Cloud-Native Security Strategies are Key to Managing High-Performance Enterprise Infrastructures – Sean Flynn, Akamai

By Lane Cooper, Editorial Director, BizTechReports

While most large enterprise technology leaders have reconciled themselves to running complex hybrid enterprise infrastructures made up of on-prem and cloud-based resources for the foreseeable future, their risk-management posture should be firmly rooted in cloud-native security principles. So says Sean Flynn, Director of Security Technology and Strategy at Akamai, in a recent podcast interview with BizTechReports. 

"A cloud-native approach to security is important because it allows organizations to effectively protect their assets in a dynamic and hybrid IT environment," explains Flynn

"With the increasing adoption of cloud services, SaaS, and other cloud-native technologies, traditional perimeter-based security measures are no longer sufficient. A cloud-native approach enables security to be integrated into the entire application development and deployment lifecycle, ensuring that security measures are scalable, flexible, and adaptable to the organization's changing needs. It also allows for better visibility and control over security events and threats across the entire cloud infrastructure." he says. 

We caught up with Flynn after a series of dinner and virtual roundtable discussions with senior enterprise technology leaders hosted by CIO magazine and Akamai to understand how cyber security strategies are evolving as organizations proceed with ambitious digital transformation initiatives. The problem, and perhaps the central challenge facing enterprise technology leaders, is that a growing number of bad actors are anticipating these moves and positioning themselves to exploit vulnerabilities as new platforms and infrastructures are deployed.

"We are seeing bad actors focus attacks on exploiting the newer technologies organizations deploy to support digital transformation. As a result, attackers are already there – ready to take advantage of vulnerabilities based on the assumption that enterprise security teams have not caught up with IT modernization initiatives," he adds.

The malware strategy is not new. Hackers, nation-state players and criminal enterprises have long studied – and raced – to identify seams and weaknesses associated with new technologies to execute zero-day attacks. Indeed, one of the significant assumptions enterprise leaders have made in the past – a point that emerged consistently throughout the roundtable discussions – is that mature systems are more secure and dependable than new ones.

Several executives representing sensitive and highly regulated industries – in financial services and healthcare, for instance – pointed out that a bias for "proven and established technologies" was often the principal barrier to the strategic deployment of cloud resources.

The New Digital Imperative for Innovation 

The competitive landscape, however, has changed. Banks and hospitals – along with manufacturing, retail, logistics, and other vertical sectors – face significant competition from a new generation of digital disruptors that remove the option of rejecting, or even delaying, the deployment of innovative technologies.

The trend has intensified with the rapid adoption of new artificial intelligence (AI) and machine learning technologies – which also emerged as a key theme across our roundtable discussions. GenAI, in particular, captured the attention of the enterprise technology community in an unprecedented manner in 2023, creating intense pressure to embrace and integrate cloud-based systems and applications into their architectures and infrastructures. According to analysts at IDC, the headlines around AI have directly contributed to the rising demand for cloud technologies. 

"Companies continue to accelerate movement to -- and adoption of -- the cloud for modernization and new, intelligent application initiatives based on all types of data streams. The strong market growth comes from -- not just the top few but -- a large ecosystem of vendors meeting customer needs in the cloud," says IDC research director Lara Greden. 

Addressing an Aggressive Threat Landscape

The result, of course, is complexity, which is the enemy of security and a dear friend of those who would do organizations harm. 

"In this environment, an effective cloud-native risk-management strategy requires a layered approach to security based on frameworks – such as those offered by the National Institute of Standards and Technology (NIST) or MITRE ATT&CK," says Flynn, adding that the central organizing principles offered by these institutions have proven track records of mitigating the impact of threats in the context of innovation.

Flynn explains that a layered approach to security means implementing multiple security measures to protect against various threats. It combines different security solutions and strategies to create a comprehensive defense system. 

"This approach recognizes that no single security measure is foolproof, so the overall security posture is strengthened by layering multiple measures. Each layer of security adds barriers, making it more difficult for attackers to breach the system," Flynn says. 

It is also essential for organizations to have an intimate understanding of baseline behaviors across all enterprise computing assets. While no one can predict, understand – or even detect – Zero-day attacks, it is within the power of enterprise technology leaders to identify uncharacteristic behavior across the technology stack. 

This, says Flynn, is where Akamai focuses its efforts. As one of the key pioneers in developing content delivery networks (CDN) services to optimize network performance over the Internet, Akamai has streamlined how organizations develop and run distributed applications and workloads. 

"We leverage this unique vantage point to establish a clear understanding of what normal traffic and activity looks like. As a result, when a Zero-day attack occurs, we might not understand what is happening – no one does because it is something completely new – but we can immediately determine that the system's behavior is not normal. We immediately key in on these abnormalities and address them before they become bigger problems," he concludes.

###
EDITORIAL NOTE: To listen to the full interview with Akamai’s Sean Flynn, Click Here

Editor's PickStaff Reports