technology space, but we should never forget that threat actors are innovators too.
Businesses are charging into digital transformation journeys, spurred on by the prospect of major growth and success, and often falling into traps set by these actors who are equally accelerating ahead.
Data breaches, insecure interfaces and APIs and insufficient due diligence are just a few of the top threats businesses must address in our increasingly cloud-reliant world, all made particularly worrying by the potential to be hit by with a regulatory fine.
Tackling evolving threats is akin to trying to hit a moving target, but this is made infinitely easier with enhanced visibility.
The agility provided by Netskope’s security technology not only provides visibility, but it also keeps those protecting the business involved in identifying these latest threats in real-time.
Can you expand on the words of Netskope’s founder and CEO: “Without security transformation, digital transformation will fail”?
Businesses are boldly entering a new frontier as pioneers of the digital age, but the unknown is always associated with risk and ample precaution must be taken.
There is no doubt that evolutionary business enhancement lies in the various facets of digital transformation, but the increasingly sophisticated threats posed by threat actors mean that technology and business innovation must be intertwined with security innovation.
Without security transformation, a business will have wide and unsecured attack surfaces that can lead to data breaches, hijacking, data loss and other damage.
Threats and weak spots can present themselves anywhere in an increasingly cloud-reliant world, be they malicious insiders abusing weak identity, credential and access management, or teams of inexperienced employees unwittingly leaving themselves and company assets open to attack.