TechBytes with Arun Kothanath, Chief Security Strategist at Clango
Know My Company
Hi Arun. Please tell us about your journey in technology and how you started at Clango.
The current cybersecurity team started about 26 years ago. The team did pioneering work in providing solutions that focused on application security. A few years later, the team started focusing on areas concerned with User Identity, as the industry was still defining what it needed. The current cyber team at Clango encompasses skills that are required to address every aspect of Identity Management in an enterprise.
Tell us more about the team you work with? What kind of skills and abilities does one need to be part of your technical team?
Clango is fortunate to have an excellent team with unique skills. The team can plan, implement, and run very complex Identity Management functions for our clients, which include a variety of Industry verticals and several Fortune 100 companies. Our team members are exceptional in turning customer concerns into living solutions. The team possesses deep technical skills, wide industry understanding, and several years of working experience in the Identity Management field. Clango is committed to investing in our engineers and advisers in a variety of ways to acquire the skills required to provide exceptional service to our customers and to stay ahead of the market.
GDPR was launched in 2018. CCPA came into effect from 1 January 2020. China also introduced the first-ever Password Law. How do you see these developments in the context of modern cyber-threat intelligence?
It’s an interesting time when it comes to regulation. Every regulation that has been introduced thus far and that is on the horizon includes components that make managing User Identity and its attributes a prime concern. For years, Clango has taken an identity-centric approach to cybersecurity, allowing us to effectively manage risk. Clango has proven that all cybersecurity aspects can and should pivot from strong practice of managing user identities. The regulatory landscape emphasizes Clango’s focal direction and vision of such solutions.
Big data, mobility and IoT/connected devices— these have opened up a whole new level of cybersecurity layers that need to be addressed immediately. How does Clango help mitigate security risks in these areas?
When defining a strong case for Identity Management, what results is a reliable definition and enforcement of “who can do what.” This leads to ensuring access for the “right identity to the right resource at the right time” based on business, regulatory, and security policies that drive the operational environment in an enterprise. By providing solutions that increase visibility to the Identity functions, Clango helps organizations to proactively assess and mitigate organizational risk. Mobile and IoT devices deal with efficiently providing access to users by not compromising risk factors. Big Data provides a means for analytical brains to assess risk based on a variety of data inputs. Layering these with Identity functions to enforce control structure is what Clango does for its customers.
You have worked as Chief Security Strategist for more than a decade now. What is the biggest challenge the data-agnostic organizations are staring at today? How do you leverage security, IAM and forensics technology to find solutions for these complex challenges?
To be precise, I’ve worked 16 years in that role. The challenge has always been to collaborate with business objectives and security operations. Vision and strategy are always at odds with the tactical operational aspects of an environment.
Leveraging IAM is very effective in creating a consensus among business and security leaders. IAM does not speak to a specific technology or a specific incident; rather, it associates people with the correct access and privilege to resources. This allows solutions that will either increase visibility to various operations and/or enforce policies that restrict unauthorized access and thereby avoid incidents. By associating people, roles, entitlements, and privileges, forensic applications can ensure a fast resolution on incidents. Moreover, the ability to automate many functions based on Identity helps organizations avoid human errors, which are always the weakest links in cybersecurity challenges.
What kind of governance policies are we looking at to tackle issues with data theft, fraud and identity stealing? How can blockchain governance and forensics prevent these?
Biased toward the centrality of Identity, I would argue that if an organization has full control of all its identity functions, it will ensure the implementation of governance structure that can tackle data loss at the root. Ensuring “who has access to what” upfront, based on several role-based policies to ensure appropriate access and privileges, increases accountability in approving these entitlements and increases visibility that educates enforcers about the risks.
Blockchain-based systems can automate and enforce a number of functions in IAM systems. A trusted distributed ledger can bring together a number of discrete identity functions and enforce automation. This, in turn, will aid forensic applications in faster resolutions as well.
For example, a blockchain-based approval system can automate approvals and grants of access and privileges in a predefined way, and each action will be accounted and audited. This increases the possibility of a forensic application resolving an incident if/when it happens.
As more and more business groups join the digital transformation revolution, data breach incidents are only going to increase. Which businesses are more likely to fall victim to such risks in the modern digital era?
Data is valuable. Its value increases exponentially when one can collect it from different sources and correlate it to a corresponding identity. In this kind of paradigm, all businesses are equally important since they hold data about a “person” that might be relevant in a number of contexts. In other words, it would be foolish to dismiss a business based on what it does when it comes to digital data. Consider the compromise of an HVAC company resulting in the breach of a very large retailer.
Digital transformation efforts increase the accountability of those who initiate them. Identity-based enforcements help ensure the cybersecurity control functions that are the cornerstones of digital data containers.
How can such businesses prepare against cyber risks and data breach?
Unfortunately, there is no single line answer here. Businesses should focus on identifying the risks associated with the data they are holding, collecting, and handling. From Clango’s experience, and suggested by various industry analysts and watchdogs, Identity-based cybersecurity initiatives can take businesses several steps closer to increasing their cybersecurity maturity to reduce risk and in most cases, prevent a catastrophe such as a data breach.
Is AI and Cybersecurity a safe and controllable confluence to deal with? How can the smaller businesses jump into this whole gig economy of AI+ Cybersecurity?
AI is predicted to influence cybersecurity as these systems improve. Current claims point to such results. But remember, AI is only as good as the data it continually receives.
For small businesses, I believe the scenarios are getting better every day. Depending on the functional area, a number of SaaS and Cloud service providers have promising offers. As more and more in the application world are turning toward SaaS and Cloud, these providers are building AI and cybersecurity concepts into their applications.
What is needed is an objective analysis of how AI can be beneficial to a particular business.
We hear a lot about AIOps and its role in transforming IT and Cloud Services. What opportunities and challenges do you work with on a daily basis?
Ever since Gartner introduced AIOps as a market, the industry has seen a variety of manifestations. At the core, Big Data and machine learning systems analyze data to create actionable events to automate operations. The biggest hurdles here are the current siloed IT operations that exist today. This provides only a fractional view of the overall environment, so automated decision-making does not address the full context.
Truthfully, we don’t currently see what could be called a “full realization” of AIOps. Various organizations are test-driving concepts, struggling with implementing the first phase of providing data for “observable” purposes. We don’t believe technology is the impediment here. As business units among organizations become more aware of the purpose and cause of AIOps initiatives, it will become easier and more real.
Arun Kothanath is the Chief Security Strategist at Clango where he leads all strategic aspects of Clango’s Cybersecurity consulting group. Focusing on Identity and Access Management as a critical component of overall Cybersecurity strategy, Arun provides thought leadership and advisory services to Fortune 100 enterprises, technology companies and various start-up initiatives. With 20+ years of experience, Arun has helped several organizations to develop a cybersecurity vision and strategy, develop and execute on product development and define managed security services.
Recognized as a leading Identity and Access Management (IAM) consultancy, Clango enables organizations to mitigate risks around critical business data, infrastructure, and assets. For the last 25 years, Clango has empowered Fortune 500 customers to realize strategic business value by providing them with advice that delivers a clear and comprehensive approach for optimizing their cybersecurity investments.