Prasad Mandava is the Managing Director & VP of Engineering-India at Akamai Technologies, and has been leading the company's strategy and initiatives in the country. Mandava has been associated with Akamai for over ten years now. Prior to joining Akamai, he served as Managing Director, Mobile Aspects India.
In an interaction with CSO India, Prasad Mandava shared his thoughts on the prevailing cybersecurity scenario, the technologies impacting the sector and what the future holds in terms of cyber risk management.
What are the three biggest security challenges you see in 2019?
With what happened in 2018 and earlier, what’s evident is that the field of cybersecurity will always be evolving as the nature and variety of attacks evolve, and so does the sophistication of those perpetrating them. For an organization that has been at the forefront of cybersecurity as long as we have, it will be short-sighted to predict the exact nature of attacks that will impact our networks or the tools and measures we use to protect against those attacks.
However, what we can predict with absolute certainty is the research and technological prowess that Akamai has to ensure a safe digital experience for consumers and enterprises alike.
Which technologies are disrupting the cybersecurity landscape?
Akamai recently announced the March release to its platform. Here’s some of what is under consideration for us when it comes to enhancing cybersecurity capabilities for our customers and partners.
- Securing the cloud: Many organizations have cloud migration initiatives underway and the impact on security teams is very pronounced. They have little control over what applications are being migrated or deployed on the cloud but are responsible for their security. We have the capability to secure applications in a better manner in hybrid and multi-cloud environments, ensuring responsiveness to a wide variety of threats from a single pane of glass.
- Simplified zero trust adoption: Our suite of products are being combined into a single package that makes it easier for customers and partners to protect their enterprise applications as well as their users.
- Identity at the edge: With our acquisition of Janrain, we’re now a leader in the field of customer identity and access management. What this means is the ability to automatically protect account registration login pages against DDoS and Web Application attacks. We also have the capability to provide this in a SaaS delivery model for easier and faster deployment.
- Content protection: With content going increasingly digital today, we’ve enhanced our content protection capabilities in media portfolio to ensure a secure, high quality experience that audiences demand.
What impact will artificial intelligence and automated threat intelligence have on cybersecurity initiatives in the coming times?
To really get into the impact of artificial intelligence, we must first understand what machine learning is. It’s the ability to have a computer act without being explicitly programmed which is a massive departure from the conventional sense of what most people are accustomed to in their interactions with devices. Take for example the ability of a self-driving car to not hit a pedestrian or Facebook’s capability to able to identify friends in photos you upload. These are examples of what’s known as syntactic learning.
“The adoption cycle that started with resistance to cloud, then moved to public and private cloud environments, followed by resistance to hybrid architectures – is no longer a point of concern. Businesses are now more interested in figuring out how to make the best of the latest innovation.”
When it comes to cybersecurity, computers are programmed to prevent against known exploits. An example of this is Web Application Firewalls where researchers build on pre-existing knowledge of all possible threats.
When it comes to AI, machines can be fed logs to understand application behavior as well as vulnerabilities. However, as is evident in the fact that we’re feeding data to machine, its ability to predict and prevent abnormalities in web traffic will only be as good as the data it is being fed. And this becomes dangerous in an unsupervised model where the machine is expected to self-learn. It could predict a large amount of positive web-views as a DDoS threat or the contrary - both of which are detrimental when a server is shut down.
How can enterprises prepare better to deal with advanced persistent threats? What is your advice to CSOs and other top level security management professionals?
When it comes to what to focus on, there are three main call-outs:
- Cloud adoption
- Security and business today are very intertwined
Cloud adoption — Rather than feat it, embrace it. It allows you to become more secure and agile at the same time while focusing on profitability and growth. Based on our observations, adoption is no longer a concern for businesses. Our customers are increasingly focusing on building the right infrastructure to suit the needs of businesses.
The adoption cycle that started with resistance to cloud, then moved to public and private cloud environments, followed by resistance to hybrid architectures – is no longer a point of concern. Businesses are now more interested in figuring out how to make the best of the latest innovation.
Zero-trust – It is wiser to assume that everything can and is potentially compromised and put in place security and business policies that follow that assumption. The security posture of an organization needs to evolve and can’t be necessary binary in its approach towards traffic originating from within the organization and the traffic that it receives.
Security and business are intertwined – Security today plays an even greater role in business than ever before. Business risk and security risk are inherently proportional to each other and can’t exist independent of one another as organizations today are defined increasingly by their online reach, rather than their offline holdings or presence.