Monday, January 30, 2023
  • Advertise With Us
  • Write For Us
  • Contact Us
  • About Us
  • Editorial Calendar
Download Free Magazine
The Cyber Express
Ransomware 2023 Report
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Westmont Hospitality

    ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

    cybersecurity

    ‘You are Essentially Funding Cybercriminals When You Pay Ransom’

    Dr Pepper Russian Branch

    Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

    Amadey Botnet

    Old Bot in New Bottle: Amadey Botnet Back in Action Via Phishing Sites

    Verizon

    Verizon Customer Data for Sale on Dark Web, New Data Breach Suspected

    GoTo Confirms User Data Stolen With Encryption Key

    GoTo Confirms User Data Stolen With Encryption Key

    HIVE Ransomware

    Hive Ransomware Servers Taken Down in FBI-led Global Law Enforcement Action

    porsche nft

    Porsche NFT Hits Pit Stop, Fake NFT Sale On With Malvertising and Fraud Domains

    Hilton Hotels

    Hilton Hotels Loyalty Program Data Breached, Customer Info for Sale

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Westmont Hospitality

    ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

    cybersecurity

    ‘You are Essentially Funding Cybercriminals When You Pay Ransom’

    Dr Pepper Russian Branch

    Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

    Amadey Botnet

    Old Bot in New Bottle: Amadey Botnet Back in Action Via Phishing Sites

    Verizon

    Verizon Customer Data for Sale on Dark Web, New Data Breach Suspected

    GoTo Confirms User Data Stolen With Encryption Key

    GoTo Confirms User Data Stolen With Encryption Key

    HIVE Ransomware

    Hive Ransomware Servers Taken Down in FBI-led Global Law Enforcement Action

    porsche nft

    Porsche NFT Hits Pit Stop, Fake NFT Sale On With Malvertising and Fraud Domains

    Hilton Hotels

    Hilton Hotels Loyalty Program Data Breached, Customer Info for Sale

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Interviews

What is the Future of SaaS Based Security?

In an exclusive interview with TCE, David B. Cross, CISO for Oracle SaaS Cloud Security, discussed the crucial role SaaS plays in cybersecurity and what lies ahead.

Augustin Kurian by Augustin Kurian
December 3, 2022
in Interviews
0
SaaS
616
SHARES
3.4k
VIEWS
Share on LinkedInShare on Twitter

David Cross is the SVP and CISO for Oracle SaaS Cloud Security. Previously, David was the engineering director of the Public Cloud Security Platform at Google Security and Privacy organization, and his preceding 15 years were spent with Microsoft in numerous security platforms, cloud, product and engineering leadership roles.

He is a long-time advocate of security applications and technology, stemming back to his U.S. military service. In addition, David has been a long-time security IP innovator with more than 30 patents and a contributing author on many white papers and industry books regarding security and public key infrastructure.

You might also like

‘You are Essentially Funding Cybercriminals When You Pay Ransom’

Unconscious Bias and Cultural Representation of Neurodiverse Individuals are the Biggest Impediments

Watch: Transparency of Your Cybersecurity Tools is Pivotal, Discusses CISO Celia Mantshiyane

What are the unique challenges of working in the cloud? Which is more important – end-to-end data protection or end-to-end encryption?

It’s not a question of if people are going to the cloud; it’s a question of when they’re going to the cloud; it’s the future. And it’s how we really talk about what that transition looks like because of their changes in doing things on-premise versus in the cloud. Their expectations are different, and they are also very, very positive. And that’s one of the things —  both protection and encryption are pretty much-becoming commodities in a baseline in the cloud.

In a general sense, I think that is how to have end-to-end protection, but it’s also more complex. End-to-end encryption is becoming kind of a standard thing from point-to-point encryption. It’s always going to be in place. Who’s not using HTTPS? Who is not having encryption for their storage in the cloud? What cloud provider doesn’t provide encrypted storage? It’s really a kind of baseline key capability. But now, looking forward, if everyone has encryption, are you fully protected? Well, encryption is not the only protection that you need. So, I think that’s when you discuss end-to-end protection. That’s more important.

You are a veteran yourself. And having veterans onboarded in among the checklist for several companies while hiring. How do veterans make a better fit for several cybersecurity roles?

I think it’s a very interesting topic that I’m quite passionate about as a veteran myself. But looking at the benefit to many companies, speaking specifically to the US, is that veterans are a slice of society. It is a diverse and inclusive organization. And that’s important as a start. The next thing is the fundamentals of the US military — the common values and principles.

It’s about integrity, honesty, attention to detail,  passion, and the ability to learn and adapt. And many companies, especially in cybersecurity, are realizing that they need people who have the passion to learn, are dedicated, and are loyal. The veterans, with the other elements of honesty, integrity, and passion, come into play. They’re extremely strong hires; even if they may not have the specific skill set you need on day one, they’re used to always being trained in learning on the go.

