In an era where technology is continuously evolving, safeguarding critical infrastructure and sensitive data is an ever-growing challenge. The complexities of modern technological ecosystems, coupled with cyber threats, have necessitated a paradigm shift in cybersecurity strategies.
To shed light on these critical matters, Mandy Andress, Chief Information Security Officer at Elastic, elaborated on the prevailing challenges and the pivotal role played by a CISO.
With a remarkable career spanning over 25 years, Mandy brings a wealth of experience and insights to the forefront of the cybersecurity discourse.
In this exclusive interview with The Cyber Express, Mandy delves into the intricate domain of securing infrastructure and data. The impact of Elastic’s open-source ethos on cybersecurity, and the ever-evolving landscape of compliance and data protection regulations.
Furthermore, Mandy elaborates on the transformative potential of Elastic’s solutions and the proactive measures undertaken to counter emergent cyber threats.
As we navigate through the dynamic contours of cybersecurity, Mandy Andress provides invaluable insights into the strategies, principles, and approaches that drive Elastic’s commitment to securing the digital realm.
In your experience as a CISO, what are the key challenges you face when it comes to securing infrastructure and data, particularly in the context of cybersecurity threats?
You can’t secure what you can’t see. That’s the heart of the two big challenges we see as security practitioners, the complexity and sprawl of an organization’s infrastructure, coupled with the rapid pace of technological change.
As data becomes more and more decentralized across on-premise, SaaS services, hybrid and multi-cloud environments, organizations are increasingly grappling with how to effectively secure that data.
The more complex and distributed an organization’s system, the harder it is to see all the data that lives within it.
Security teams should consider adopting tools and practices that provide deeper visibility and control over the data within their environments, which will ultimately help them better understand potential risks and threats while giving them the insights needed to further bolster their security postures.
Elastic is known for its open-source products like Elasticsearch and Kibana. How does your team address security concerns related to open-source software, including vulnerability management and ensuring the integrity of the codebase?
Elastic has a proud heritage of open, community collaboration, and we take that same open approach to security. Many would assume that open security—where security vendors share open detection rules, open artifacts, and open code—is incompatible with true security and will only lead to weaker security postures.
But it’s just the opposite: open security provides practitioners with a better understanding of threat intelligence work and how security technology operates within an environment, allowing them to focus on identifying gaps and addressing vulnerabilities in their own technology stacks.
Much like open source collaboration, security teams can leverage the cybersecurity community to simplify their overall security processes more efficiently than any security operations center can achieve on its own.
Your company caters to a diverse range of customers across different industries. Could you highlight any specific challenges or considerations you face when it comes to meeting the unique security requirements of various sectors, such as healthcare, finance, or government?
Sectors may have different regulatory requirements and focus areas for threat actors, but overall security challenges remain very similar across industries and organizations.
Focusing on the ability to find and explore relevant, quality data quickly and at scale is crucial to understanding what is happening in your environment—especially across very large and often decentralized data sets.
Additionally, with generative AI augmenting the pace and effectiveness of threat actors, organizations across industries will have to adapt their security practices to successfully mitigate increasingly sophisticated attacks.
For global companies, data sovereignty is also an important consideration. At Elastic, this means providing customers with the foundational architecture that gives them full jurisdictional control over their data in the country where it resides while enabling analytics across all their data globally.
Compliance with data protection regulations, such as GDPR and CCPA, is a significant concern for organizations handling sensitive customer information. Could you discuss your experience in managing data privacy and compliance in ensuring adherence to these regulations?
It’s important to ensure that we are not implementing activities just for the sake of compliance. Data protection regulations each exist to achieve a certain goal, and I prefer to focus on the objectives and implement requirements in a way that aligns with a company’s overall business philosophy and operating model. This helps ensure that the necessary activities are just part of doing business as well as doing what is right for our customers.
Could you share a specific example of a complex compliance issue you faced and how you effectively navigated through it, ensuring both regulatory compliance and maintaining a strong security posture for the organization?
Compliance requirements can be very complex and costly, significantly impacting an organization’s cost structure and efficiency. The approach I have found to be most successful is to first focus on the “why” of the requirement – what objective is trying to be achieved?
With this in mind, we then look at our business processes and identify where we need to make changes, collaborating with the business owners. With this approach, you are best positioned to meet compliance requirements in a way that aligns with your company’s operating philosophy and not just an added on extra process.
I take the same approach to all compliance requirements
How have the recent cyber attacks associated with the MOVEit third-party data breaches influenced your security framework? Has it prompted any adjustments or changes in your security teams’ approach to their work?
Elastic was not impacted by this breach or prior security issues with other file sharing tools in the same space and it did not alter anything in our security framework.
For many organizations, these types of cyber attacks serve as a necessary reminder of the challenges of continuing to use older technologies that are not always able to adapt to modern threats and threat actor knowledge.
Given the dynamic nature of cybersecurity, how do you and your security team stay up-to-date with emerging threats and vulnerabilities, and how do you incorporate this knowledge into your security strategies and practices?
In addition to the standard cybersecurity websites, podcasts, social media resources that we monitor, I believe there is great value in sharing what we learn with our peers and providing insights from our experiences.
As with having an open approach to security, leveraging our communities, building on their collective knowledge, and sharing the common code and techniques that keep systems safe is what allows us to create more robust securities and practices—quickly and at scale.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.