M+E Daily

Fortinet Explores Latest Cloud Security Challenges

During Fortinet’s online Cloud Security Summit on Nov. 1, company executives and other experts explored the latest cloud security challenges that businesses and their customers now face.

Organizations that are driving towards digital acceleration are deploying their applications wherever it best meets the demands of their businesses and their customers, according to Fortinet. As a result, applications can now “live anywhere from on-premises at data centers, across hybrid and multi-clouds, and edge compute,” the company says.

That creates complexity, loss of visibility and increased risks for security teams who are often challenged with a lack of adequate resources and/or cybersecurity skills for cloud.

Fortinet CloudSec Fabric solves for many of those challenges by delivering consistent security, centralized management and visibility, along with cloud-native integrations, according to the company.

“There’s just more external forces than ever driving cybersecurity,” John Maddison, CMO and EVP of product strategy at Fortinet, said during the first Summit session.

He moved on quickly to discuss the “threat landscape,” saying: “Obviously, every company is pushing their digital acceleration and evolution. [There are] some economic headwinds at the moment. Every company, especially in Europe actually, is looking at environmental, social and governance requirements.”

Meanwhile, “of course, there’s always technology disruption,” he said, explaining: “AI is front and center. And then every region, every country, every industry practices regulatory and compliance requirements that came to be ever-increasing, starting with the threat of ransomware. Terms like phishing, advanced persistent threats, ransomware, supply chain attack, zero days, seem like terms we’ve been using for quite some time. But what happens is these terms, these techniques and technologies are always changing. Just look at spear phishing. Right now, you’ve got phishing as a service. You’ve got [voice] phishing.”

He added: “Today’s ransomware not only encrypts your data but also wipes it clean. You’ve got zero-day vulnerabilities…. There are attacks on cyber physical operational technologies. There’s the geopolitics, with state sponsored attacks, and, of course, supply chain and insider risk.”

Focusing on cloud risks, he said: “All companies are pushing very hard to make sure they can get their digital footprint within their business. And I always try and simplify this digital infrastructure. Clearly, there [are] applications, there are networks, there are users and devices. And all these areas are changing. Users are coming along with the network, more devices [are] attached, networks are getting ever faster.”

But he said: “A big area of concern for customers is the application journey. So what used to be a very controlled data center, of course, these days now consists of infrastructure as a service [and] SASE applications and applications continuously moving from data center to cloud and, sometimes, [as] we’ve seen recently, from cloud back into the data center or into SASE.”

He pointed to a cloud security report by Cybersecurity Insiders that showed many customers now have multiple clouds and multiple data centers and multiple SASE applications.”

His prediction: “They’re going to continue to increase their use but also continue the use of multicloud.”

Organizations must, therefore, “prioritize,” he said. They’re also still trying to solve problems that include “preventing misconfigurations, securing major cloud applications, defending against malware and breaches and, of course, compliance,” he pointed out.

As a result, he added: “A platform approach … most respondents said, is a simplistic way of helping them secure their closed cloud environment.”

He also pointed out that Fortinet focuses on network security; security and networking convergence across all edges, users and devices; hybrid and multicloud security control; securing the application journey on any cloud; AI- powered security operation” and the consolidation of “security operations platforms to really accelerate the time to detect and to respond to threats.”

Frank Dixon, group VP of security and trust at IDC, then reviewed key strategies to accelerate digital transformation through better security outcomes.