Jayesh Nandan, Chief Information Security, Risk, Risk and Governance Officer at Mediclinic, gave his insights on a highly regulated industry like healthcare. “For us, it's a combination of risk and understanding the business needs as well as meeting regulatory requirements. Everyone talks about identity management, access controls, etc., but our users have very sensitive information. If you think about a nurse or a doctor, they're working with sensitive data.” “There can be a separation of duties for users in other industries, but for the healthcare sector, it needs to be more personalized.”
For every organization, it is important to continually evaluate its cloud security posture and identify key risks. “You need to adapt your techniques to understand the baseline, what the anomaly is, and then you can detect the threat, especially at runtime, which is something that detection is very difficult to do and requires experience and a lot of algorithms to work,” explains Melih Kirkeguz, senior director of systems engineering at Fortinet. Together, but ultimately the goal is to reduce risk by understanding your own environment, business-related concepts, following frameworks and integrating technologies to get a comprehensive view, and a cycle, to leverage AI and automation technologies to reduce noise in the cloud.
Mansoor Ahmed Khan, senior director of network security at IHS Towers, agrees. “When we talk about multi-cloud environments, we get logs from many touchpoints. The amount is huge, so we need to use automation or scripting, just to get actionable intelligence.
Jeevan Badigari, senior director of cybersecurity at Arada, and moderator of the discussion, noted that two of the biggest risks in the cloud are identity misconfigurations and excessive privilege. Implementing robust identity and access management controls, including privileged access management and passwordless authentication, is essential to mitigate these risks.
He told me. “For successful implementation, understanding the environment, preparedness and cleanliness are very important,” says Satyamurthy, Sales Director, IDM Technologies. “We need to do a deep assessment of the environment and then we need to propose a solution that covers the key areas for improvement, not only from the point of view of the technology as an integrator but also from the methods, policy, processes and, most importantly, the team.
