#1 Trending Cyber Security News & Magazine
Saturday, June 10, 2023
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Google Secure AI Framework

    Google Secure AI Framework and the Greater Issue of AI Safety and Regulations

    LockBit Threatens to Publish Data Stolen From Cortina Watch Cyber Attack

    LockBit Threatens to Publish Data Stolen From Cortina Watch Cyber Attack

    OneDrive outage

    Microsoft Hacked? OneDrive Services Disrupted, Anonymous Sudan Claims Responsibility

    Critical Vulnerabilities in VMware Aria Operations for Networks Spotted; Patch Issued

    Critical Vulnerabilities in VMware Aria Operations for Networks Spotted; Patch Issued

    DEVILS SEC Joins KILLNET

    Ukraine at Risk: DEVILS SEC Joins KILLNET in Support of Russia

    Severity Vulnerabilities in Mozilla

    High Severity Vulnerabilities in Mozilla Fixed, Update Now!

    NoName Hacker Group

    NoName Hacker Group Sets Sights on Swiss Parliament and SSG in Cyber Assault

    Google Chromium vulnerability

    Have Your Patched This Google Chromium Vulnerability Yet?

    Operation OpSweden

    When Hackers Take the Bait: ‘Sex Championship’ Ruse Sparks Operation OpSweden

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    Martin Sloan, Five Years Of GDPR

    Five Years of GDPR: There is a Long Way to Run on Cross-Border Data Transfers

    Nokoyawa Ransomware Group

    All You Need to Know About The Nokoyawa Ransomware Group

    StopRansomware Guide

    Updated StopRansomware Guide Warns of Ransomware’s Shape Shifting Tactics

    Microsoft Entra

    Microsoft Build 2023: Microsoft Entra Introduced With New Identity and Access Features

    Data Protection Commission

    Irish Data Protection Commission imposes $1.3bn Fine on Meta

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    disclosing cybersecurity incidents

    Why Victims Fail to Disclose Cybersecurity Incidents, And Why They Should

    Stakeholder Communication During Crisis

    Stakeholder Communication During Crisis: How to Get It Right

    Government Regulation of AI businesses

    Government Regulation of AI businesses: UK Competition Watchdog Launches Review

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    Cybertech Africa

    Cybertech Africa: The Pan-African Event for Innovation and Networking

    IBM Acquired Polar Security

    IBM Acquires Polar Security Reportedly For $60 Million

    World CyberCon Middle East 2023

    World CyberCon Middle East 2023: The Premier Cybersecurity Conference in the Region

    ODIN by Cyble

    Cyble Launches ODIN: A Revolutionary Tool for Unparalleled Internet Exploration

    cybersecurity investments

    Cybersecurity Investments Up in April, Market Watchers Predict Growth of Over $700 billion

    OilRig APT

    Experts Warn of Increased IT Supply Chain Attacks by OilRig APT in Middle East

    World Password Day 2023

    World Password Day 2023: Protect Your Password, Create an Unbreakable One

    national cybersecurity strategy

    US National Cybersecurity Strategy: Businesses, Let’s Start with Disclosure!

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
SUBSCRIBE
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Google Secure AI Framework

    Google Secure AI Framework and the Greater Issue of AI Safety and Regulations

    LockBit Threatens to Publish Data Stolen From Cortina Watch Cyber Attack

    LockBit Threatens to Publish Data Stolen From Cortina Watch Cyber Attack

    OneDrive outage

    Microsoft Hacked? OneDrive Services Disrupted, Anonymous Sudan Claims Responsibility

    Critical Vulnerabilities in VMware Aria Operations for Networks Spotted; Patch Issued

    Critical Vulnerabilities in VMware Aria Operations for Networks Spotted; Patch Issued

    DEVILS SEC Joins KILLNET

    Ukraine at Risk: DEVILS SEC Joins KILLNET in Support of Russia

    Severity Vulnerabilities in Mozilla

    High Severity Vulnerabilities in Mozilla Fixed, Update Now!

    NoName Hacker Group

    NoName Hacker Group Sets Sights on Swiss Parliament and SSG in Cyber Assault

    Google Chromium vulnerability

    Have Your Patched This Google Chromium Vulnerability Yet?

