Eric Heddeland, Barracuda Networks: Securing to the cloud requires a single view and a deep defense strategy
At FIC 2023, Barracuda Networks aims to demonstrate the importance of Zero Trust in securing access to data and assets. In addition, she will introduce Barracuda CloudGen Access, which includes Zero Trust. Eric Heddeland, VP EMEA Southern Region of Barracuda Networks, believes that to protect data and systems in the cloud, organizations need a unified view of what’s happening in cloud environments and a comprehensive defense security solution.
Global Security Mag: What will be your news at the International Cybersecurity Forum 2023?
Eric Heddeland: We will demonstrate the importance of Zero Trust in securing access to data and assets when multi-factor authentication is no longer sufficient to defend against cyber threats. We will also present new international research showing that 49% of ransomware victims in France experienced a second or even third ransomware attack in 2022. The research examines what could make these companies so vulnerable and how they can close security gaps to stay safe.
Global Security Mag: What are the strengths of the solutions you will be presenting on this occasion?
Eric Heddeland: Barracuda will showcase its advanced and innovative security solutions that help organizations close potential security gaps in the ever-expanding attack surface that now spans endpoints, email, applications, networks, the cloud, and more. We will introduce Barracuda CloudGen Access, which includes Zero Trust – a cybersecurity model that assumes nothing is implicitly trusted, even within the network perimeter, and verifies user identity and context for every interaction from anywhere.
Global Security Mag: This year the theme of the FIC will be cloud computing, what are the top cyber threats to the cloud?
Eric Heddeland: The top cyber threats facing cloud deployments are unauthorized access, account compromise, data breaches and exfiltration, and malware such as ransomware, botnet attacks, and DDoS (denial of service). There has been an increase in cases where hackers compromise Azure/AWS credentials and conduct crypto mining or malicious activities, with significant impact and costs for affected customers.
Aspects of a cloud deployment that leave organizations vulnerable to such attacks include inadequate identity and access controls, insecure web application interfaces and APIs – our research shows that 72% of organizations will experience a security breach from a vulnerable web application or misconfiguration by 2021 of the cloud security settings, especially in a multi-cloud environment that relies on multiple vendors and vendors, lack of transparency, non-implementation of data protection and backup measures, including end-to-end encryption, vulnerability of data in the Transmission and storage for security breaches and data loss, and exposing cloud-based deployments to the Internet, making it easier for attackers to find and exploit vulnerable entry points and gain unauthorized access.
Global Security Mag: How should technologies evolve to counter these threats?
Eric Heddeland: Identity protection and strong authentication are cornerstones of a good security posture in the cloud, but many organizations struggle because they rely on standard network security measures that cannot withstand advanced threats such as account takeover and credential theft. These remain among the weakest links of organizational security. Implementing a zero trust security solution designed for the cloud can, among other things, provide secure access to assets in the cloud and SaaS while protecting users from web and security threats wherever they are.
Global Security Mag: What place do you think humans can take to reinforce the defense strategy to be deployed?
Eric Heddeland: People can help in two ways. First, it’s important to bring app developers and security teams together so they can work together to ensure new apps are secure from the start, protecting users and data. Second, organizations need to ensure employees understand cloud security behaviors. Platforms like Microsoft 365 or Google Workplace need to be backed by third-party security and strong authentication – and security teams need visibility and security policies for employees using cloud-based services like Dropbox. As always, employees should be aware of the latest email threats such as phishing and how to identify and report suspicious messages.
Global Security Mag: What message do you want to convey to CISOs?
Eric Heddeland: In order to protect your data and systems in the cloud and to be able to recover your data quickly if the worst happens and you suffer a cyber attack, you need a single view of what’s happening in your environment – deep security solution designed for the was developed in the cloud. This should include zero-trust access measures to prevent unauthorized access and verify each user at all times, as well as cloud-to-cloud backups that allow you to restore and restore data quickly. Cloud environments can quickly become complex – your security solution should be easy to deploy, scale, manage and use.