The cloud may have made business more flexible, but it has made cybersecurity complicated.
According to Jay Parikh, CEO at Lacework and our guest on this #CybersecurityByDesign conversation, the cloud model “introduces a whole new set of risks that I think the industry, we all, are really trying to put our arms around.”
Together Parikh and Sam Rehman, EPAM’s Chief Information Security Officer and SVP and his conversational companion, try to figure out how stretch the arms of cybersecurity to provide an adequate defensive posture.
Part of the answer is starting early. “Ideally you understand risks in your environment before they show up in production and before they impact the business,” says Parikh. “But if there are risks that do creep through into production... find and remediate them as soon as possible.”
Parikh adds that it’s important to rethinking the way security is done “so that it's part of this... builder kind of mentality that is there in the cloud.” You need people who can build security naturally into the development process.
Talent is an issue—a big one—here.
“We need more builders in security,” says Rehman. “Constantly just throwing people at it is just not gonna solve it.” Parikh agrees, adding that security must be "part of the build process. It's not an after-the-build process.”
Which means, of course, that you need the kind of people with the skills and capabilities required of builders.
“Finding builders, finding security expertise, is very hard these days,” says Parikh. “The demand just continues to far outstrip the supply of the talent out there.” And if you do manage to bring them on board, you need to provide them with engaging work. “You don't want them to be doing repetitive, mundane things because they're not gonna be happy. Then you have a retention problem.”
Listen to this episode. It’s so relevant and timely and thoughtful that retention won’t be a problem.
Host: Alison Kotin
Engineer: Kyp Pilalas
Producer: Ken Gordon