Securing storage systems is critical for not only protecting customer data, but also for saving time, resources, and money within an organization: if data is consistently secure, enterprises can apply some of their efforts elsewhere.
If enterprises are spending too much time and effort scrambling to secure their data against cyber attacks, such as ransomware, they’ll be behind in their other business priorities. But what steps should companies take to improve their storage security strategy?
Jon Clay, VP of threat intelligence at the cybersecurity company Trend Micro, recently shared with Enterprise Storage Forum his insights on the storage market and some storage security practices companies can implement:
Jon Clay is vice president of threat intelligence at Trend Micro. With over 25 years of experience in cybersecurity, Jon uses his industry experience to educate and share insights on all Trend Micro externally published threat research and intelligence. He focuses on the threat landscape, cybercriminal undergrounds, the attack lifecycle, and the use of advanced detection technologies in protecting against today’s sophisticated threats.
Data Storage Cybersecurity Q&A
Working at Trend Micro
Enterprise Storage Forum: How did you first start working in the storage security market?
Clay: Trend Micro was the first company to develop malware scanning for servers, actually providing a scan engine for Novell’s LANdesk Virusprotect solution back in the mid ‘90s. Since then, we’ve been developing solutions that provide protection for many different types of storage, from NAS devices to now AWS S3 buckets and Microsoft Azure blobs.
Enterprise Storage Forum: What is your favorite thing about working at Trend Micro?
Clay: Having worked at Trend Micro for the past 25 years, the culture within the company inspires me and provides me with opportunities I may not have had anywhere else. We have a global community of Trenders who all give me the chance to work with a very diverse group of individuals and learn many interesting things about them every day. The company’s support of philanthropic efforts around the world is tremendous, and we all are committed to helping the world be safe from cyber threats.
Enterprise Storage Forum: What sets Trend Micro’s cybersecurity approach or solutions apart from the competition?
Clay: Our history of working in this market is a major advantage, as we’ve seen first-hand how malicious actors and their threats have evolved over time. Our constant innovations to ensure we stay ahead of the bad actors has ensured our customers stay protected. Over 15 years of experience with artificial intelligence and machine learning technologies has allowed us to be very competitive against the new generation of vendors, many of which haven’t that many years of being in existence.
The storage security market
Enterprise Storage Forum: What is one key storage security technology that particularly interests you?
Clay: The ability to protect cloud storage, like AWS S3 buckets, Microsoft Azure Blob, or Dropbox folders to ensure those areas are now protected. Many breaches today are caused by users misconfiguring their cloud storage technologies and opening them up for public access. As such, these need to be protected.
Enterprise Storage Forum: What is one storage security technique that teams should implement?
Clay: Least privileged security policies would help teams deal with challenges of too many people within the organization having access that shouldn’t. Enabling multi-factor authentication to access storage would help deal with stolen credentials that malicious actors regularly use to gain access to valuable data within an organization’s storage.
Enterprise Storage Forum: What is one storage security strategy that companies should implement?
Clay: Cloud Security Posture Management is a technology that can monitor AWS and Microsoft storage configurations and flag any violations that may misconfigure and open the storage to attacks.
Enterprise Storage Forum: What is the biggest storage security mistake you see enterprises making?
Clay: Misconfigurations of existing storage technologies, like AWS S3, that cause these to be easily accessed by malicious actors on the internet.
Enterprise Storage Forum: What are some current trends in the cybersecurity market, particularly focused on stored data, that are promising?
Clay: Technology that helps organizations manage their cloud storage needs, with ability to ensure this is being implemented correctly, monitored continuously, and alerting to any changes that may create bigger risks of compromise.
Enterprise Storage Forum: What are the biggest factors that are driving change in storage security?
Clay: The number of malicious actors and APT groups is growing every year and their knowledge and sophistication is doing the same. Also, as critical data will be stored both on-premise and in the cloud, it will be the target of many of these actors. This means more complex threats and attacks will be targeting storage of this data in the future, and the security industry will need to constantly evolve to stay ahead of the malicious actors’ TTPs.
Enterprise Storage Forum: How has cybersecurity changed during your time in the market?
Clay: For one, the shift to cloud has brought a dramatic change to how organizations store their data, and this technology requires a unique approach to securing it. The other is every organization now stores massive amounts of critical data that is very valuable to malicious actors. Identifying your critical systems and data is the first step in developing a risk-based approach to running an organization.
Enterprise Storage Forum: Where do you predict the storage security market will be 5 or 10 years from now?
Clay: With the amount of data growing every year, the amount of storage that will be required is going to be astronomical. Organizations will need to build capabilities that are easily able to manage and secure this data. As such, the security market will need to evolve to ensure this data is easily accessible but also protected. Encryption is likely to become a very integral component to this process.
Personnel in storage security
Enterprise Storage Forum: What is one technology your team wants storage security professionals to know?
Clay: Cloud security posture management that can help them deal with misconfigurations of their cloud storage.
Enterprise Storage Forum: If you could give one piece of advice to a storage security professional in the beginning of their career, what would it be?
Clay: Constantly educate yourself on the malicious actors tactics, techniques, and procedures (TTPs), as that will help you better understand your adversary and how they will target your environments. These regularly evolve, and unless you stay educated, you may lose sight of what is coming.
Enterprise Storage Forum: With the shortage of tech talent, how is your team finding and retaining professionals to work in storage security?
Clay: Trend Micro has invested in creating a number of programs we run internally that brings in people from around the world in classes that run for a number of weeks, and we educate them on the industry and technology that is used. This allows us to have a regular group of individuals we can hire into roles where we lack support. The company also looks for talent globally and encourages a work-from-home model, so we can hire people regardless of where they live.
Enterprise Storage Forum: For the greatest business impact, what should storage security professionals be focusing on most in their roles?
Clay: Becoming part of the overall team that ensures their work is built into the business goals and collaborating with the other business units to ensure security is part of the business discussions and processes.
Enterprise Storage Forum: What is one of your top professional accomplishments?
Clay: Working for the same technology company for 25 years and still enjoying what I do and being able to educate the global public on cybersecurity.
Enterprise Storage Forum: What is your favorite part of working in cybersecurity?
Clay: Traveling the world and meeting people of different cultures and finding out they are great and not as different from myself, all while being able to share my experiences and educating people about our industry.
Enterprise Storage Forum: What is one of your favorite parts of the work week? How does it encourage or inspire you?
Clay: Whenever I get to share information with people, whether via a blog, a video, a webinar, or an in-person event. I’m inspired whenever my audience interacts with me and wants to learn new things that I can share with them.
Enterprise Storage Forum: Do you have a favorite way to recharge during the workday?
Clay: I have been working from home for over 21 years now, so getting outside for a little bit to play with my dogs or just enjoy the sunshine helps me recharge.
Enterprise Storage Forum: What are your favorite hobbies or ways to spend time outside of work?
Clay: I’m an avid golfer and tennis player, but my passion is fly-fishing, which recently has taken me into Tenkara, a style of fly fishing from Japan. I also tie my own flies, which is a lot of fun.
Read next: Top Cybersecurity Solutions