KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
There is a tremendous amount of business value that you can get from “the cloud”. But, there are a lot of challenges in adopting these services securely. The real question is how we can approach “the cloud” from a security perspective in order to really get that full benefit of the offerings.
There is a tremendous amount of business value that you can get from “the cloud”. But, there are a lot of challenges in adopting these services securely. The real question is how we can approach “the cloud” from a security perspective in order to really get that full benefit of the offerings.
Some of, you might know Palo Alto networks as the inventor and the leader in next generation firewalling. And that's true. That's what we're doing. But since a very long time, we're evolving. And nowadays we do have a very broad offering.
We do, we do call it a security operating platform. And part of that is a very broad offering with regards to cloud. And I will be focusing a little bit on, on the cloud part during my presentation. So whenever I talk to my peers on customer site, typically I ask them, so what's, what's driving you. What are your, what are your targets? What does keep you up at night? And oftentimes the, it security says, well, we are getting pushed by a business for becoming more agile.
And the problem they're facing is that they do have this very broad, complex security environment, which they have proudly built over one or two decades. They do have tons of vendors, tons of different solutions, and often time it's, it's pretty hard for them to really realize what the requirements from the business are asking for. I just recently had a conversation with one of the customers and he said, look, we just made a, we just made an Analyst for the business processes. And if a new application is being requested, it takes the server and infrastructure folks, a couple of hours.
It's well scripted, virtualized working pretty well from the application development site. It takes them few days and they do have to, to put some data on, they do have to do some customization. And when it comes to the security, it takes us weeks. And oftentimes it's not even done in the first run because nobody really understands what we're talking about. So that's kind of a big problem for some of the customers. Some are being pushed towards cloud, and I will go briefly into that. And then the follow up of the presentation, another big topic is the evolving endpoint.
So majority of customers do see a very big benefit in having a well working digital workplace, right? So you can use basically any device everywhere for getting access to the core applications which you're using as a, as an employee, always keeping in mind, it needs to be secure. Nobody wants to get breached businesses valuable and, and the brand needs to be protected. When I started my first engagement with a pure cloud vendor, that was 2009, I was having conversations with German companies and they were saying, no, we're not going to the cloud. It's not happening. We're not allowed go away.
Nowadays. If I just look at the very same companies with a new CIO or sometimes CEO, they do have a complete shift. So it's cloud first cloud only. So that's one part of them. And the other one is more stumbling towards Cloud because it caught them by surprise. So business units show up and they said, well, what do you hope there's application? It's running perfectly for the business. We're not sure about security. What's your opinion on that? So the question is not any longer when, or if you're going to the cloud, the question is more, where does your data go? Right?
So where is your data resisting in the future? And obviously one of the core questions is if we're talking about data, what about security? And as this is a natural follow up question for me, when I ask this the very same cast customer, ask them. So how do you make sure that this is all secured? Typically the answer I'm getting as well, we're using a cloud service. It's secure. The interesting part is they are not wrong by saying so, but on the other hand, it's not perfectly right, because in the cloud you do have this shared responsibility model.
So in the, in the first column, you're seeing the, the on-prem. So customer produces his own it, which he's consuming. Obviously he's responsible for everything he's doing, right. If we're looking at the different cloud offerings, there is a shared responsibility and the higher you go up in the stack. So if you go up to a security as a service, you do have a broad set of responsibilities on the cloud provider side, but still as the end customer, you are responsible for your data.
And that is sometimes I don't know if people are ignoring that or if they just don't wanna see it, or if it's completely new to them. But the more interesting fact on that is in the on-prem world, you're dealing with your colleagues, it's your employees. You do have a contract with them. Whenever something happens, you have done a misconfiguration. You might expose data to your colleagues. If the very same happens in the cloud, you are being exposed to the public and be assured, there will be a single person on the planet who will find it, who will use it for his benefit.
Securing cloud infrastructure could become a pretty hard job. I wouldn't say it's a nightmare. There is a couple of good ways to do so, but you need to find a way, if you look at all those different cloud offering, it's a very noisy, fragmented, complex part, just comparing the big threes with their infrastructure as a service offering, they're completely different, different wording, different architecture, completely inter inoperable. And if you do wanna secure them, you do have a pile of different security offerings speaking the very same language.
