TL; DR: McAfee’s cloud security solutions are providing enterprises with the purpose-built tools they need to defend against the new era of online threats. The cybersecurity company’s cloud-native approach, which includes working with other security players, helps businesses create truly integrated cloud environments across all devices. Ultimately, McAfee aims to lead the way in uniting the industry to combat emerging threats while enhancing business in the cloud.
As we move further into the cloud era and businesses adopt more infrastructure-as-a-Service (IaaS) solutions, it’s only natural that cloud-native threats will rear their ugly heads. After all, with new technologies come new vulnerabilities and new exploits.
At the same time, businesses that move to the cloud enjoy quantifiable benefits. To reap such benefits while safeguarding IaaS environments, a new study from McAfee suggests enterprises must address the high prevalence of misconfigurations that leave sensitive data open to theft.
McAfee surveyed 1,000 enterprise organizations across the globe, unveiling a disconnect between providers and organizations when it comes to the shared-responsibility model. Only 26% of those surveyed said they perform audits for IaaS misconfigurations using their security tools, and more than one in four companies cited a skills shortage for IaaS security practitioners as a contributing factor.
“We found that the majority of cloud security issues were customer-related in the sense that customers didn’t fully understand the shared responsibility model and didn’t configure, for example, an Amazon S3 bucket or a SharePoint Site appropriately,” said Sekhar Sarukkai, VP of Engineering at McAfee. “Those were the kinds of issues that resulted in data breaches, rather than the cloud itself as a platform.”
McAfee’s solution is simple: To keep cloud-based infrastructure airtight, invest in cloud-native security tools, like MVISION Cloud, a cloud access security broker (CASB) built to ensure total visibility across all cloud services, devices, and users.
The product is part of McAfee’s cloud-native approach to security, which includes APIs that work seamlessly with continuous integration and continuous delivery (CI/CD) pipelines. These tools are helping the company inch closer to its ultimate end goal: to protect the world from current and emerging online threats.
A New, Cloud-Native Approach to Security
In 2017, McAfee resumed operations as an independent company after being spun off from Intel. Vittorio Viarengo, Interim Chief Marketing Officer, said the move set the company on a transformational journey.
“We used the strength of our heritage in endpoint security and threat research and realized we also had to go on the offensive in the cloud,” Vittorio said.
There are two main reasons companies make the move to the cloud, according to Vittorio. The first is efficiency. “They’re adopting SaaS platforms like Office 365 to become a more efficient, modern work environment,” he said.
Other companies turn to technology for development purposes. “Since the dawn of IT, organizations have had development teams that built applications, and now these applications are built in the cloud,” Vittorio said.
The 2018 acquisition of Skyhigh Networks, a leader in CASB technology, allowed McAfee to combine the strength of its existing portfolio with multicloud security management, creating a revamped company with a security posture that Vittorio described as firmly cloud-first.
“MVISION Cloud was born in the cloud and designed to help customers secure data from threats so they can accelerate their businesses in the cloud,” he said.
Over the years, McAfee has built a reputation for enabling seamless products on the endpoint side via its ePolicy Orchestrator (ePO). Now, with MVISION ePO, Vittorio said the company is extending that strength to the cloud.
“We took that crown jewel and moved it into the cloud so we can increase visibility and deliver a unified place to set and enforce data loss prevention (DLP) policies, both for the cloud and endpoint,” he said.
APIs for Easy Integration with the CI/CD Pipeline
Sekhar told us that a variety of factors, such as the technical skills gap and tight budgets, account for the security team bottlenecks becoming all too common for businesses small and large. According to McAfee’s Cloud-Native: The Infrastructure-as-a-Service Adoption and Risk Report, this congestion causes a whopping 99% of IaaS misconfigurations to go unnoticed.
In response, many IT teams attempt to “shift left,” or discover configuration issues early in the DevOps cycle — rather than once an application has gone live. MVISION Cloud makes this process easier through API integrations with developer-friendly tools such as Azure DevOps, Microsoft Git, and Github.
“From a product perspective, we’ve integrated all of the tools security professionals need — configuration audit tools, data security, threat protection — as services that we integrate into your CI/CD pipeline,” Sekhar said. “Essentially, the applications are born secure.”
Ultimately, empowering security professionals to detect faulty configurations before they become a threat to production allows businesses to deploy their cloud applications with confidence — in turn boosting both speed and efficiency.
The proof is in the stats: According to McAfee, companies that use a CASB solution, such as MVISION Cloud, in conjunction with an IaaS solution deploy 71% more applications than those that do not. Sekhar said that the success of McAfee’s cloud portfolio as a growth engine for the company speaks to its efficacy.
“Good business for the customer means good business for us,” he said.
The Goal: To Protect the World from Emerging Threats
Vittorio and Sekhar, who both worked at Skyhigh Networks prior to the company’s acquisition by McAfee, told us that the marriage of cultures at the two companies works in favor of the customer.
By delivering solutions that are compatible with other products, the united company aims to bring together the industry in fighting cybercriminals. This customer-centric approach has long been ingrained in both companies’ internal development processes, which follow the tenents of agile software development.
“What was exciting to me is to see how we have been able to build on the core culture of McAfee, which is about making the world a safer place by protecting it from threats,” said Vittorio.
“As far as internal development goes, Skyhigh was born in the cloud — we didn’t have a datacenter or an enterprise network, and we followed a rapid innovation program,” he said. “Now, we have aligned with McAfee in an agile manner where we use the leading cloud technologies and state-of-the-art CI/CD processes and tools to provide better value for customers in a timely manner.”
Sekhar said McAfee’s recent research on cloud-native threats indicates that customers increasingly recognize this value. More than half of respondents in the survey said they feel that cloud environments have become more secure than their on-premises counterparts.
“That tells me that the customers that have moved to the cloud are seeing positive results, which means that this digital transformation in which businesses adopt the cloud will continue to accelerate as we move forward,” he said.
New Developments: Unified Cloud Edge and MVISION Insights
Vittorio told us he’s excited about several of McAfee’s new cloud products — particularly its Unified Cloud Edge, which merges the capabilities of McAfee MVISION Cloud, McAfee Web Gateway, and McAfee Data Loss Prevention within MVISION ePO platform.
“We’re merging security solutions across hybrid and multicloud environments that used to function independently in one unified solution,” he said.
Vittorio also praised McAfee’s new MVISION Insights, which leverages AI-powered risk intelligence from a large pool of data to defend against current threats.
“We have 1 billion sensors out there that constantly collect information, and we can make that intelligence available to our customers, allowing them to be proactive about defending the environment.”