AiThority Interview with Thyaga Vasudevan, EVP of Product at Skyhigh Security

Thyaga Vasudevan, EVP of Product at Skyhigh Security highlights latest innovative solutions at Skyhigh Security, solutions to balancing security risks, AI and ML technologies for the future of cybersecurity and more in this interaction:

———–

Hello Thyaga, welcome to our AiThority Interview Series. Walk us through your leadership journey in the IT and security industry.

Thanks for inviting me to this series. I’ll start with a little about myself. I grew up in the bustling city of Calcutta (now Kolkata) in India. My early memories are those of growing up in a single room studio with a bathroom that was shared with another studio tenant. Early on, I learned the “shared” responsibility model and concept of trust-but-verify.

From an industry standpoint, 2016 was a pivotal year with several major cybersecurity hacks – a few that most would recognize – Yahoo (more than a billion user records exfiltrated), LinkedIn (100M user records breached) and the most egregious by any account, the Democratic Party that was breached by foreign state actors.

2016 was also a pivotal year in my career. I was leading the content management line of business for Oracle and helping customers move their content over to the Oracle Cloud. One of my major concerns during this time was protecting Oracle customers’ sensitive data. As I researched solutions, I learned about CASB (Cloud Access Security Broker) solutions that seemed cutting edge, focused uniquely on cloud access and data protection. As fate would have it, my former manager had just joined Skyhigh Networks, a leading CASB startup. A phone call from him with an invitation to join this innovative group was all I needed to make the jump from an established, and some might say “cushy,” career at Oracle to the fast-paced startup that was set to change the world of cybersecurity.

Also Read: The Role of AI in Protecting Consumers and Businesses From Modern Fraud

Skyhigh Security’s portfolio is known for being data-aware and cloud-native. Highlight some of the latest innovative solutions apart from the competition.

Within the past year, Skyhigh Security has unveiled several industry-leading innovations that set it apart in an increasingly competitive market.

Skyhigh AI: Skyhigh Security helps organizations leverage AI with a greater peace of mind while protecting their data, infrastructure, and applications from the risks associated with these applications. Our Skyhigh AI capabilities include, but are not limited to:

• Gaining visibility into sanctioned, shadow, and private AI applications, as well as LLM attributes, risk levels, usage, users, and the amount of data flowing through these applications.
• Applying governance-based controls for AI applications and services to mitigate the risk of data loss, data exfiltration, unauthorized access, and data breaches.
• Disabling chat history to prevent any organizational data from being used as training data.
• Meeting compliance requirements by applying strict data controls using Skyhigh Security’s advanced Data Loss Prevention (DLP) solution to all AI applications.
• Blocking access to risky AI applications and limiting access to low-risk AI applications with visibility into over 1,100 AI applications from the Skyhigh Cloud Registry.

Advanced DLP Capabilities: Skyhigh Security has the most advanced data loss prevention capabilities on the market today. Skyhigh DLP helps organizations protect their sensitive and confidential data using multiple advanced content-matching techniques, including real time Exact Data Matching (EDM), Indexed Document Matching (IDM), Optical Character Recognition (OCR), and AI-ML Auto Classifiers. These techniques increase accuracy, efficiency, and compliance within a wide range of industries and contexts, enabling organizations to better detect sensitive data, enforce policies, and prevent data leakage. They also help tackle emerging threats such as ransomware, extortion, and insider threats.

Skyhigh Security also announced the first-to-market AI-driven DLP Assistant at the beginning of this year, as an advanced DLP capability within its Security Service Edge (SSE) portfolio. The AI-based Assistant can help simplify many complex tasks in DLP by generating complex regular expressions. This enables customers to create complex data classifications based on natural language expressions, increasing operational efficiencies and minimizing inaccuracies stemming from human error, such as false positives or false negatives.

Trellix Integrations: In August 2024, Skyhigh Security announced new cloud-to-cloud integrations with Trellix, the second half of the organizational split from McAfee Enterprise in 2022. This powerful integration connected Skyhigh Secure Web Gateway (SWG) for Cloud and Trellix Intelligent Virtual Execution (IVX) Cloud to strengthen enterprises’ security posture. This offers organizations an additional layer of malware scanning, zero-day threat detection, and comprehensive data forensics for the cloud, helping them guard their sensitive data and protect employees.

What are the top challenges organizations face when balancing security risks with opportunities for innovation, and how do Skyhigh Security solutions address these challenges?

 With increasing public concern, strict compliance regulations, and cyber threats, organizations must integrate privacy into their processes and practices. These challenges include:

• Data privacy: The number one challenge for most organizations lies in protecting their crown jewel – Data. Protecting data exfiltration through sanctioned and unsanctioned cloud apps.
• Compliance: Increasingly organizations must comply with many different regulations. This is particularly important in heavily regulated industries like healthcare, financial services, government and public sector agencies. The complexity increases with different regulatory compliance needs for different regions.
• AI Security: Enabling productivity through use of AI tools and services without compromising on data security.