So really hard to understand what you need and what you should be looking for. If I look at the early stages projects that we're seeing, they're basically being built like a prototype. So folks are projecting they're building and someday they do have a 1.0 final product, which is delivering the functionality. The business requires. The problem is typically they don't focus so much on the structure and on the security, they're more focused towards functionality. And obviously it's, it's, it's hard to maintain. It's hard to reproduce and it's prone to human errors.
That's just the nature of that. And on top of that, and that's the beauty of cloud cloud itself is pretty agile. You see new features, new functionalities, new vendors on a daily basis. And typically those businesses, they say, perfect. We just need that. We want that. Let's introduce it to our, to our stack.
So, as I said, we do have a couple of products, which, which do look at security and clouds, and I've some numbers here, which I found pretty interesting. So if we do compliance checks for cloud infrastructures, we find that close to 60% of the infrastructure environments we have investigated don't have any infrastructure security at all. So they run with a default VPC configuration period.
Secondly, if you compare the internal password requirements with the public cloud ones, it's weaker. So nobody ever thought about that and the offerings that are available available. So roughly 50% of that are not even using what's already there like multifactor authentication. If we're looking at the really critical parts, some of the infrastructures run with a single account with a root account. So once this gets compromised, you have complete access to your environment, can shut down, can do whatever I want.
And some of the S three buckets users do have the capabilities of doing a complete delete globally. So whatever has been there yesterday might not be there today. And thank God you do have good data protection and backup and recovery, but that's kind of, that's kind of an interesting starting point. So talking to security to the operational security, I think this, this makes it pretty obvious that that needs to change. And oftentimes those DevOps folks, they try to make a big way around those security folks because it slows them down.
And the security folks say, well, they're speaking a complete different language. They do have complete different wordings concepts, etcetera, but you need to enforce the very same policies to the public. At least the very same to the public, which you do have in your on-prem world. It needs to be simple. So if you slow down business, if you slow down DevOps folks, they will not become your friends. And probably your approach will be broken right with the first day. So you need to give them tools.
You need to give them mechanisms, which they can use with their own automation framework, with their own way of doing things without being disturbed by the weekly weeklong process process of implementing security. And for sure it needs to be extended, right? So once a new offering shows up or once a new vendor shows up your security needs a adapt friction list to that from the strategy point of view, you might find it interesting that my first point on this slide would be the mobile endpoint. So if you just look at the cloud and what's happening, that's public.
And if you look at your user population more and more are getting mobile. So the complete architecture changes, why should I ever touch the corporate environment? If my services and my data is public in the cloud. And if my PC is somewhere at home or in the cafe or wherever, there's no need for me to ever check in on the other hand, it could even slow me down. So the user experience get worse. If you force them to VPN back to headquarters and then go back to the cloud, right? So you need to have a look, what you do with a mobile, with a mobile devices.
And that's a, that's a perfect coincidence to do other things as well. And I will touch on that briefly. If we talk about SAS, you are very limited in your capabilities, right? So you can't put on AV or as I just learned anti malware, you simply can't, but there's a lot of things you should be doing and you have to be doing, because just saying it's hard is not a good excuse for not providing security. And thirdly, once we're talking really about infrastructure as a services, you should at least apply the very same principles in security as you do have them. On-prem at least so what's needed.
At first, you need to have very good security capabilities. So security capabilities should be application aware, user aware device, aware they should have good capabilities on the malware end. They should have good capabilities for compliance checks. Those are the tools that you need to have in general, in your arsenal.
Secondly, you need to be able to apply them to have a very consistent approach to security. I always used the, the, the wording like you were having Fort knocks on the front door, but you'd have the, the day of the open doors on the back door. So that's not really consistent. So you should be somewhere in the same neighborhood in the same ballpark with your security approach. And as I said, it should be frictionless. So once you're talking to your DevOps folks, it really makes a key difference.
If they can use the tools they're using today for just applying security, everything else will most probably not be successful. Let's talk a little bit about our vision in cloud security. And we do have three different things today, which we're really having a close deep look, but on a very broad scale, the first one is inline security. So if we're talking about inline security, what comes top of your mind would be the firewall? And that's true. The capabilities of the next generation firewall is the perfect entry point for creating a zero trust infrastructure.
