Mignona Coté is on a quest to simplify her complicated profession.

NetApps Inc.’s chief security officer (pictured) has written about streamlining data protection and simplifying security processes for cloud architectures. Her approach challenges the security industry to assess the true effectiveness of various practices and create a more secure cloud ecosystem as the technologies surrounding it become more complex.

“I’m on the side of the native cloud environment, on how we can protect the environment,” Coté said. “We have an opportunity to embrace security in a different way without … vulnerability scans and patching and all those other things that we’ve been doing for at least 20 years since I’ve been in the industry. What is that future, and how do we handle the complexity across the cloud environment?”

Coté spoke with theCUBE industry analyst Dave Vellante at the Supercloud 3: Security, AI and the Supercloud event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the need to follow basic security practices and how AI will likely be used by defenders and threat actors alike.

Don’t click the link

A central part of Coté’s message is that users need to become more sensitized to clicking on dangerous links or utilizing bad passwords.

“I drove a campaign: ‘Just don’t click the link, just don’t click it,’” Coté said. “We train the people on what looks right, what is right and what’s not, but still they’re moving fast. Other collaboration tools like Teams and Slack still have links, but they’re not yet as compromiseable as what we have on email.”

Passwords are another key area of concern. Users continue to adopt passwords that are ridiculously easy to compromise, placing either their personal information or company assets in jeopardy. Coté has followed a marketing approach to simplify this message as well.

“One, two, three, four, five, six: That’s a common bad password, and still people use it to get hacked,” Coté said. “We use our marketing team to help liven up and share how to just not use a bad password. ‘Bad password’ sticks in your head more than ‘harvest credentials.’ It’s just simplifying the language and repeating it over and over and over.”

While a steady drumbeat of messaging over better security practices may change user behavior, Coté also recognizes that the technology world must follow a simpler path. One area that is ripe for improvement concerns the use of image selection CAPCHAs to make humans prove they are not bots before being allowed access to a website.

“We make our devices so complicated to use, it’s miserable to be on the computer,” Coté said. “That’s because we are trying to fill in every control possible in every scenario possible of how a threat actor can get in. I’m on this screen all the time trying to pick out the bicycle. What square is the bicycle in? Here I am having done this for 30 years and find it complicated with the most basic things.”

Training AI for security

Coté has written that companies must automate multicloud monitoring and threat response to embed an extra level of protection. Cloud tools supported by artificial intelligence can stress test a firm’s cybersecurity posture and do much of the heavy lifting to keep critical data secure.

“We can train AI to know what’s normal or know how we operate or have a pulse in the environment,” Coté said. “We know what’s healthy, and then we can train it to know when we get a wart or when we feel bad. In the backend, there is the code and the training and the skills of who can actually train and do that and make sure that we’re actually training on good behaviors and not bad behaviors.”

Those bad behaviors remain a problem for cybersecurity professionals. Threat actors also have ample access to AI tools, and there is concern in the industry that advances in AI technology can end up powering more sophisticated cyberattacks in the near future.

“Threat actors can train on bad behaviors,” Coté said. “They can know, based on AI, the pulse of the internet, where are the holes, what are the mechanisms to get into the holes. It’s going to be a continuous battle, but hopefully we are the smarter group and we win.”

In 2021, NetApp acquired CloudCheckr Inc., a cloud optimization software firm. NetApp integrated CloudCheckr with its Spot by NetApp service to deploy analytics and automation for building more cost-efficient infrastructure. CloudCheckr has been useful in tracking security efficiency as well, according to Coté.

“I use our tool, our own technology called CloudCheckr,” Coté said. “I want to make sure that I have the environment configured tightly. Then I would make sure my networks are very segmented through virtual private clouds. You keep those networks segmented so that they cannot cross communicate or you have a single cross-communication channel of which then you can protect that communication.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Supercloud 3: Security, AI and the Supercloud event:

Photo: SiliconANGLE