Also Read: AIThority Interview With Johnny Jan, CEO and founder of Winking Studios

There are the more obvious cybersecurity risks and concerns that come with threats, breaches, insider threats and so on. We address the challenges with the following:

• Data Security: The ability to detect and protect sensitive data no matter where it resides (on-premises, hybrid or cloud), at rest or in transit consistently and across all product areas using a single unified policy framework. Add to that our really advanced DLP (Data Loss Prevention) techniques like Exact Data Matching (EDM), Indexed Document Matching (IDM), and Optical Character Recognition (OCR) that strengthen the security posture unlike any other offering in the industry today.
• Cloud Access Security: Skyhigh Security has the largest support of apps via API, providing enterprises with deep controls including DLP, Threat Investigation, User and Entity Behavior Analytics (UEBA), and device-based controls on sensitive corporate data residing within sanctioned (organization approved) apps.
• Best-in-Class Threat Protection: Skyhigh’s threat protection is built on the foundation and pedigree of 20+ years of market leading technology, and 3,000+ customers.
• Single integrated platform: Lastly, we have combined all of these key capabilities into a single, integrated platform. As mentioned in the latest Gartner Magic Quadrant report, this is a key differentiator for Skyhigh since some of our competitors have multiple consoles for different products and use cases – which add so much operational burden and overhead to customers.

Talk about the impact of AI and machine learning technologies on the future of cybersecurity.

 Enabling use of AI and ML in organizations has many benefits and the investments in AI-powered tools and services will continue to grow exponentially over the foreseeable future. This brings with it increased risks of data exfiltration and a variety of other business risks from intellectual property exposure, regulatory non-compliance, reputational damage, data breaches and much more.

Enterprise security vendors will need to not only leverage AI to enhance the performance and efficacy of their offering, they will also need to empower enterprises to leverage the benefits of AI while still maintaining their security posture.

As one of the innovations I mentioned previously, Skyhigh AI provides best in breed AI-powered SSE solutions to safeguard an organization’s data, prevent threats, and ensure compliance, while enabling them to embrace AI and foster innovation securely and efficiently.

With the shift towards cloud-native security, how does it benefit organizations without compromising on data security?

The key advantage to cloud-native security is scalability. Cloud-native security solutions can easily scale to meet the demands of growing data and applications, allowing organizations to adapt to changing needs without compromising security.

Another major benefit to cloud-native security is automation. Many cloud-native security tools incorporate automation for monitoring and response, which helps in quickly identifying and mitigating threats, reducing the risk of human error.

With cloud-native security, organizations can benefit from real-time analytics and machine learning to detect anomalies and threats as they occur, enhancing the ability to respond quickly.

To wrap up, what do you foresee in terms of advancements in IT security standards and processes?

 Here are three things that many experts in the cybersecurity field may find exciting about the future of our industry:

• Constant Evolution: Cybersecurity threats are constantly evolving and new ones emerge frequently. This keeps the industry dynamic, challenging, and allows for the development of new technologies and methodologies to stay ahead of the attackers.

• Impact on Society: Cybersecurity plays a critical role in protecting individuals and organizations from cyberattacks and data breaches. As technology becomes more deeply integrated into our daily lives, the importance of cybersecurity will only continue to increase, making it essential to protect our personal information, businesses, and critical infrastructures.

• Interdisciplinary field: Cybersecurity is an interdisciplinary field that requires knowledge and skills from various areas, such as computer science, network engineering, threat intelligence, incident response, and legal and regulatory compliance. This variety of skill sets and knowledge makes it an interesting area to work and allows for a diverse range of professionals to contribute.

 There are several potential cybersecurity threats that companies should be aware of and prepare for:

• Cloud Security: As more companies move their data and applications to the cloud, cloud security will become a critical concern. Companies should ensure that their cloud providers have strong security controls in place and that they are properly configured to meet their specific needs.

• Remote Workforce: Remote workforce security has become a critical issue as the world has shifted to remote work to combat the pandemic. Companies should ensure that their remote workers are using secure connections and devices, and that their access to company data is properly controlled and monitored.

• IoT Security: As the number of Internet of Things (IoT) devices continues to grow, so does the risk of attacks that leverage these devices. Companies should ensure that their IoT devices are properly configured and managed, and that they have the ability to quickly detect and respond to IoT-based attacks.

• Ransomware: Ransomware attacks continue to be a major threat for companies, as they can cause significant disruptions to operations and result in data loss. These attacks are likely to become more sophisticated and targeted, so companies should have a robust backup strategy in place, regularly update and patch systems and software, and consider purchasing cyber-insurance.

• Supply Chain Security: Supply chain attacks are becoming more common, in which the attacker seeks to compromise the supply chain in order to gain access to sensitive data, systems or products. Companies should be more aware of their supply chains and have a better visibility of their suppliers.

• Artificial Intelligence/Machine Learning: As artificial intelligence (AI) and machine learning (ML) become more prevalent, so too do the potential risks associated with these technologies. Organizations should be aware of the potential security risks associated with AI/ML and take steps to mitigate them, such as monitoring for bias or malicious actors.

It’s worth noting that these threats are constantly evolving, and new ones can emerge at any time. Companies should have a comprehensive security program in place, and continuously review and improve it to minimize the risk of these and other types of threats. It’s also important to keep informed of the latest trends and threat intelligence reports to stay ahead of the attackers.

 Thank you, Thyaga, for sharing your insights with us. 

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]