In this Help Net Security interview, Sanjay McEwan, CTO and Chief Information Security Officer at Vonage, addresses the emerging threats to cloud communications and the role of AI and automation in cybersecurity.
What emerging threats to cloud communications concern you most, and what new technologies or approaches are you considering to address these threats?
The modern digital infrastructures that make up many businesses today face an alarming amount of potential threats every day, and these threats are becoming increasingly complex, especially in the age of artificial intelligence.
Businesses must implement appropriate threat detection and anti-fraud measures to protect their organizations and users from the ever-evolving threat landscape. The big one for me is Advanced Persistent Threats (APTs), where a state or sponsored group gains unauthorized access to a network for an extended period without being detected. To combat these threats, organizations must also implement advanced threat detection and response systems that use artificial intelligence (AI) and machine learning (ML) to support teams and respond quickly and efficiently.
Many companies are also leveraging cloud-based unified communications tools to create richer interactions with their customers and meet customers in the communication channel of their choice whether it is voice, video, messaging or AI-enabled chat. Implementing cloud-specific ransomware and fraud protection tools is key to countering threat actors and building and maintaining customer trust. Creating secure API gateways that provide additional security layers including authentication, encryption, and rate limiting is a good starting point, but teams should also consider incorporating more stringent security testing and management practices.
Other ways to mitigate these potential threats include adopting a Zero Trust architecture, where everyone inside and outside the organization must be verified and authorized to access information.
What role do artificial intelligence and automation play in cloud communications cybersecurity, and how can these technologies be leveraged to improve the security posture?
AI and automation are transforming cloud communications cybersecurity by enhancing threat detection, response times, effectiveness, and overall efficiency of security operations. Both technologies play a pivotal role in identifying and mitigating threats in real-time, a critical capability given the dynamic nature of cloud environments.
AI-powered systems can quickly analyze large data sets, often identifying patterns and anomalies that indicate a cybersecurity threat more easily than human agents/workers. This capability is essential for early detection of complex cyberattacks, such as zero-day exploits, that traditional security tools and human experts can easily miss.
AI models also have the advantage of learning from historical data and can continually improve, becoming more adept at predicting and identifying potential threats. However, organizations must keep in mind that these models are only as good as the data feeding them, so data cleanliness and good practices are important.
Automation is another important element and complements AI by executing pre-defined responses to common threats without human intervention, significantly reducing response times. If AI detects unusual behavior, for example, indicating a potential data breach, automation can immediately isolate affected systems, apply security patches, or even revoke access rights from certain individuals or devices. Together, cloud-based communication and purposeful application of AI help contain any threats and reduce the overall impact on the organization.
Artificial intelligence and automation also play well together when it comes to managing and enforcing security policies across cloud communications networks by ensuring that all data transfers and communications meet strict security standards. This is extremely important in the Zero Trust security model, for example, where AI can make real-time decisions about access requests based on behavioral analysis in a way that enhances security but protects the overall user experience.
To improve security posture and foster a proactive security environment, companies must leverage AI and automation for continuous security monitoring, predictive threat modeling and automated incident response and reporting. Any environment must be able to adapt to new threats quickly, reducing human error and freeing up security teams to focus on bigger issues rather than routine and boring tasks. A cybersecurity strategy that includes AI and automation will help organizations solidify their defense mechanisms and strengthen their security posture in the face of the ever-evolving cyber threat landscape.
What are the important security and compliance standards that organizations should prioritize when choosing cloud communications providers?
Key considerations include ensuring strong data encryption practices, using robust access control mechanisms such as MFA and role-based access controls (RBAC), and implementing compliance by design to support regulatory requirements such as GDPR, PCI, and HIPAA. This compliance is critical to protecting sensitive information such as healthcare information and payment data. Data sovereignty is another important aspect to consider because companies must be aware of where their data is stored and processed to comply with national data location requirements. Providing clear data localization options will help organizations meet these requirements.
A comprehensive incident response and management framework is also vital when it comes to addressing and mitigating security incidents. There must be transparent procedures for incident reporting, response and recovery. Regular security audits and penetration testing conducted by third parties can help identify and proactively fix any security vulnerabilities.
What metrics or KPIs should companies use to measure the effectiveness of their security controls in cloud communications?
Key metrics include Mean Time to Detection (MTTD), Mean Time Between Failures (MTBF), Mean Time to Failure (MTTF), and Mean Time to Repair/Recovery/Response/Resolution (MTTR).
MTTD and MTTR help measure a company's threat detection speed and response capabilities, and low levels indicate effective security controls are in place. Another metric to consider is the false positive rate, which evaluates the accuracy of the current system in place and a lower rate here means that security resources are being used in the right ways and are tuned to focus on real threats.
How important is the human factor in cloud communications security, and what steps can organizations take to mitigate risks associated with human error or insider threats?
Although new technology and automation are great additions to cloud communications security, there is no substitute for humans, who are a critical component of any security team. At its core, it is a triple combination of the impact of the use of advanced technologies, mature and disciplined operations, and human expertise that forms a strong and sustainable security foundation.
It goes without saying that comprehensive security training is a must for everyone, and it pays to take the time to educate employees on best practices and walk them through examples of different cyberattacks. Organizations can also introduce the Principle of Least Privilege (PoLP), which essentially limits individuals' access to resources that are most needed for a particular job or task and reduces the likelihood of potential threats. Finally, creating an environment where everyone feels accountable for the company's collective security posture is critical.
What emerging technologies or strategies do you believe will play an integral role in enhancing the security of cloud communications?
Artificial Intelligence and Machine Learning are transformative and impactful emerging technologies that are advancing at an incredibly rapid pace. Currently, AI and machine learning are most useful in proactively identifying and responding to threats simply by analyzing patterns and predicting potential vulnerabilities.
Wider adoption of Zero Trust security models will also be important, as no entity should be trusted by default. Leveraging emerging tools that allow companies to take an “always-on” approach to security will be critical in the coming years.