Regardless if that is the client that is accessing some service in the cloud, or maybe back hauling to your infrastructure, your policies should consist of the device. Is it a carpet device, or is it a, B Y or is it a server? It should be leveraging the user information. Is it Martin or my colleague probably multifactor authentication. It should be, it should be using for its policies, the application. And I'm not talking about ports, right? I'm not talking about port 80. I'm talking about the application. Is it Facebook?
Or is it Salesforce or whatever am I allowed to use this kind of, of application? And it should provide security, obviously as a cell interception could be one topic, but it should give you capabilities to detect and prevent known and unknown malware. So that's part number one part. Number two would be the API based ones. And that's an interesting beast because they're all very different and all those APIs and all the capabilities, the SaaS providers are offering are different.
The good part is once you are consuming a security service, you don't have to care any longer about the APIs because that's what the vendor in this case Palo Alto is doing for you. So you can apply contextual security. Speaking about malware. You can apply things in with regards to data loss prevention, and you can do compliance checks with whom are you sharing data? What kind of data are you sharing, who is accessing your data? And this is being done from a top level view, right? So there is lots of things that can go wrong. Sometimes not known to people.
They're just doing it with a good intention because they might not know the technology. So this is giving you a complete different view from a compliance point of view. And thirdly, the endpoint, I already mentioned the endpoint flexibility on the endpoint. That's something the business is asking for and employees definitely love it, including myself, but from the security perspective, the endpoint is, is kind of a, a complex piece, right? So you do have your legacies. So you do have your kind of compliance.
And now you do have all those new things which are happening, but it's a good moment in time to use the, the, the coincidence of cloud security for having a look at the endpoint as well, because definitely the ways you're communicating are different. You need to prevent unknown malware. You need to be careful about zero day exploits. You need to steer the traffic we already talked about and probably multi, multiple times about zero trust initiatives and it, something could be happening, right?
So even EDR, so pulse breach or user behavioral analytics could be another topic, which you, which you would be interested in, interested in speaking about security and cloud. So I've heard a couple of, or I've seen on, on a couple of slides, AI ML analytics. So we're talking all in the same ballpark where we're using all the, the same kinds of ideas. We're some are using it a bit more in the marketing framing.
I, I wouldn't call it AI it's for the majority of times, it's machine-based learning or it's, it's simply just some algorithms, but there's two key elements, which you typically need. And this is where, where cloud comes really handy. So number one, for applying machine based, learning and algorithms, you need to have access to data. You might say we're doing that since quite a time. We're having a capable cm, but if you talk to the Analyst, they will tell you, well, when I, when I make a query, I can have a real big mug of coffee before the answer comes back.
So you do have the data, but it's really hard to work with them because you don't have the capacity and even harder, you don't have the algorithms oftentimes, which are interesting to you. So, and that adds again, up to the, what I already called this big step of, or this, this big chunk of security, which you have piled up over the last two decades. So you're just acquiring another piece of software, another piece of maybe appliances to get ahold of this new algorithm, which could give you user behavior or whatever kind of interesting algorithm.
But you just have those tiny little keyhole, which you're looking through, right? You're not seeing the whole environment. The algorithm might be good, but it just not does it doesn't see enough data. So what we're thinking about that is, is from my point of view, quite clever, we do see a lot of different types of data. We do see cloud information. We do see network based locks. We do see endpoint logs. We're just consolidating all those log informations in one place, we're leveraging the cloud.
So the agility which you do have in cloud to manage really big data pools on top of that, we do have a framework which does allow us to run applications on that. And that is an open framework. So it could be a Palo Alto networks. Application could be your own application or a third party vendor, whatever kind of application helps you to do your security business. And once your algorithm found something could be user behavioral, or it could be whatever kind of nature you can feed that back into the architecture to really apply security.
And that is what we do call the security operating platform. So all of those different technologies, which are already mentioned, network cloud endpoint are feeding into the application framework. You can apply different algorithms, as I said, could be user behavioral or could be malware, whatever. And then you can feed, feed that information back into the, into the infrastructure for preventing or for blocking or for containing, or just for triggering your sock to go maybe into an additional response using the EDR capabilities on the end point.
And with that I'm finished and I'm thanking you for taking the time to listen to my presentation. And I think we're now at a break, right? Yes. Thank you very much, Mr.
