CERT-In Training Seminar on “Proactive Automated Cloud Security” with India’s financial sector

By
Sesh Murthy, CTO, Cloud Raxak
Sridhar Sachidanandam, CTO, GMS Global Solutions Pvt. Ltd.
Mohan Bethur, Managing Partner, Anzen Technology Partners
Tarun Krishnamurthy, Managing Partner, Anzen Technology Partners
Anya Ramamurthy, Senior Marketing Coordinator, Cloud Raxak
 

On February 28, 2017 in New Delhi, India, Cloud Raxak presented a day-long training seminar on “Proactive Automated Cloud Security” to representatives from 45 of India’s largest institutions in the financial and infrastructure sectors. Invited by the Indian Ministry of Electronics and Information Technology, Cloud Raxak gave the seminar under the aegis of CERT-In (Indian Computer Emergency Response Team) to assist with security thought leadership in the cloud transformation of these sectors.  The seminar provided training on cloud adoption trends, primary drivers and challenges of adoption, the standards that enable a secure cloud transformation, and how to practically use standards in proactive and automated cloud security.

The demonetization that took place in India last year resulted in banking transactions tripling from November 2016 to March 2017, and financial institutions expect the volume of transactions to increase another order of magnitude in 2017. In light of this large influx of digital banking activity, two things have become clear to India’s financial institutions:

1. The need for the cloud’s flexibility, scalability, and speed of action, in order to handle the influx of digital banking activity.
2. The need for secure cloud adoption to protect sensitive data throughout this cloud transformation.

Cloud Raxak showed financial institutions that the key to quickly and cost-effectively achieving these two goals lies in proactive and automated security.  The key takeaways from the seminar and its participants are:

• There are three primary drivers of cloud adoption: flexibility, scalability, and speed of action.
• Cloud adoption has skyrocketed in the past few years as a result of increased consumer digital activity. Enterprises prefer a hybrid cloud strategy for reasons such as taking advantage of both private and public cloud services and avoiding vendor lock-in (85% of enterprises have a multi-cloud strategy, and 58% of that group have a hybrid cloud strategy¹). In India, enterprises largely use SaaS and IaaS cloud services (88% using SaaS and 55% using IaaS²).
• ¹ RightScale 2017 State of the Cloud Report
  ² Instasafe & CSA 2016 Survey on State of Cloud Adoption and Security in India
• There are four primary security challenges in Software Defined (Cloud) Environments: dynamic nature of cloud, scale, hybrid environments, and novice users/shadow IT.
• Though the cloud is advantageous for agile business, lack of automated processes for cloud management leads to the four challenges stated above.  These challenges have serious business impact: increased management costs, higher residual risk and attack surface, and the impediment of DevOps.
• Attack surface in the cloud can be drastically diminished by mapping standards to security controls in a CISO-defined security posture.
• Industry standards and government regulations (e.g. DISA, NIST, PCI-DSS, HIPAA, FFIEC, etc.) are effective tools in practically defining a security posture for enabling automated cloud security management.  Standards are key in ensuring smooth and secure cloud transformations.
• Traditional IT management processes (manual or semi-automated) for security do not translate well to the cloud. Application of cloud security postures must be automated to ensure consistent and continuous protection.
• Both the short-lived nature of machines in the cloud, and the sheer number of machines and applications across clouds and lines of business, mean that humans cannot manage cloud usage and security manually.  The only way to effectively govern the cloud and reduce residual risk is through automation.
• Therefore, proactive and automated security is the key to cost-effectively securing cloud environments.

In the next few weeks, we will expand on these key aspects of Proactive Automated Cloud Security in a series of blog posts.  We are continuing to work with the seminar participants and the broader community, to include a range of perspectives and insights and ensure that the cloud transformation of India’s financial sector is the best it can be. Stay tuned to learn how Proactive Automated Cloud Security is the key a successful cloud transformation for your business!