Most recent

Safe-T interviews Andrew Hay, DataGravity CISO

By Eitan Bremler

There are a lot of talented people in our industry. We thought it would be a good idea to interview them for our blog and find out their thoughts and opinions on key industry issues.

Our first interview is with Andrew Hay, CISO of DataGravity. With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew is responsible for the development and delivery of DataGravity's comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage. He also previously served as a senior security analyst for 451 Research’s enterprise security practice (ESP). Andrew draws on his data security expertise to share commentary and thought leadership about the industry, having published a series of playbooks, guides and articles in trade publications. His thought leadership and security expertise have been recognized by the SANS Institute, IT Knowledge Exchange, CEOWorld, as well as other organizations.

1. What percentage of attacks do you think are targeting the theft of data?

That's a very difficult question to answer as there are so many variables influencing the value of the data and the lack of security controls protecting the data.

2. How do you see the use of cloud storage in regards to threats of insiders leaking data?

Cloud storage is the new USB drive (which is the new floppy disk) with regards to the ability for an insider to surreptitiously transfer sensitive data outside of their organization. As all of the popular cloud storage platforms utilize SSL, there is very little inspections capabilities available at the network level - though one might argue that if the data is already in flight, you've already lost the ability to prevent it from leaving. 

3. Everybody is talking about APTs, do you think we are neglecting the basic network based attacks like port scanning as an attack vector?

Port scanning is often a probing precursor to a potential attack as a way to see how soft the target is. Port scanning should be treated as an early warning indicator but not as a definitive sign of an active attack. 

4. Today we are seeing hackers use open ports in the firewalls as a means to access the internal network, but still every one opens ports. How do see us battling this and reducing the attack surface?

That is a battle that has been around since the dawn of networks. I believe that we should follow a zero-trust model and only allow communications through our firewall that we know serve a business purpose. This would dramatically reduce our attackable surface area.

5. Do you see a growth in the deployment of secure data exchange solution as a mean of battling data theft?

Not sure.

6. How are firms dealing with the increase in use of mobile devices as they relate to data exchange and security?
Most are turning a blind eye to new devices (from mobile to IoT) and hoping that existing tools are robust enough to mitigate any issues that may arise.
All posts