Image Credit: Virendra Saklani/Gulf News

Although cloud security solutions have witnessed exponential growth over the years, there is a need for continuous monitoring and automation, said experts in a panel discussion at Gulf News Cybersecurity Forum 2024.

Unlike domains like finance and healthcare, the real estate industry isn’t strictly regulated when it comes to cloud technology, said Munish Jain, Senior Manager, Cybersecurity at Sobha Realty. “Everyone is trying to move data from on-premises to cloud environment to cut cost. But are we really safe? Are we monitoring what is happening inside? Are we able to manage and categorise data? The challenge that we see over time is in managing user data, patented data, organisation credentials, etc. But a lot of sophisticated technologies are emerging, which will help.”

Jayesh Nandan, Information Security & GRC Officer, Mediclinic, offered his insight into a heavily regulated industry such as healthcare. “For us, it's a combination of risk, understanding the business need and also meeting the regulatory requirement. Everyone talks about identity management, access controls, etc. but our users are sitting with very sensitive information. If you think about a nurse or a doctor, they are working with super-sensitive data. You can have segregation of duty for users in other industries but for the healthcare industry it has to be more customised.”

Identifying key risks

For every organisation, it’s important to continually assess their cloud security posture and identify key risks. Melih Kirkgoz, Senior Director Systems Engineering, Fortinet, explains: “You need to adapt your technologies to understand what the baseline is, what’s the anomaly, and then you can detect the threat, especially in the runtime, which is a very hard thing to do and requires experience and a lot of algorithms to run together, but eventually the goal is to minimise the risk by understanding your own environment, business-related concepts, following the frameworks and integrating technologies to have end-to end visibility, and, of course, to utilise AI and automation technologies to reduce the noise in the cloud.”

Mansoor Ahmed Khan, Senior Manager Network Security, IHS Towers, agrees. “When we talk about multi-cloud environments, we get logs from so many touchpoints. The amount is huge, so we need to employ automation or scripting, just to get actionable intelligence.”

Two of the biggest risks in cloud are misconfigurations and identity excessive privileges, pointed out Jeevan Badigari, Senior Manager Cybersecurity, Arada, the moderator of the discussion. Implementing robust identity and access management controls including privileged access management and passwordless authentication is imperative to mitigate these risks.

“For a successful implementation, understanding the environment, preparedness and hygiene are very important,” said P. Sathyamurthy, Sales Director, IDM Technologies. “We need to deeply assess the environment, then we need to propose a solution that covers major areas of improvement, not only from a technology standpoint as an integrator but also the approaches, the policy, the processes, and more importantly, the team.