Securing Identities, Data and APIs in the CloudPhil Rodrigues of AWS on Security Innovations and the Need to Bolster Defense
Threat actors continuously target identities through different attack vectors, such as phishing, exploiting exposed credentials and weak passwords, or employing advanced techniques such as social engineering to gain access to critical data and network assets. The widespread adoption of cloud has expanded the attack surface for identities and data. With information stored remotely and accessible from various locations, it has increased the potential points of vulnerability.
Cloud breaches can have far-reaching consequences on businesses, including direct revenue losses. This proliferation necessitates a heightened focus on robust security measures, including encryption, multifactor authentication, and continuous monitoring, to mitigate these newfound risks effectively.
In addition to safeguarding data, identities and APIs, it is important for CIOs and CISOs to prioritize adopting a zero trust network access approach. "CIOs and CISOs should understand that the focus has shifted from infrastructure and devices to APIs which are most vulnerable points of entry in both traditional and cloud-first organizations," said Phil Rodrigues, head of security Asia Pacific and Japan commercial at Amazon Web Services (AWS). "Therefore, it is important to relook at the security across all layers of business through the lens of identity."
In this video interview with ISMG, Rodrigues discussed:
- The importance of safeguarding new targets data, identities and APIs;
- Understanding shared security model;
- Open Cybersecurity Schema Framework (OCSF) and observability.
Rodrigues works with CISOs and CIOs across Asia-Pacific to help them improve their security, risk and compliance in the cloud. He has more than 20 years of experience working in top-tier research, military, finance and corporate environments in the U.S., Europe and Asia-Pacific. Before AWS, he worked as an information operations specialist in the U.S. Army, as a penetration tester on Wall Street and as the regional VP for a global managed security provider.