Intelligent CISO Issue 40 - Page 69

decrypting myths
RF : I normally use this phrase from Peter Drucker : ‘ Culture eats strategy for breakfast ’. And that could not be truer . We can have the best strategy but if we don ’ t have the culture and people to support that , it will all crumble to pieces .
The cloud security report indicates that the majority of organisations are actually using two or more cloud providers . Is that something that you see and what impact is it having on security ?
RF : From my perspective , highly regulated industries have something called ‘ risk concentration ’ which essentially means that they shouldn ’ t put all their eggs in one basket .
They actually need to use two or more cloud providers in order to share risk across them . That ’ s something that I see very often with my customers .
JVH : What we see more and more is a multi-cloud approach where organisations pick and choose based on the unique capabilities of the different cloud providers . For example , if a company is using AWS to host their website and their business application and they ’ re using Microsoft 365 , they are already multi-cloud . They have two different attack surfaces that they need to defend against .
The question is , how do you get these clouds to talk to each other and then ensure visibility across all of them ? That ’ s where we need to have the proper tools . The good thing with cloud is that everything ’ s API-driven , so I can get all the information out of these portals using API .
The report findings state that the features teams found most useful in cloud security solutions were integration and customisation . Why is this and how can these capabilities help not only in improving security posture , but in
Joeri Van Hoof , Consulting Systems Engineer , Fortinet
helping organisations achieve success in delivering on their business objectives ?
JVH : If we look at what we have available at Fortinet , we have a lot of things predefined . When I started 20 years ago , installing firewalls and so on , it took two or three days to get everything set up and get the hardware in place , etc .
Now , deploying a firewall within public cloud or deploying a service in public cloud takes five to 10 minutes and it ’ s ready to go because we have those templates and best practices contained within that system and using that as a blueprint to get you started makes it much easier .
Cloud providers are also doing the same thing – they have their concept of landing zones for example where we can tie in and provide that security as well . The fascinating thing is that we can obstruct , but in the end , also gain that extra security there .
Can you tell us about the specific elements and capabilities of Fortinet solutions and approach to security that customers tell you that they find particularly helpful ?
JVH : Many of our solutions are completely cloud-based , for example , our FortiWeb , which is our web application firewall construct . We ’ ve totally revamped that as a fully cloud native service .
It runs inside of the different cloud providers , so we support AWS , Azure , GCP , as well as Oracle . Once you set up your website or your API service through that service , we will automatically detect in which cloud you ’ re running .
Based on that , we will select the closest data centre that we have to run the security scrubbing . Secondly , FortiGuard Labs , our threat intelligence arm , gathers information from all of our different data points across the Internet and we use sandboxing and leverage Machine Learning and AI to reduce false positives .
RF : Fortinet is also committed to innovation . We are supporting , for instance , the latest on containers . Our products leverage Machine Learning and Artificial Intelligence and we statistically analyse the traffic to detect malicious patterns .
We also cover some on-premise and have on-premise products . And while that ’ s not the cloud , it ’ s important . Why ? Because no CIO is going to the board and saying they ’ re switching everything to the cloud tomorrow . That ’ s not going to happen . It ’ s a journey .
Fortinet has the portfolio to cover that entire state and that journey – for when the customer needs security protection on-prem and when they need it in public cloud . We offer a single pane of glass that provides visibility across environments .
Fortinet also has a consulting offering which can help customers understand their security posture while they ’ re migrating into the cloud and help them through that journey , either with best practices and by giving them advice on alignment to industry leading frameworks as well . u www . intelligentciso . com