“Cybersecurity will never end, it’s always a new beginning!” says Senthil
“71% of data breaches in 2020 were financially motivated and 25% were motivated by espionage”, claims Verizon. This certainly shouldn’t seem puzzling. We can’t deny the fact that 2020 tested us beyond measure due to the pandemic. But did you know that 2020 was also one of the worst years in the history of ransomware?
Senthil Palaniappan is the Founder and CEO of Sennovate, a global Managed Security Services Provider (MSSP) that specializes in Identity and Access Management (IAM). He has over 25 years of industry experience and is an expert in IAM, SOC, Application Infrastructure, and Integration. He has years of experience consulting with various top Fortune companies including Sun microsystem, Oracle, IBM, EMC, Dell, GM, and Sprint. Senthil completed his MBA from Keller School of Management in Chicago.
In this interview, Senthil sheds light on how we together can ensure that 2021 doesn’t join the list. He also answers some mind-rattling questions including:
- Can we put an end to Data Breaches?
- Is Cybersecurity as a career prospect dying?
Read on to find out the answers from the expert himself!
Question and Answers:
QUESTION 1: Where do you think the loopholes lie when it comes to the existing cybersecurity measures? Is there any way to put an end to data breaches?
ANSWER: No cybersecurity measure is ever enough. Cybersecurity is one field that will constantly evolve. Every time we come up with a new technology or measure to counteract an existing cyber threat, hackers will also try to use those technologies to leap back in.
We have assets, we have our business and we have all the customers’ data. The only way we can prevent a data breach is if we have a constant motive to protect and gain customers’ confidence. Obviously, we can never say whether we can completely prevent it, but we can surely say that we’ll always strive to do so.
QUESTION 2: What according to you is the greatest Cybersecurity threat to a common user? What basic measures can he/she take to prevent a cyber attack?
ANSWER: That’s a really good question! Keep a vigil on what you do online, on a daily basis. That is very important. At the end of the day, you’re the one responsible for your actions. Even if all the enterprises provide you with 100% secure authentication measures if you leave your cellphones unprotected, then no one can prevent your loss. So always keep yourselves updated on the basic security practices and most importantly, the best security practices.
Vendors constantly enhance the security of their services and will always educate you with their updates. Even if you try to login to say a bank account, the bank might have set up new security rules and regulations. So everyone has a responsibility to keep themselves updated. Also, make sure to ask your vendor the right question to ensure that they also give the required importance to proper security practices.
QUESTION 3: With Oracle IAM products slowly getting obsolete, are there any other trending IAM products ready to take their place?
ANSWER: The problem with Oracle IAM products is that they’re not only very expensive but are also difficult to maintain. The infrastructure costs are high in order to ensure HA and DR. They even require constant maintenance every couple of years. Due to these reasons, many customers find them very complex to use, and making any changes is a project by itself.
A fine alternative to these are Cloud based SaaS products. In fact, Oracle themselves introduced IDCS which is a Cloud based SaaS product. It does not need any customization and only requires configuration. Most importantly, it’s easy to use and quick to implement due to its pre-built integrations. No expert level resources are required. With this, customers no longer need to upgrade their systems in accordance with the product development cycle.
QUESTION 4: As many of the commercial IAM products are quite expensive and difficult to integrate, are there any top-notch open-source alternatives?
ANSWER: Yes, absolutely! On-premise products are always expensive. A typical example is Oracle’s IAM products. The license is very expensive. Even the implementation and maintenance are pretty expensive. Then you have modern cloud products that fit well for small to mid-sized companies easily because you can install them and have them up and running within 15 minutes. Okta is a great example of that.
While all these are good, as your company grows and acquires a larger customer/user base these products tend to be difficult to implement monetary-wise, as these require per user per month license subscriptions. Due to this caveat, open-source products started gaining popularity. In fact, Gluu, a great widely-used open-source alternative and one of our good partners, and our team are working on creating an innovative mechanism for quick deployment of their IAM services. That way your services are up and running within minutes and you get a huge save on license costs as it’s open-source. Moreover, your services will be easily scalable, available, and maintainable. Most important of all, your data is fully protected!
QUESTION 5: While Machine learning and Artificial Intelligence certainly can help guard against cyber-attacks, recent studies suggest that hackers also use AI to surpass security protocols. Do you think AI is truly the future of Cybersecurity or is it the future of cybercrime?
ANSWER: As I said before, any technology is always available for the bad guys too, even if they are AI or ML-based. It’s a cat and mouse game and this can last forever. But the idea here is to always stay ahead of the curve. Leverage Machine Learning and Artificial Intelligence to make a lot of decisions quickly without human intervention and without human error. So, that’s the whole idea behind this. That way, you can update your services faster.
I remember many years ago when we ran SOC, we had to be awake and on guard 24/7 to keep an eye on every single event and try to decode it. Sometimes people tend to miss it as after all we’re humans and we can get fatigued over a period of time. So AI and ML help to eradicate this issue. They do 80% of the work for us and help us obtain refined data, allowing us to make accurate and right decisions. Without any doubt, the combination of AI, ML, and human expertise is going to be the future for us and the future of Cybersecurity.
QUESTION 6: Is Cyber Security as a career prospect dying? From the number of data breaches this year, we can infer that we are facing a shortage of cybersecurity skills. But on the other hand, we are seeing a rise in AI automated products.
ANSWER: You know this question has always stumped people. There has always been that fear factor that when a new technology comes out, the job market is going to die. But that’s never going to happen. The demand for human expertise is always going to be there.
If you look at cybersecurity products, a lot of complex functionalities are solved by the product itself. However, the workforce is still required to integrate these products horizontally. You don’t need to dig deep into each product, but you certainly need to have a wide knowledge of the various products available in the market. Even a small company that has 200-300 employees uses 35-40 applications, at least 10 of which are security products. While those security products may be cloud-based services, a skilled workforce is still needed to integrate all of them.
See guys, you’ve heard it from the expert himself. Cybersecurity is never going to end. We can only reduce the number of data breaches if we do the basic minimum of safeguarding our own data. Check out this blog on “Simple cybersecurity measures everyone should adopt” and start implementing these simple measures right away!
It’s always going to be a constant battle and will always require skilled and dedicated people for its survival. So stay motivated, stay dedicated, and let your faith be bigger than your fear!