How much of your background with the US Navy, and helped you make decisions and initiate new technologies here with Oracle?

One of the things that I always like to call out, for both my service and others and certainly in cybersecurity, is that we’re under pressure, and things go fast. You’re under fire drill. It really matters how you perform under pressure. And that happens very often in high-tech. And I think that training helps you operate and use your muscle memory, playbooks, and tools to get through tough times. Especially when there’s stress or long hours in play. That one really jumps out strongly to me. So that’s a good starting point.

We can see a pattern where organizations are gradually switching to a more SaaS-based model for security. How has this benefitted companies? Do you feel this is the right step?

There’s been enormous progress, both as a consumed and vendor, it is positive. Using cybersecurity as an example, today people want their systems to always be online, available, updated, secure and protected. And now with a lot of businesses, the question is do they have all the capabilities to ensure their systems are updated, patched or monitored 24/7 globally with the right experts? Can every small, and medium businesses have a cybersecurity expert? Can they have someone monitor their systems? That’s extremely difficult. And so are they really getting the value proposition, from their applications that are running versus operating those or having those as SaaS as a subscription who does have the global resources and experts in all the various areas? That’s the transition that we all have to make.

Several SaaS providers use DevSecOps to keep their applications up to date for better functionality among several benefits. As a company, which is about to invest SaaS model of security, what are the boxes they should check first? Also, how do they know if they have chosen the right tool?

Most companies are adopting DevSecOps to a degree and part of it is how you can improve the overall lifecycle. But the biggest thing I like to say, and some people may be surprised, especially in SaaS or cloud environments, is that this is where audits and compliance come into play. You no longer have the hands on, you own the box, the system, the people that are managing it. So how do you know that it’s really up to date through a DevSecOps model and culture?

This is the purpose of third party audits, pen testing  and certifications, to have an independent person that can provide you the confidence and trust that they are being performed the way you want them to. And that’s the right thing to do. Even though people say security and audits never go together, but actually they do in this case.

DevSecOps has changed the dynamics of security practices. However, it often does not say how to incorporate good security architecture practices into the system being developed. How far do cybersecurity frameworks and regulations help here?

As you look at major kind of audits and certifications like in a FedRAMP and PCI, and HIPAA, there’s a lot of overlap. If you try to add on each individual regional, province or state or territory that wants another one, there’s 90% overlap, is that helping or not?

Moreover, every country wants their own law that has differences, like the EU digital signature laws. That doesn’t work very well. So, I think it’s how we focus on what’s the most important in baseline ones, versus trying to create very nuances that basically just creates bureaucracy and no real value.

How far do you think Cybersecurity Maturity Model Certification has come into play? Are organizations taking that seriously? Do you think there has been a good amount of activity around its implementation?

We’re seeing some good progress on that but it’s still kind of maturing to a degree. It isn’t mature yet like other historical things such as FIPS 140-2. We’re seeing the adoption in uptake on it, but it’s going to take a little more time.

There are three points, the first being that some people can get overwhelmed by the number of new things that are occurring in this time. The second element is sometimes being the first means not noticing the benefits, because when you are blazing the trail, you don’t know the best path sometimes versus actually being a good or quick follower seeing who helped blaze the trail and learn from those experiences. And the third is to see the greater adoption. That last part is where you need experienced people in the area, and have others do it first. So, then you can get some of their talent to help you.

What are the newest trends in SaaS-based security? What is the future SaaS security?

Certainly, as I mentioned before, several businesses are realizing that with talent, labor and supply chain shortage, is actually maintaining things themselves compared to subscribing to cloud services and SAS services. It makes much more sense now to go to the cloud, where they may have resisted in the past. That’s one.

The second thing what we’re starting to see, and something we do it here at Oracle is, it’s embedding in the overall broader services that are integrated and included in a SaaS services versus being a whole menu, if you have to add A and B and C and D, on your service to have an end to end solution now, versus it being one inclusive, purchase one inclusive service versus, 10 different skews. So, especially in security, we’re starting to see the trend of more and more things being embedded and integrated versus being separate add ons to have a secure solution in the cloud.

Now that you did shed some light on legacy apps. How often do you think there has been even now significant reliance on legacy apps among companies, and where innovation has become a hindrance?

This is an overall continuing problem. We can go back to general industries and ask why did many banks did not have HTTPS or certificates on their websites, that’s because many people were using Windows XP, not even Service Pack 2. So, they had to work that. But we’ve seen that a lot of businesses are still using these legacy applications that only support TLS 1.0. They don’t support even 1.1 or 1.2. And this is actually holding back. So a lot of people look at various services and say why you’re not even running TLS 1.3? Well, because there’s so many legacy apps and all these smaller businesses that don’t have the capabilities or have not updated for 10 years. Is that really safe? But the question is, do they also have the capability to update their medical systems? And I think that’s one of the ongoing problems in our industry.