    Operation OpSweden

    When Hackers Take the Bait: ‘Sex Championship’ Ruse Sparks Operation OpSweden

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    Martin Sloan, Five Years Of GDPR

    Five Years of GDPR: There is a Long Way to Run on Cross-Border Data Transfers

    Nokoyawa Ransomware Group

    All You Need to Know About The Nokoyawa Ransomware Group

    StopRansomware Guide

    Updated StopRansomware Guide Warns of Ransomware’s Shape Shifting Tactics

    Microsoft Entra

    Microsoft Build 2023: Microsoft Entra Introduced With New Identity and Access Features

    Data Protection Commission

    Irish Data Protection Commission imposes $1.3bn Fine on Meta

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    disclosing cybersecurity incidents

    Why Victims Fail to Disclose Cybersecurity Incidents, And Why They Should

    Stakeholder Communication During Crisis

    Stakeholder Communication During Crisis: How to Get It Right

    Government Regulation of AI businesses

    Government Regulation of AI businesses: UK Competition Watchdog Launches Review

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    Cybertech Africa

    Cybertech Africa: The Pan-African Event for Innovation and Networking

    IBM Acquired Polar Security

    IBM Acquires Polar Security Reportedly For $60 Million

    World CyberCon Middle East 2023

    World CyberCon Middle East 2023: The Premier Cybersecurity Conference in the Region

    ODIN by Cyble

    Cyble Launches ODIN: A Revolutionary Tool for Unparalleled Internet Exploration

    cybersecurity investments

    Cybersecurity Investments Up in April, Market Watchers Predict Growth of Over $700 billion

    OilRig APT

    Experts Warn of Increased IT Supply Chain Attacks by OilRig APT in Middle East

    World Password Day 2023

    World Password Day 2023: Protect Your Password, Create an Unbreakable One

    national cybersecurity strategy

    US National Cybersecurity Strategy: Businesses, Let’s Start with Disclosure!

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Interviews

What is the Future of SaaS Based Security?

In an exclusive interview with TCE, David B. Cross, CISO for Oracle SaaS Cloud Security, discussed the crucial role SaaS plays in cybersecurity and what lies ahead.

Augustin Kurian by Augustin Kurian
December 3, 2022
in Interviews
0
SaaS
623
SHARES
3.5k
VIEWS
Share on LinkedInShare on Twitter

David Cross is the SVP and CISO for Oracle SaaS Cloud Security. Previously, David was the engineering director of the Public Cloud Security Platform at Google Security and Privacy organization, and his preceding 15 years were spent with Microsoft in numerous security platforms, cloud, product and engineering leadership roles.

He is a long-time advocate of security applications and technology, stemming back to his U.S. military service. In addition, David has been a long-time security IP innovator with more than 30 patents and a contributing author on many white papers and industry books regarding security and public key infrastructure.

You might also like

Satnam Narang: We Have Only Scratched The Surface of AI

The Cyber Express Roundtable: Identity Protection And the Cyber Buddha!

Removing Explicit Online Content of Children is a Global War

What are the unique challenges of working in the cloud? Which is more important – end-to-end data protection or end-to-end encryption?

It’s not a question of if people are going to the cloud; it’s a question of when they’re going to the cloud; it’s the future. And it’s how we really talk about what that transition looks like because of their changes in doing things on-premise versus in the cloud. Their expectations are different, and they are also very, very positive. And that’s one of the things —  both protection and encryption are pretty much-becoming commodities in a baseline in the cloud.

In a general sense, I think that is how to have end-to-end protection, but it’s also more complex. End-to-end encryption is becoming kind of a standard thing from point-to-point encryption. It’s always going to be in place. Who’s not using HTTPS? Who is not having encryption for their storage in the cloud? What cloud provider doesn’t provide encrypted storage? It’s really a kind of baseline key capability. But now, looking forward, if everyone has encryption, are you fully protected? Well, encryption is not the only protection that you need. So, I think that’s when you discuss end-to-end protection. That’s more important.

You are a veteran yourself. And having veterans onboarded in among the checklist for several companies while hiring. How do veterans make a better fit for several cybersecurity roles?

I think it’s a very interesting topic that I’m quite passionate about as a veteran myself. But looking at the benefit to many companies, speaking specifically to the US, is that veterans are a slice of society. It is a diverse and inclusive organization. And that’s important as a start. The next thing is the fundamentals of the US military — the common values and principles.

It’s about integrity, honesty, attention to detail,  passion, and the ability to learn and adapt. And many companies, especially in cybersecurity, are realizing that they need people who have the passion to learn, are dedicated, and are loyal. The veterans, with the other elements of honesty, integrity, and passion, come into play. They’re extremely strong hires; even if they may not have the specific skill set you need on day one, they’re used to always being trained in learning on the go.

How much of your background with the US Navy, and helped you make decisions and initiate new technologies here with Oracle?

