Dr. Amoroso: Do you see more enterprise teams converging on a single cloud provider, or are they more often shifting to a hybrid collection of different cloud offerings?

Rajiv Gupta: We do not know of a single enterprise team who is converging on a single cloud provider. The reason is simple: There is no one cloud provider who covers the breadth of needs of any enterprise. In fact, many enterprises use multiple service providers for the same function, such as OneDrive and Box for file storage – either because of legacy, transition, purpose, or preferences of their customer, partners, or employees.

Dr. Amoroso: What sort of threats do you see in public cloud infrastructure?

Rajiv Gupta: Threats in public cloud almost always result from the enterprise not delivering on their part of the shared security responsibility model. Inappropriate use of cloud services can lead to a range of threats including the use of high-risk cloud services, open S3 buckets in Amazon, over-provisioned admin accounts in Salesforce, and storing and disseminating malware…

Dr. Amoroso: How do CISOs orchestrate security policies across different public clouds?

Rajiv Gupta: If a CISO wants to ensure that confidential data is not inappropriately shared, the security team needs to have several capabilities. First, there must be a way to specify that policy, defining what is confidential data and what constitutes inappropriate sharing. There must be a way to map that policy to the different ways data can be shared through each cloud service, which typically offer different actions such as copy, share, invite to collaborate, upload, and download. Finally, they need a consistent platform to get the visibility into the data and to enforce the policy.