Adhi Ramanathan, Sr. Director of Engineering at Kissflow, leads the engineering team and helps Kissflow build great products. A veteran, passionate about code and system designing, Adhi joined as a fresher and has risen through the ranks. He is the brain behind engineering the backend modules in various Kissflow products.
Adhi discusses the challenges to security, best practices for implementing threat hunting and how to make your systems secure as you scale.
This article is published as part of our CIO/CISO Knowledge Series, Powered by Sophos.
In this era of digital transformation can you share the top three security threats businesses face today?
The three major security threats businesses face today are:
Data Security Governance: Data Security Governance is the biggest challenge in the Digital era. It is a subset of the overall Information Governance Model, yet it plays a very critical role. Organizations are good at defining Data Classification policy and ways to handle data, but most of them fail in the very first step in data classification, which is Data Discovery. Businesses focus on delivery rather than security in the initial stages, and as they rapidly expand, they lose track of where their critical data resides. Unless you discover the locations of your crown jewels, you will not be able to protect them.
Cloud Security: While traditional network security is pretty straightforward where the organization takes ownership of all security-related procedures, cloud security is a different ball game. It’s a myth that the cloud makes security complex; in fact, it has actually made security simpler.
What makes cloud security complex is the lack of understanding of the Shared Responsibility Model. I personally believe the security of a product/service delivered through the cloud is far easier to achieve when compared to a traditional network.
Insider Threat: It is important we trust our employees, but not blindly. A malicious insider with privileged access to sensitive information poses a far greater immediate risk than an external attacker trying to gain access to such information. We have traditionally believed the “Castle and Moat” model will ensure security, completely forgetting about the malicious insider. This is why Zero Trust is a perfect solution for the issue at hand.
Kindly share the best practices in threat hunting to proactively protect data.
The best approach towards establishing a threat hunting practice is to not start with a baseline of your network but to start with the assumption that your network is already compromised. The ultimate objective is to be aware of the reason behind the existence of every packet on your network. When you gather threat intelligence to support your threat hunting practice, do not get overwhelmed by the large amount of open-source threat intel that is available. Understand the technology landscape, use relevant threat intel to identify threats using IOCs, finally evaluate popular TTPs (Tactics, Techniques and Procedures) relevant to your landscape and build your suite of tools to recognize them in your network.
How can digital transformation technologies such as AI/ML help with threat hunting and crisis preparedness?
This is a far-fetched topic at this point. The market is flooded with security tools claiming to be “AI/ML-based” though most of them are using simple analytics. Threat Hunting as a practice started with manual techniques, went into automation through scripting, later incorporated smart analytics and the next logical step in this process would be incorporating true machine Learning. As the attacks become smarter and the available data becomes larger, we train the machines to predict and decide while being supervised by humans.
How is Kissflow helping to secure its customers’ data?
People closer to the problem know how to fix things faster. No-code/low-code platforms take technology closer to the people who have the domain knowledge. Almost always, data risk comes from incorrectly configuring permissions, access control and privileges for specific files or processes. Oftentimes these are hardly detectable by the IT team. The IT team is well equipped to work on cybersecurity threats of different classes. But these kinds of data risks are often exposed at the business level. When the line of business users have no control in changing the system that has data exposure, they have to follow the traditional approach of raising requests and waiting for the change to take effect after propagating the bureaucratic process of change management.
Kissflow’s products are simple Low-code & No-code application platforms, allowing business users to make those changes pretty much instantaneously and push the changes to production, thereby arresting the data exposure as soon as they come to know of it. It is as simple as revoking access to a Google doc someone wrongly got access to.
What are some of the ways collaboration technology can be made more secure?
The vendors need to be more transparent in publishing stats regarding data backup, list of vulnerabilities addressed, internal audits and the results–this will instill more confidence among enterprises. In short, enterprises need a dashboard to continuously monitor the state of the data that is stored.
Kindly share three best practices businesses must incorporate for security and governance as more digital initiatives are implemented.
For incorporating best practices in security and governance, businesses should:
- Understand every packet on your network–where is it from (source), who is it from (Who), where is it going (Destination), how is it going (protocol) and why is it required. Extend this capability to endpoints by knowing what processes are trusted, what privileges the processes are running with, what changes to the file systems are happening, what processes are triggering those activities.
- Do not lose out on the basics. While you might have the best-in-class security devices deployed on your network, unless they are properly configured, they are ineffective. Vulnerability Management (Patches) and Configuration Management (Hardening) will protect you from 75% of the threats out there.
- Zero Trust is the key to solving security challenges that remote working has introduced. Every internal and external user is treated the same in a Zero Trust security model which makes your physical location irrelevant.
What can be some of the bottlenecks to security in organizations especially still on legacy systems? What can be some of the impacts of this?
The biggest challenge in using legacy systems is the unavailability of vendor support for security patches and the availability of public exploits. The legacy systems will forever be the weakest link in your network and all it takes is one vulnerable system to gain a foothold into your network.
How can you ensure scalability and future-proofing of the security and therefore the digital initiatives of your customers?
Simply by building a strong foundation. I’d personally start by establishing a strong Information security management system (ISMS) that aligns with the business requirements. This will ensure your base framework is comprehensive in nature. The next step is to prioritize and focus on the most relevant domains to your business and implement advanced security concepts in them. Prepare a security roadmap for the organization considering all internal and external factors and evaluate the business changes to see if the roadmap is still relevant. Continuously improve your security posture as your business expands, which will ensure seamless delivery of secure digital solutions to your customers.
Sophos Cybersecurity