In a world where data is the most valuable asset in any organization, how do we go about protecting it from malicious attack? In our recent “Talking Out Cloud”, we were joined by Louise McEvoy, Vice President of US Channel Sales at Trend Micro, partnered with SourceFuse and a global cybersecurity leader, focusing on the challenges, opportunities and future predictions of data security.
#1 What were the biggest changes and opportunities that contributed to the growth of Trend Micro?
Originally it began with anti-virus software but it didn’t stop there. So, over the last three decades we’ve become a market leader in hybrid cloud security, network defense, and endpoint security. The biggest factors contributing to that growth are Trend Micro’s core values, focusing on innovation, integrity, and making the world a safer place to do business online. That affects everyone personally, professionally, and for organizations.
Our journey has evolved because security has evolved. We’re now at over 7000 employees and we’re focused solely on cyber security, since the threat landscape has grown and it’s gotten a lot more sophisticated. What we call ‘threat actors’ are not just going after the little guys with some miscellaneous ransomware requests, but the massive organizations are getting hit, like government agencies and supply chain attacks. We’re hearing about it all the time but it’s been going on for a while, and with that comes the need to be nimble, focused, and innovative, which we’ve done with our zero-day trust initiative.
We have thousands of developers and threat researchers who are only dedicated to what’s taking place online and what those underground activities are. So, Trend Micro is part of consortiums that come together with other organizations, including our competitors, all exchanging information for the greater good and keep those bad ‘threat actors’ out.
#2 What have been the biggest cloud security concerns that customers need to be aware of and how does Trend Micro address that?
The highest-ranking threats that we’re seeing right now are around misconfigurations. When a cloud-related system, tool, or asset is not configured properly it puts that system at risk of exposure to a potential attack or loss of data. The biggest threat in the cloud is unauthorized account access or account hijacking, and as powerful and as great as the cloud is it’s growing and ever-changing.
People assume that being on the cloud means accounts are secure; the infrastructure might be secure but your data still needs to be locked down. Organizations, not the cloud platform provider, need to decide who has access to the data in order to protect it. From a security standpoint, for an end customer this creates a lot of challenges and loopholes with this misconfiguration. Thankfully our customers can use Trend Micro various solutions and services together with deployment expertise from SourceFuse to eliminate those misconfigurations.
Customers really need to find out what security solution they need, what’s in their best interest, and then find a security solutions provider that can make sure that there are no misconfigurations and that the right people are accessing their data. Sometimes these large organizations don’t have that security expertise, so it’s up to partners like SourceFuse to make sure our customers are properly configured, which includes assessing vulnerabilities, keeping out those bad ‘threat actors’.
Read our recent blog: The Importance of Data Security for Healthcare Life Sciences Enterprises
#3 Have you experienced any roadblocks or challenges with customers looking to increase their security?
No! I say that laughingly because people realize cybersecurity isn’t ‘nice-to-have’ – if you don’t secure your data, you have a massive exposure risk. Most customers know they need security but just not sure how to configure their systems or how to layer their security. A lot of security threats actually happen from the inside, not necessarily malicious intent from an employee but more a lack of awareness or training or simply because they don’t know any better. Clicking on a link with a malware attached can open a portal to your entire environment causing massive damage.
Protection needs to be from the inside out, not just protecting from the outside in – all protection in all ways. That’s where our zero-day trust initiative comes in – trust no one, not even your own employees, and not because they’re not trustworthy but because they may not realize that what they’re doing is going to create security havoc. For people who are just doing their day job and unfortunately make an innocent mistake, things need to be locked down for peace of mind. When systems get compromised, the aftermath can cause a lot of challenges, including financial penalties and unrecoverable data.
#4 With Trend Micro being an AWS Technology Partner and SourceFuse an AWS Consulting Partner, how does our partnership benefit customers?
Trend Micro is a really strong partner with AWS, partnering with them for many years now, but we also built a massive organization within Trend Micro just to support our AWS business. I have a team specifically focused on our cloud business that includes partners like SourceFuse, and it’s really important that we build this ecosystem approach: Trend Micro with our security solutions, SourceFuse with the security services and expertise, and then AWS who provide the platform.
To satisfy our customers’ needs, AWS has a partner program where members receive in-depth training on the well architected framework (WAF), the ability to implement best practices, improve application performance, and reduce security risk. For those customers implementing an AWS infrastructure there’s a lot to know! While it may not be your core value proposition to know about WAF or to know everything to do with security, there is this incredible environment available.
Trend Micro is grateful to have this partnership with SourceFuse because you understand the complexities of the cloud, different containers and S3 buckets, and how to secure the data and handle the misconfigurations. It’s a very strategic partnership between Trend Micro, SourceFuse and AWS so that we are all safer personally and professionally.
Read more about how SourceFuse partners with Trend Micro
#5 What have been the recent major triggers driving companies to secure data on the cloud rather than staying on-prem?
With lockdown came this massive pivot to rapidly secure all endpoints because everyone had to work from home – customers had to quickly migrate to fix that problem. The easiest way to do that during lockdown was to go online, but there was so much that had to be done! For example, in healthcare when all of sudden we couldn’t have physical appointments everything moved to Zoom and at the same time ensure personal health information, shared medical images, even secure the meeting from others entering inadvertently.
It’s similar for the finance industry too, where there are really big challenges out there. Collectively we should all be really concerned about security, especially with our healthcare and financial data, and organizations need to make guarantees that they are indeed securing our data.
#6 With your many years of cybersecurity expertise, what’s your prediction for 2022 and beyond?
Every year Trend Micro pulls together our predictions report and as I was looking through it one thing that we’ve heard consistently about in the news is around supply chains. We’re all being affected by supply chains but it’s much bigger than just not being able to get your online purchase delivered the next day, for example. The pandemic put a real spotlight on just how fragile our supply chains are.
We’re all facing shortages and delays of goods and services because of the increased demand and workforce shortages. As the supply chain problem started becoming a worldwide burden, the value of these supply chains became even more evident and businesses became a more attractive target for cybersecurity criminals that were fueled by the pandemic.
We saw cyber chain attacks that are very interconnected with ransomware campaigns, some of which are still ongoing. When one organization gets hit, all the people or businesses being serviced within that supply chain are also subject to cyber-attack, so it’s not just about your goods and services. It’s pretty frightening to think that even though you’re not directly associated with a big organization, you’re probably going to be affected downstream because it’s part of a supply chain you’re not aware of.
Part of the prediction is that cyber criminals are going to be holding this data from ransomware with the threat of either leaking the data, publicizing the breach, going after an organizations’ end customers, or going after the big supply chain vendors. To keep these supply chains secure you need to lock down your systems, adopt that ‘zero trust’ policy – trust no-one inside or outside. It’s not about if it happens – it’s when, because it will happen. There’s a lot of money out there and cyber criminals can change economies and our day-to-day lives. Even if you don’t recognize the supply chain that got hit, technically it can affect you simply because of the amount of personal information they hold that we’re unaware of. I’m really passionate about this topic and always encourage organizations to make sure they do the right thing.
Ready to lock down your data? Discover how SourceFuse client’s data has never been more secure.