SMEs are the biggest targeted vectors of late and added to that all small businesses shut the shop within six months after an attack. There’s still a lot of lack of understanding there. So, what are the ways to empower small businesses and, inculcate better cybersecurity awareness among them?

I’m speaking at BlackHat Middle East in Saudi Arabia about the challenges in retail cybersecurity. And one of the things I really want to raise for small and medium businesses that is this now not the time to move on to SaaS, and cloud services, to provide retail services. Because now, at large parts of the world, the internet connectivity, the reliability connection to the cloud is almost 100% reliable. And so, moving away from these legacy systems that aren’t patching are at risk and for all these factors, to cloud-based systems. And I think that’s really the kind of the choice and push that we need to make with some of these smaller businesses.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: What is the Future of SaaS Based Security?
Previous Post

7 Steps How to password protect a word document

Next Post

Tackling Cybercrime: How the US Government is Combating Cybersecurity Risks

Augustin Kurian

Augustin Kurian

Augustin Kurian is the Editor In Chief of The Cyber Express, an information security publication catering to an audience encompassing CISOs, CXOs, network engineers, technology enthusiasts, security professionals, and students. In his role, he leads the editorial division, manages outreach campaigns, and promotes establishing best cybersecurity practices.

Related Posts

cybersecurity
Firewall Daily

‘You are Essentially Funding Cybercriminals When You Pay Ransom’

by Chandu Gopalakrishnan
January 28, 2023
Neurodiverse
Firewall Daily

Unconscious Bias and Cultural Representation of Neurodiverse Individuals are the Biggest Impediments

by Editorial
January 24, 2023
Celia Mantshiyane
Interviews

Watch: Transparency of Your Cybersecurity Tools is Pivotal, Discusses CISO Celia Mantshiyane

by Editorial
January 17, 2023
Ash Hunt
Interviews

Security Pill: Risk Management is Nothing but Decision Management, Says Ash Hunt

by Editorial
January 16, 2023
Cybersecurity Person of the Year 2022
Interviews

Interview with Chuck Brooks, The Cyber Express Cybersecurity Person of the Year 2022

by Editorial
January 10, 2023
Next Post
Cybersecurity cybercrime

Tackling Cybercrime: How the US Government is Combating Cybersecurity Risks

Latest Issue is Out. Subscribe Now

Cybersecurity Person of The Year 2023
Download Now

Sign Up For Newsletter

Name*

Recommended

US Ransomware

US Traces Record Ransomware Payments, Interpol Report Confirms Trend

November 2, 2022
LockBit 3.0 Claims to Have Stolen Thales’ Data

LockBit Ransomware Gang Claims to Have Stolen Thales’ Data

November 2, 2022

Categories

  • Appointments
  • Budgets
  • Business News
  • Compliance
  • Cyber Essentials
  • Cyber Warfare
  • Cybersecurity News
  • Dark Web News
  • Data Breach News
  • DDoS Attacks
  • Espionage
  • Features
  • Firewall Daily
  • Gitex2022
  • Governance
  • Hacks
  • How to
  • Interviews
  • Learning & Development
  • Main Story
  • Malware News
  • Mergers & Aquisitions
  • Partnerships
  • Podcast
  • Policy Updates
  • Press Release
  • Ransomware
  • Regulations
  • Research
  • Resources
  • Sponsored Content
  • Startups
  • Vulnerabilities
  • Workforce

Don't miss it

Cyber Security for Water Treatment Plants
Sponsored Content

The Threat is Real: Cyber Security for Water Treatment Plants Demands Attention

January 29, 2023
Westmont Hospitality
Cybersecurity News

ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

January 28, 2023
SOCs
Features

SOCs to Face Greater Challenges from Cybercriminals Targeting Govt. and Media in 2023

January 28, 2023
cybersecurity
Firewall Daily

‘You are Essentially Funding Cybercriminals When You Pay Ransom’

January 28, 2023
Dr Pepper Russian Branch
Data Breach News

Data Breach at Dr Pepper Russian Branch, Mystery Hacker Steals Confidential Info

January 27, 2023
How to protect and recover your Facebook and Instagram accounts – a complete guide
Resources

How to protect and recover your Facebook and Instagram accounts – a complete guide

January 27, 2023

About

The Cyber Express

Cybersecurity News and Magazine

The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

Follow The Cyber Express

Contact

For editorial queries: [email protected]

For marketing, PR & media partnerships: [email protected]

For media kit and digitals sales: [email protected]

For Sponsorship/Event Partnership: [email protected]

For Conferences related information: [email protected]

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

Tel: (678) 578-8838

Subscribe to Our Feed

RSS Feeds

© 2022 The Cyber Express | By Cyble Inc.

No Result
View All Result
  • Firewall Daily
  • Business News
  • Cyber Essentials
  • Features
  • Cybersecurity Magazine
  • Events
    • World CyberCon Middle East 2023
    • Webinars

© 2022 The Cyber Express | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.