Short interview with cloud security expert Jurlind Budurushi from Cloudical
Securing the infrastructure, platforms, processes, and data is one of the most important topics in cloud computing. the cloud report interviewed cloud security experts about the challenging year 2020, how this year of digitization affected cloud security, and their expectations and solutions for 2021.
What were the biggest security challenges for cloud customers in 2020?
A thorough understanding of the responsibility model, i.e., sharing of the security responsibilities between Cloud Service Providers and Cloud Customers. It is important to emphasize that this has been one of the biggest challenges since the beginning of Cloud Computing.
What were the 3/5 critical vulnerabilities that you became aware, and maybe were confronted in 2020? How did or would you address those vulnerabilities, i.e. which solution would you recommend, and why?
“A chain (Security) is no stronger than its weakest link”. Thus, the most critical vulnerability were, are, and will be humans, more specifically their security awareness and behaviour. In order to address this, it is necessary to increase the security awareness of everyone, including users, developers and system operators. This is necessary, however not sufficient, therefore it is of crucial importance to improve security behaviour as well by supporting everyone with usable security tools. Last, but not least, automating the implementation of security countermeasures, in order to decrease human error.
There are different approaches to secure cloud environments. Which is the more effective one in your opinion?
An effective approach for securing cloud environments should consists of the following steps:
- Have a through understanding of the business processes that are taking place in the cloud, and identify the critical assets, i.e. confidential information being processed therein that needs to be protected.
- Take an holistic and systematic approach, tailored to the specific context.
- As there isn’t 100% security, always assume breach.
- Implement security best practices, including a reliable disaster recovery.
- Continuously monitor and evaluate the security posture, and when necessary improve.
What is your security offering and how does it improve the security posture in the cloud?
Cloudical’s security offering has its fundaments in the mind set. We understand security as a continuous, integral, multi-dimensional, and multi-layered process that involves humans, environment and technology. We support and enable our clients to embrace this mind set.
How will the market change in 2021, i.e. what security challenges do you foresee?
The security market, as usual in the last decade, is going to grow. As systems are becoming more and more complex, there is always going to be very challenging to secure them. I would like to turn it around, and think on how to make it more challenging for those who break into systems. Besides, already known principles as Security By Design and Security in Depth, I think that principles such as Moving Target Defence combined with Security Automation would increase the effort to break into systems and decrease the scalability of attacks significantly.
Dr. Jurlind Budurushi: He is Head of Security at Cloudical Deutschland GmbH. He is currently working on security challenges in the Cloud Native approach, focusing on Kubernetes. He is a passionate engineer and trainer, and aims to enable and establish an holistic security mindset. In addition, he is a lecturer on Cyber Security, currently at Duale-Hochschule-Badenwürttemberg where he lectures IT-Security. In his career, he has had different roles, and has been working with international teams on various, interdisciplinary security projects. He, also holds a PhD from the Technische Universität Darmstadt on Usable Security.