Lacework CEOs and Presidio discuss cloud security - Lacework

Lacework CEOs and Presidio discuss cloud security

Lacework Editorial

May 3, 2022

Presidio Lacework partnership webinarLacework and Presidio have launched an exciting new partnership to bring the best solutions in cloud security.

Our co-CEOs, David “Hat” Hatfield and Jay Parikh, joined Presidio’s Dave Trader, Field CISO, and Troy Gerber, Cloud Security Consultant, to talk about cloud security trends, answer questions, and share their expertise from the field.

All four bring their prior experience and best practices to the table for an informative discussion about cloud security topics that are important today.

In this first blog in this series, Hat and Jay touch on the shift we’re seeing in the security space. From the way companies are approaching thinking about security early on in development, to the evolutionary roles of the CISO and SOC teams.

To watch the full webinar, click here!

Jon Jensen: What are the big shifts or trends in the cloud security space in light of increased cloud adoption?

Troy Gerber: What we’ve talked about a little bit is really on the automation side. As we get into the cloud, let’s automate as much as we can–let’s stop doing this manual work. And although the cloud is a challenge for SOC teams, I think it’s also a great opportunity for SOC teams. We have the central control plane and we have really good logs of everything that’s happening in the cloud. If we can leverage those and automate as much as possible, I think the cloud is actually a really great opportunity for those SOC teams to be that enabler of technology.

Hat: One of the things that we hear from customers consistently is that by putting Lacework’s platform in, it’s like adding 20 DevSecOps engineers, immediately. Because people are so overburdened with trying to keep up with all of this, we need great security architects and engineers and researchers embedded in our companies. We’re just trying to enable you to get more work done and drive efficiency up in a much more efficient way. Our goal is to enable security engineers and SOCs to be more productive and more impactful so that’s one of the things that we’re going to continue to focus on, delivering value against.

Jon: How do you see the shift of the role of security in an organization going from a gatekeeper role into a more prominent role?

Hat: I think the parallels are pretty similar to what we saw in the data business, actually, where storage administrators and storage architects were the ones who really knew what was going on with the data, and where the constraints were to feed the applications. As they removed some of the barriers and enabled all of this new ability to process, we saw the evolution of the chief data officer form. They had a rich understanding of data and the systems that underpinned it, but they also had an appreciation for what the business was trying to get out of the data. In the more innovative companies that we’re working with, we’re seeing that the CISOs, organizationally, are partnering with IT and Dev, and sitting as equal peers, organizationally, going forward. So we see this evolution of the CISO moving into more of a business exec that’s outbound, and that’s an exciting trend because this is where we move from being a gatekeeper to an enabler. That’s what we’re talking about. We’re talking about an enablement platform that allows developers to move really quickly, and to be really agile, but it’s also about moving the security organization up and more outbound in their roles. And it’s inevitable as the threats continue to increase and expand, moving into the cloud.

Jay: At my prior employer, a lot of what we did from a security perspective, over the years, became much more embedded in the actual developer workflow. So a lot of the role of security was helping to automate and bring that technology into every part of the life cycle, and it wasn’t something that was there, necessarily. There are things that you have to do from a governance and compliance perspective and overall business and outbound work that Hat was mentioning, but really focusing in on how security’s like any other feature that you would put into your application. The role of the security teams in helping to bring that knowledge, bring that architecture, and bring that automation, with the data, with the tools all upfront in the process, is breaking down those walls between the organizations, and it’s like they’re embedded as part of the teams. They’re actually helping them move faster, build more secure code, and there is that mixing of the skill sets there that ultimately benefit the business, and operating bolder, operating faster, and then there isn’t this tension between these organizations, so that cultural transformation will happen.

Jon: Do you see customers moving towards this concept of a platform for their security needs, or even their cloud security needs? Or do you see customers leaning into a point product or a point solution to solve their problem?

Troy Gerber: That’s an excellent question because when we go in and work with customers, we can sometimes spend hours going through, “What product do you use for this? And what do you use for this?” and going through frameworks and trying to figure out all the different solutions and products they put in place. And we definitely find that a lot of those products aren’t well maintained, they don’t really have an owner, they’ve been purchased over time and put in place, and that causes a lot of difficulty to really understand, what does your security look like? How do we evaluate that? And so we do see people leaning towards those platforms.

Hat: We’re seeing the same thing, and one of the reasons for the whole approach that we’ve taken is that it can completely change. What is a very normal and rational approach that’s built up over the last years, the reason why customers have on average 75 different tools, is because the attack surfaces were so nuanced that you needed to have deep specialization to try and solve one specific thing, and so as a CISO, you had to bring these things in to try and minimize the attack servers. But that’s when you’re trying to write a rule to stop one very specific thing. It’s when you flip it on its head, and you use a data driven approach, where we’re managing and assessing and monitoring billions of interactions that are happening across your environment, that you can actually get a picture much more efficiently of what’s happening and what’s anomalous in your environment.