One of the things that I always like to call out, for both my service and others and certainly in cybersecurity, is that we’re under pressure, and things go fast. You’re under fire drill. It really matters how you perform under pressure. And that happens very often in high-tech. And I think that training helps you operate and use your muscle memory, playbooks, and tools to get through tough times. Especially when there’s stress or long hours in play. That one really jumps out strongly to me. So that’s a good starting point.

We can see a pattern where organizations are gradually switching to a more SaaS-based model for security. How has this benefitted companies? Do you feel this is the right step?

There’s been enormous progress, both as a consumed and vendor, it is positive. Using cybersecurity as an example, today people want their systems to always be online, available, updated, secure and protected. And now with a lot of businesses, the question is do they have all the capabilities to ensure their systems are updated, patched or monitored 24/7 globally with the right experts? Can every small, and medium businesses have a cybersecurity expert? Can they have someone monitor their systems? That’s extremely difficult. And so are they really getting the value proposition, from their applications that are running versus operating those or having those as SaaS as a subscription who does have the global resources and experts in all the various areas? That’s the transition that we all have to make.

Several SaaS providers use DevSecOps to keep their applications up to date for better functionality among several benefits. As a company, which is about to invest SaaS model of security, what are the boxes they should check first? Also, how do they know if they have chosen the right tool?

Most companies are adopting DevSecOps to a degree and part of it is how you can improve the overall lifecycle. But the biggest thing I like to say, and some people may be surprised, especially in SaaS or cloud environments, is that this is where audits and compliance come into play. You no longer have the hands on, you own the box, the system, the people that are managing it. So how do you know that it’s really up to date through a DevSecOps model and culture?

This is the purpose of third party audits, pen testing  and certifications, to have an independent person that can provide you the confidence and trust that they are being performed the way you want them to. And that’s the right thing to do. Even though people say security and audits never go together, but actually they do in this case.

DevSecOps has changed the dynamics of security practices. However, it often does not say how to incorporate good security architecture practices into the system being developed. How far do cybersecurity frameworks and regulations help here?

As you look at major kind of audits and certifications like in a FedRAMP and PCI, and HIPAA, there’s a lot of overlap. If you try to add on each individual regional, province or state or territory that wants another one, there’s 90% overlap, is that helping or not?

Moreover, every country wants their own law that has differences, like the EU digital signature laws. That doesn’t work very well. So, I think it’s how we focus on what’s the most important in baseline ones, versus trying to create very nuances that basically just creates bureaucracy and no real value.

How far do you think Cybersecurity Maturity Model Certification has come into play? Are organizations taking that seriously? Do you think there has been a good amount of activity around its implementation?

We’re seeing some good progress on that but it’s still kind of maturing to a degree. It isn’t mature yet like other historical things such as FIPS 140-2. We’re seeing the adoption in uptake on it, but it’s going to take a little more time.

There are three points, the first being that some people can get overwhelmed by the number of new things that are occurring in this time. The second element is sometimes being the first means not noticing the benefits, because when you are blazing the trail, you don’t know the best path sometimes versus actually being a good or quick follower seeing who helped blaze the trail and learn from those experiences. And the third is to see the greater adoption. That last part is where you need experienced people in the area, and have others do it first. So, then you can get some of their talent to help you.

What are the newest trends in SaaS-based security? What is the future SaaS security?

Certainly, as I mentioned before, several businesses are realizing that with talent, labor and supply chain shortage, is actually maintaining things themselves compared to subscribing to cloud services and SAS services. It makes much more sense now to go to the cloud, where they may have resisted in the past. That’s one.

The second thing what we’re starting to see, and something we do it here at Oracle is, it’s embedding in the overall broader services that are integrated and included in a SaaS services versus being a whole menu, if you have to add A and B and C and D, on your service to have an end to end solution now, versus it being one inclusive, purchase one inclusive service versus, 10 different skews. So, especially in security, we’re starting to see the trend of more and more things being embedded and integrated versus being separate add ons to have a secure solution in the cloud.

Now that you did shed some light on legacy apps. How often do you think there has been even now significant reliance on legacy apps among companies, and where innovation has become a hindrance?

This is an overall continuing problem. We can go back to general industries and ask why did many banks did not have HTTPS or certificates on their websites, that’s because many people were using Windows XP, not even Service Pack 2. So, they had to work that. But we’ve seen that a lot of businesses are still using these legacy applications that only support TLS 1.0. They don’t support even 1.1 or 1.2. And this is actually holding back. So a lot of people look at various services and say why you’re not even running TLS 1.3? Well, because there’s so many legacy apps and all these smaller businesses that don’t have the capabilities or have not updated for 10 years. Is that really safe? But the question is, do they also have the capability to update their medical systems? And I think that’s one of the ongoing problems in our industry.

