Consumers are increasingly concerned about cloud security in light of breaches this year, from those affecting International Dairy Queen, Inc. and JPMorgan Chase & Co. to Staples, Inc. and United Parcel Service Inc. (UPS). Luckily, there’s a new wave of security vendors surfacing that are offering more innovative ways to address cloud security, one of them being CipherCloud, a San Jose, Calif.-based cloud security company whose platform offers cloud visibility, encryption, tokenization, activity monitoring, data loss prevention (DLP) and malware detection.

We recently asked CipherCloud CEO Pravin Kothari about the state of cloud security today. Here, he discusses a variety of cloud security-related challenges and solutions.

SiliconANGLE (SA): You’re founder and CEO of CipherCloud. How did you come up with the company name?

Pravin Kothari (PK): The name CipherCloud is a reminder of our heritage. I started the company in 2010 to extend data-level security and privacy into the cloud—something to complement the network-level controls native to the cloud. “Cipher” is a callback to our encryption and tokenization roots where we use code to protect the various cloud environments that enterprises use.

SA: What products or services does CipherCloud provide to small-to-medium size businesses (SMBs) and/or to consumers?

PK: Our direct customers are enterprises and SMBs that are looking to increase their cloud security and protect the privacy of sensitive information in cloud applications. As a result, consumers of these organizations benefit from the extra security and privacy controls that we enable.

SA: Can you name the four most common misconceptions enterprises have around cloud security?

PK: At the high level, there’s an unawareness malaise at many enterprises. Here I will name four misconceptions:

1. Many enterprises simply don’t know that certain cloud security tools exist to help them overcome the cloud visibility and protection challenges that come with cloud adoption. But that’s changing as new innovations, like CipherCloud, grow up in the market and work to educate prospects on the gaps.

CipherCloud CEO Pravin Kothari

2. Many organizations are not aware of the extent of shadow IT in their networks. They have an inkling there’s a problem but can’t see the full scope. For example, one of the world’s largest telecoms company came to CipherCloud to understand the extent of the problem posed by unsanctioned collaboration services in their ecosystem. We discovered that employees were using more than 80 different clouds for just file synch and share. In addition to identifying these apps, we also provided visibility into the level of risk they carry to that customer.

3. Shared responsibility is another misconception. Many enterprises are unaware that they, not the cloud provider, are responsible for maintaining data confidentiality even in a third-party cloud. This is because new regulations over the past two years clarified definitions for shared responsibility in the cloud. According to these changes, such as under PCI DSS 3.0, the cloud user is responsible for protecting the data and bears the fallout for failing to take adequate protection in the event of a breach.

4. There is a difference between security, privacy, compliance and governance. All four are important and, by executing on all these elements, enterprises can achieve holistic protection. Security is the tool or tools you use, privacy is the confidentiality of data and users, compliance refers to your organization’s ability to meet government and industry mandates for security and privacy, and governance refers to your internal requirements for protecting the enterprise’s assets.

SA: This year, consumers have seen security breaches happen at their favorite stores and banks including Dairy Queen, JPMorgan Chase, Staples and UPS. Is outdated payment system technology to blame for these breaches? Why or why not?

PK: That’s partly the issue. The system we’re using in the United States today for payments is roughly the same as what existed in the sixties, long before the (Point of Service) POS malware that plagued Target and UPS came along.

While there has been a long string of payment breaches this year, we shouldn’t forget that data breaches go beyond retail. They are happening to healthcare, financial services and other sectors that also handle huge volumes of personal information, much of that in the cloud. And here’s where the unawareness problem comes in. As long as these organizations aren’t aware of solutions that can protect them from cloud shadow IT and data threats, breaches will continue to plague companies and the consumers they serve.

SA: What, if anything, can consumers do to protect their confidential or sensitive information in the cloud?

PK: Good security hygiene applies to consumers, too. A few tips include:

1. Weed out email messages from people you don’t know, particularly if the subject is of a salacious or suspicious nature.

2. When shopping online, don’t go to unknown sites as these could be malicious. A hint would be if you get an alert that the site you’re about to navigate to has an expired certificate or is being flagged for another issue.

3. Don’t post your birth date and other personal information on social media sites.

SA: In many SMBs, employees often use consumer-facing cloud apps without permission from IT—also known as shadow IT. (In many cases, there isn’t even an IT department in the SMB.) What are the three most common enterprise data security problems shadow IT causes, and how can SMBs prevent and/or solve these problems?

PK: As alluded to earlier, shadow IT problems include:

1. If IT lacks visibility into these apps, they can’t put the right security, privacy, compliance and governance parameters around these apps, which leads to gaps in the company’s overall IT defense plan.

2. If any of these apps are malicious, then hackers will have an easier time burrowing into the organization and stealing valuable information.

3. Duplicate technologies in the enterprise is an operational nuisance.

Fortunately, cloud discovery tools exist to identify all apps in use at the enterprise and to risk-score each app.

.

Personality questions

.

SA: Everyone has habits, hobbies or interests that make them smarter. What are five things that make you a smarter individual? 

PK: 1. Taking online courses. 2. Solving puzzles with my sons. 3. Reading the news. 4. Hiking new places. 5. Brainstorming with colleagues.

SA: What’s the last book you read?

PK: “The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers” by Ben Horowitz. Stellar advice; makes it essential reading for ambitious people of all walks of life.

SA: What are two mobile apps you use most often?

PK: Kindle and Yelp

SA: Favorite food?

PK: Indian

SA: Least favorite food?
PK: None. I like all food as long as it’s vegetarian.  

SA: I see from your LinkedIn profile that you follow Anthony (Tony) Robbins and Guy Kawasaki. What is your favorite quote from Anthony (Tony) Robbins?

PK: “Identify your problems, but give your power and energy to solutions.” -Anthony (Tony) Robbins

SA: What is your favorite quote from Guy Kawasaki?

PK: “Want to change the world? Upset the status quo? This takes more than run-of-the-mill relationships. You need to make people dream the same dream that you do.” -Guy Kawasaki

.

Photo credit: perspec_photo88 via photopin cc

Photo of Pravin Kothari courtesy of CipherCloud

Photo credit: Pensiero via photopin cc