In an enterprise computing ecosystem where digital transformation is accelerating, the need for cybersecurity resilience has never been more critical.
As businesses adopt advanced tools, such as generative artificial intelligence and cloud computing, they are also facing growing risks. Balancing the pace of innovation with strong security is a challenge that requires more than just technological solutions — it calls for a strategy that includes ongoing testing, development and the ability to secure increasingly complex supply chains. These interconnected systems now demand a stronger focus on both proactive defense and communication to stay ahead of emerging cyber threats, according to Taylor Lehmann (pictured), director of the Office of the CISO, Google Cloud Health, at Google LLC
Google’s Taylor Lehmann talks to theCUBE about cybersecurity resilience.
“Every problem is made easy to solve if you can recruit people to care about it and frame it in terms that they understand and contribute to,” Lehmann said. “Overall, every cyber strategy succeeds or fails on this point. Every great CISO becomes a greater CISO or not a… based on their ability to deliver on this.”
Lehmann spoke with theCUBE Research’s John Furrier and Savannah Peterson at mWISE 2024, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the need for cybersecurity resilience as businesses adopt AI and cloud technologies, emphasizing proactive security testing, secure procurement and better communication to manage risks in complex supply chains. (* Disclosure below.)
The power of proactive security
It is important to take proactive steps to ensure an appropriate response when it comes to security measures. Real-world testing is of great value, including red teaming and tabletop exercises, which allow organizations to simulate potential breaches and stress-test their defenses, Lehmann explained.
“We have this new thing called generative AI, which isn’t actually that new. It’s been around for a long time and yet we’re trying to discover how to secure it properly,” he said. “It’s almost the same problem that you were trying to solve before it showed up, it was just called application security and supply chain security. It’s just got a new fancier flashier name on it.”
As companies seek to integrate advanced technologies such as AI into their operations, there is a significant focus on securing these systems in practical, scalable ways. Application security and supply chain security are becoming more prominent as organizations recognize their increasing dependence on external services and APIs, according to Lehmann.
“The thing we need to do about it is stop doing the things we’re currently doing about it, which is arm’s length assessments of how these service providers or services are built,” he said. “Stop necessarily taking somebody’s word for whether it’s secure or not. I want all of the services that are being put out that I’m consuming to be secure-by-design. I need to mandate that in my procurement cycles, I need to enforce that when I adapt something, and I need to make sure that’s true all the time.”
Cybersecurity resilience in a shifting landscape
Resilience is not just a buzzword, but a measurement challenge in cybersecurity today. The focus is shifting from merely protecting data to ensuring business continuity even in the face of security breaches. Organizations must be prepared to handle disruptions by knowing their systems intimately — what assets they possess, how these assets interconnect and the external forces that could affect them, according to Lehmann.
“We need to not only test to see where our weaknesses are, but we also need to test to make sure that we have confidence in the defenses and that they’re working,” he said. “There’s other types of analysis and assessments, we need to do both.”
There is also the need for a broader, more democratized approach to finding and training professionals worldwide. With real-time translation and transcriptions making it easier for teams across the globe to collaborate, there’s an opportunity to engage a more diverse range of talent and ensure cybersecurity solutions are accessible across regions, Lehmann pointed out.
“On one hand, you could say yes, there are not enough people with the right skills necessary to take on some of these challenges. Another could say we have enough people,” he said. “We just don’t have the right ways to engage them and find them and train them. I think we need to work on both of those things and we need to make cyber accessible to them earlier.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of mWISE 2024:
(* Disclosure: Google Cloud Security sponsored this segment of theCUBE. Neither Google Cloud Security nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)