From 'Cloud Curious' to 'Cloud Native'
Cyber Security Program as a Service
Today we're talking with Alex Dow, the CTO of Mirai Security, and organizer of BSides Vancouver about cloud adoption, cybersecurity, and everything in between.
Can you give us an idea of your background?
I have spent the vast majority of my career working within mission-critical environments. My career began at Bell Canada’s Government Security Operations Centre (GSOC) in 2004, with a focus on situational awareness and threat detection. In 2008, I was seconded to help build out the Security Operations Centre (SOC) for the Vancouver 2010 Olympic Winter Games using a SIEM and a custom data enrichment toolkit. The Olympic project was my first exposure to Cloud computing and to the bleeding edge concepts of ephemeral and immutable systems.
Digital Transformation and How to Manage the Risks
The rapid adoption of cloud, in-house application development and open-data initiatives have been instrumental for business-enablement. However, this new data-centric world has also increased the complexity of managing cyber security risks to business and people alike. In response: new privacy laws, security standards and regulatory compliance have necessitated the need for companies of all sizes to create a robust security program to manage cyber risk and compliance, effectively.
Established security and compliance programs are now including cyber security assessments of third-party suppliers as part of their procurement process. While there is a net benefit to this new security paradigm, companies without a formal security program are being caught off guard and consequentially losing business.
Historically, businesses have used computers on site, managed their own infrastructure, and employed IT resources to take care of and support business needs. In the last decade, however, new technologies have become mainstream. Cloud-based computing, mobile computing, increased (and cheaper) access to data storage, artificial intelligence and machine learning, software-defined networking, and the Internet of Things (IoT): all these technologies have the potential to make businesses more efficient and profitable.