Introducing the Ermetic Advisory Board: Elie AbenMoha of Publicis Groupe
Thoughts on cloud security from advisory board member Elie AbenMoha of Publicis Groupe
We recently announced the formation of the Ermetic Advisory Board which includes a who’s who of CISOs and cloud security experts from the technology, media and communications sectors.
So who *are* these experts? In recent posts, we met Travis McPeak of Netflix and Adrian Ludwig of Atlassian.
Next up is Elie AbenMoha, the Chief IT Security Officer for Publicis Groupe. We recently spoke with Elie and asked him for his predictions and insights on public cloud security…
What do you think are the biggest cloud security challenges/concerns for organizations?
There are many challenges... and that can be a challenge in itself! If I had to choose one, it would be Governance - the tension between the need to maintain velocity and agility, while also maintaining security and visibility. We need to train the teams, whether they are DevOps or developers or cloud services, to do their jobs in a way that folds security in. We need to teach them what’s important so they can tighten security without breaking the business.
What are your predictions for cloud and cyber security over the next few years?
The first thing that comes to mind is that the threat is growing. Attacks on the cloud are increasing in number and at the same time, data is everywhere. It’s so much harder to govern data than it used to be. The combination of factors - more attacks, more data in the cloud, less governance, and slow investment in security - means that the situation is going to get worse before it gets better. Cloud attacks will be more systematic and more scaled, and it will get harder to defend against them.
Unfortunately we only learn from our mistakes. Until there is a major breach with serious impact, many companies will not take action. For example, banks and retailers make the most serious investment in security because they have been burned before.
Many organizations haven’t implemented the basic technologies and processes yet. They need to address those first - the majority of attacks can be prevented by security hygiene. As companies are moving into the cloud, they are finding it challenging to not only master the cloud technologies but to also implement the new security controls.
There is race between the technology of the attackers and defenders. But it’s a wave, and eventually the defenders will catch up - until a new kind of attack is devised! The cat and mouse game is never going to stop. In fact, the current crisis is probably going to fuel the attacker economy.
Another prediction is that the increasingly strict privacy regulations and the harsh penalties will encourage some organizations to pay hackers rather than deal with the very large penalty payments to the regulators. This will only serve to encourage more attacks.
What drew you to Ermetic?
The team! I joined in the brainstorming from the beginning, and it has been a fascinating process working with an experienced group of founders and industry veterans.
As I said before, with data everywhere in the cloud, governance has become both harder to achieve, and more important than ever before. Identity and access governance is a critical control for cloud data. Ermetic is empowering developers to deliver their projects on time, without sacrificing security and governance.
Want to hear more from Elie?
You're invited next week when Elie joins us for a webinar to dive into the top reasons why Gartner featured Cloud Infrastructure Entitlement Management in this year’s hype cycles for Cloud Security and IAM. Elie will the need for CIEM and the way it is used by enterprises today. Register now.