SMEs are the biggest targeted vectors of late and added to that all small businesses shut the shop within six months after an attack. There’s still a lot of lack of understanding there. So, what are the ways to empower small businesses and, inculcate better cybersecurity awareness among them?

I’m speaking at BlackHat Middle East in Saudi Arabia about the challenges in retail cybersecurity. And one of the things I really want to raise for small and medium businesses that is this now not the time to move on to SaaS, and cloud services, to provide retail services. Because now, at large parts of the world, the internet connectivity, the reliability connection to the cloud is almost 100% reliable. And so, moving away from these legacy systems that aren’t patching are at risk and for all these factors, to cloud-based systems. And I think that’s really the kind of the choice and push that we need to make with some of these smaller businesses.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: What is the Future of SaaS Based Security?
Previous Post

7 Steps How to password protect a word document

Next Post

Tackling Cybercrime: How the US Government is Combating Cybersecurity Risks

Augustin Kurian

Augustin Kurian

Augustin Kurian is the Editor-In-Chief of The Cyber Express, an information security publication catering to an audience encompassing CISOs, CXOs, network engineers, technology enthusiasts, security professionals, and students. In his role, he leads the editorial division, manages outreach campaigns, promotes diversity in technology, and establishing best cybersecurity practices.

Related Posts

Satnam Narang
Features

Satnam Narang: We Have Only Scratched The Surface of AI

by Editorial
May 6, 2023
The Cyber Express Roundtable
Interviews

The Cyber Express Roundtable: Identity Protection And the Cyber Buddha!

by Editorial
March 27, 2023
Explicit Online Content of Children
Firewall Daily

Removing Explicit Online Content of Children is a Global War

by Vishwa Pandagle
March 25, 2023
Transparency of Your Cybersecurity Tools is Pivotal
Firewall Daily

Transparency of Your Cybersecurity Tools is Pivotal

by Editorial
March 11, 2023
Gender Diversity
Firewall Daily

Gender Diversity Encourages Equality and a More Resilient, Trusted Workforce

by Vishwa Pandagle
March 9, 2023
Next Post
Cybersecurity cybercrime

Tackling Cybercrime: How the US Government is Combating Cybersecurity Risks

Latest Issue is Out. Subscribe Now

Cyber express

CRIL


Follow Us On Google News

Never miss an update. Subscribe!

* indicates required

mailchimp

Latest Cyber News

Google Secure AI Framework
Features

Google Secure AI Framework and the Greater Issue of AI Safety and Regulations

June 9, 2023
LockBit Threatens to Publish Data Stolen From Cortina Watch Cyber Attack
Firewall Daily

LockBit Threatens to Publish Data Stolen From Cortina Watch Cyber Attack

June 9, 2023
OneDrive outage
Firewall Daily

Microsoft Hacked? OneDrive Services Disrupted, Anonymous Sudan Claims Responsibility

June 9, 2023
Critical Vulnerabilities in VMware Aria Operations for Networks Spotted; Patch Issued
Firewall Daily

Critical Vulnerabilities in VMware Aria Operations for Networks Spotted; Patch Issued

June 8, 2023

Categories

Web Stories

Top 10 CISOs to Follow in 2023
Top 10 CISOs to Follow in 2023
Top 10 Ransomware Gangs in 2023
Top 10 Ransomware Gangs in 2023
Top 5 IoT Security Risks in 2023
Top 5 IoT Security Risks in 2023
Top 10 CTF Platforms in 2023
Top 10 CTF Platforms in 2023
Types of Risks Covered by Cyber Insurance
Types of Risks Covered by Cyber Insurance

About

The Cyber Express by Cyble

#1 Trending Cyber Security News and Magazine

The Cyber Express  by Cyble is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

 

Contact

For editorial queries: [email protected]

For marketing and Sales: [email protected]

For Events & Conferences related information: [email protected]

 

Quick Links

  • About Us
  • Advertise With Us
  • Contact Us
  • Editorial Calendar

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News
  • Privacy Statement
  • Terms of Use
  • Write For Us

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Magazine
  • Firewall Daily
  • Essentials
    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • Products
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Top 10 CISOs to Follow in 2023 Top 10 Ransomware Gangs in 2023 Top 5 IoT Security Risks in 2023 Top 10 CTF Platforms in 2023 Types of Risks Covered by Cyber Insurance