With enterprise technology constantly chasing improvement, data infrastructures are equally getting more intricate, nuanced and challenging to manage from a cybersecurity perspective.

That’s not stopping the supercloud moment from gradually manifesting. As the industry ushers in this new phase, what cybersecurity complexities are data-rich organizations facing in their multicloud deployments?

“There are a couple [of] things that we focus on — number one, getting that full life cycle,” said Elia Zaitsev (pictured), chief technology officer of CrowdStrike Holdings Inc. “We think this is a key thing that organizations need to focus on. It’s not just about protecting the runtime environment. It’s not just about the application layer. It’s not just about infrastructure and the configurations and the misconfigurations — you really wanna tie all of those together, number one, and you wanna do it in one place. Too often I see companies that focus on just one of these piece, and they’re missing out on that full protection capability by bringing it all together.”

Zaitsev spoke with theCUBE industry analyst John Furrier at the Supercloud 3: Security, AI and the Supercloud event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the mounting cybersecurity challenges as companies deploy increasingly intricate multiclouds.

The ‘why’ aspect

Finding effective solutions for any problem often begins with investigating causative factors. For cybersecurity in today’s multicloud-dominant landscape, it’s a problem of sheer scope as companies operate across managed services, databases, software-as-a-service tools and, of course, the core cloud itself, according to Zaitsev.

“We are seeing the majority of customers running services in multiple cloud providers,” he said. “That might be a combination of your traditional virtual system, but in many cases they’re using a lot of managed services and serverless technologies as well — database technologies, container hosting environments, serverless functions. Then, of course, don’t forget all your SaaS applications, which are ultimately living in the cloud as well.”

The concept of a developer, and of software development itself, has changed — linear processes have given way to massive automation and reproducibility. CrowdStrike is trying to solve the sprawl problem by providing companies and teams with holistic visibility across the full life cycle of cloud deployment processes, according to Zaitsev.

“If you think about the old days of traditional on-premise security, you’ve got your developer, they write their code, then they’ve got to go talk to their IT person. Their IT person gets a server, sets it up, you deploy your application [and] you’ve got one little place to secure it all,” he said. “Now we’re in the modern cloud environment where, first of all, the developer — with techniques like infrastructure as code — they’re setting up their own infrastructure, they’re taking that one application and they’re spinning up a thousand, 10,000 copies of it.”

Beyond just pointing toward the network

The security posture for enterprises weaves a thicker web than ever. With applications, workloads, the network and data layers — and a software supply chain to gap-proof — it’s not just enough to direct cybersecurity at the network anymore. Companies have to secure across the development, configuration and runtime layers to stand a chance of preempting or remediating security breaches, according to Zaitsev.

“The key is combining them all together in a simple, easy way for the analyst to shift back and forth,” he explained. “If I see at runtime that something has occurred, great. I’ve stopped it then and there. But remember, that application may be replicated 10,000 times over — I now have 9,999 other vulnerable applications. Let’s not wait for the runtime security to save the day at the last minute.”

Artificial intelligence is another key factor in all of this. It’s changing how enterprises approach operations across the board and will be an important tool for both cybersecurity defenders and attackers. For the former, it’s a case of matching the velocity of new threat vectors using AI, according to Zaitsev.

“The adversary is not fully automating their attacks,” he said. “They are taking the best of what humans bring to the table — creativity, ingenuity — and then they’re combining it with that ruthlessness of the machine. That 24/7 operating at speed, never take a break, never take a vacation. We think you have to do the same from the defender’s perspective — AI is ultimately going to deal with a lot of that velocity.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Supercloud 3: Security, AI and the Supercloud event:

Photo: SiliconANGLE