Amer Deeba on Cybersecurity in a Post-Pandemic World
The pandemic brought along irreversible changes globally. No sector was immune from its effects and the IT space was no exception. Unsurprisingly, the IT sector was quick to adapt as the challenging times spurred innovation and new business models.
Amer Deeba, the CEO and co-founder of Normalyze, recently spoke to Anna Delaney, director of productions at the Information Security Media Group. Deeba’s company is working to solve one of the biggest challenges currently faced by IT: cloud data security.
“What impacted information security the most is the fast move into the cloud, and all that transformation happened at a very fast pace,” Deeba told Delaney.
He should know. Amer Deeba’s career in IT stretches over two decades. He’s worked at leading enterprises from Adobe Systems to Qualys. His interest in cybersecurity was sparked after he saw one of his clients become a victim of a cyberattack.
“In 2005, I witnessed a cyberattack happen in real time on an internet retailer who happened to be my customer,” he told online outlet Authority Magazine. “The impact of that attack in terms of damages it left behind — and the aftermath to clean it up — is still engraved in my memory. That event cemented my belief in the work I do to help customers prevent such expensive and unpleasant incidents.”
Amer Deeba on the Cybersecurity Landscape
In his interview with the Information Security Media Group, Deeba spoke to Delaney about the cybersecurity landscape in a post-pandemic world. It was a highly informative conversation that all security teams should see, as the two discussed the challenges faced by security teams, practical steps they can take, the skills needed, and what the future holds.
The pandemic was an interesting time. While there’s no doubt it was a major setback, it also served as a push for innovation. Enterprises worked harder to serve customers better and faster in a bid to decrease the uncertainty that hung over commerce. Because of social distancing, there was a major migration toward the remote environment. Data was rapidly moved to the cloud, which created a lot of opportunities — and challenges.
Deeba’s Normalyze is a response to the opportunities created by the pandemic. The mass exodus to a cloud environment created hurdles from a security perspective and created an opportunity for Deeba and Ravi Ithal, chief technology officer and co-founder at Normalyze, to create a company that addressed these security issues.
The reason the shift to the cloud environment creates a security challenge is that enterprises no longer have visibility of their data. They don’t know where critical data is stored because most companies use multiple cloud services. They generally don’t know who has access to this data and whether this data is being stored in compliance with data storage regulations.
“We talked to a lot of customers recently that are facing these problems, and the challenges they face is really trying to understand where their data is going into these cloud environments and how to secure it,” said Deeba.
Seeing that this was a widespread problem, Deeba and Ithal resolved to fix it. The result was an agentless, artificial intelligence-enabled data discovery and classification algorithm that adopts a data-first approach and helps enterprises protect their data from attacks and vulnerabilities.
“At Normalyze, we are a 2-year-old company. We were born in the cloud, built within the cloud,” said Deeba. The timing couldn’t have been better for Deeba and his company. Founded just as these problems started to become commonplace, his company attracted $26 million in total funding.
‘It’s a Big Problem’
Enterprises now store structured and unstructured data across various cloud platforms. This can be an issue for security companies that lack the visibility needed to protect this data.
“It’s a big problem, especially if you’re trying to do it across multi-clouds, and every company these days is in a multi-cloud environment,” noted Deeba.
To tackle this dilemma, security teams need to be equipped with the right framework and approach this issue from an architectural perspective. And the only way to stay ahead of the curve is to be proactive and continuously take control to eliminate threats.
To do this, security teams need to adopt a step-by-step approach. The first step is to create a clear inventory. The inventory should have all the paths where the data is stored. Then, it’s necessary to assess who has access to this data and the kind of access they have. Once this level of visibility is achieved, the team can move on to the next stage.
“If you have access to a data store in the cloud that contains sensitive information but you haven’t touched that data store for six months, why should you have access to it?” asked Deeba. Limiting unnecessary and unwanted access is a great way to protect data. However, these decisions can only be made once enterprises have visibility of their data storage.
Deeba considers security teams to be modern-day superheroes. But these superheroes need to have specific skills to be good at the job. Security teams should possess a strong understanding of cloud environments, and how to build and scale in the cloud. They also need to be able to construct a robust framework from a security perspective so they can solve problems systematically.
Looking to the future, Deeba thinks that the biggest challenge will be regulatory compliance. “Compliance and regulations are not going away. There’s a lot of them now, and there is more coming,” he remarked. While he understands that this could be a challenge for security teams, he’s generally in favor of these regulations because they could motivate enterprises to be proactive about their security issues. Enterprises will be required to continuously exert control over their data because they might be required to provide information to compliance officers.
Deeba’s parting advice to security teams was simple: “Don’t try to do everything yourself. There’s a lot of innovation out there that can help you do it faster. Be open to this innovation and explore new ways to do things out of the box so you can solve these problems better and at the end of the day, have more security for your company, for your customers, for your data.”
