Subscribe for Insights

Stay connected with our latest Insights

Subscribe for Podcasts

Knowledge Institute Podcasts

  • Ahead in the Cloud: Navigating Cloud Security Challenges with Ankur Shah

    August 04, 2023
  • Ankur Shah, Senior Vice President and General Manager of Products for Prisma Cloud, discusses the challenges of cloud security and the prevalence of blind spots for companies. He emphasizes the importance of shifting left with DevSecOps, the need for cloud security visibility and control, and the significance of a shared responsibility model in securing cloud environments.

    Hosted by Chad Watt, researcher and writer with the Infosys Knowledge Institute.

    "I think there's still a lot of blind spots. The average conversation I have with the CISOs is still, ‘I don't know what's going on in the cloud. I don't know what we're doing towards security."

    "Security is a shared responsibility between not just the cloud providers but the SEC teams. The security teams can’t just do all of that stuff on their own."

    Ultimately, you know, those of us who are building security products, we are optimists. We always think that [what will] solve for the bad guy with ChatGPT, the good guy with ChatGPT, right?

    - Ankur Shah


  • Many companies lack a clear assessment of their security vulnerabilities in the cloud. While some progress has been made in recent years, there are still blind spots, and many CISOs admit to not fully understanding what is going on in their cloud environments.
  • Cloud security is a shared responsibility between cloud providers and security teams. Cloud providers handle the physical security and infrastructure, but customers are responsible for securing their applications and data within the cloud.
  • In a hybrid multi-cloud world, where companies use multiple cloud providers and have some workloads on-premises, security blind spots can result from managing different systems and tools.
  • Shifting security left, also known as "secure by design," is crucial in the cloud environment. This means embedding security practices early in the development lifecycle, ensuring that security is considered from the code stage to the cloud deployment.
  • The responsibility for cloud security lies with the CISO, but it needs to be shared by other departments and C-suite executives and the teams who report to them.

Show Notes

  • 00:10

    Chad introduces himself and Ankur

  • 00:40

    If give you a hundred multinational companies that are using cloud, how many of those have a clear assessment of their security vulnerabilities?

  • 01:35

    How many companies can give you just a full inventory of what they're doing in the cloud?

  • 02:33

    Security is somebody else's problem.
    Cloud is going to solve security for me.
    Agree, disagree. build on those two.

  • 03:37

    Now, how does the hybrid environment contribute to security blind spots?

  • 05:10

    Whose responsibility is it to check for the blind spots?

  • 06:13

    How do you get security teams schooled on cutting edge, caffeinated, developer cloud?

  • 07:39

    Can you talk about an instance where you've really seen DevSecOps, you know, shine or really deliver?

  • 08:08

    Why is it easier to teach somebody security if you are a developer than the other way around?

  • 09:12

    Where should the CISOs sit? Where should this chief information security officer sit in an organization? And who should be at the table with that CISO?

  • 10:42

    How can security keep pace or catch up?

  • 13:00

    How do you get to the point where when a blind spot is realized, you actually address it?

  • 13:51

    Ankur points out is “Shift Happens” shirt (see photo).

  • 14:26

    Take me through what Prisma delivers, what Palo Alto and Prisma deliver, and what the obligations are with the client, with the CSO, and down the line.

  • 17:10

    Has the revelation that AI can be for good and bad helped your discussions around security, how people think more seriously about their security situation?