The Evolving Landscape of Cloud SecurityUptycs CEO Ganesh Pai on Embracing the 'Shift-Up' Approach
Organizations engaged in software production often run their applications and services within cloud environments. With the rapid acceleration of software development and deployment, the various stages of interaction have become potential attack vectors, underscoring the need for increased visibility to minimize dwell time.
See Also: Software Supply Chain Do's and Don'ts
Ganesh Pai, CEO of Uptycs, discussed the "shift-up" approach, which focuses on operational visibility extending from software composition to production workloads. Shift-up addresses the challenges of detecting security vulnerabilities in both software construction and cloud operations, Pai said.
Pai explained how CTO-centric organizations are more inclined to embrace this approach due to their operational choices. "In organizations where the CTO makes a certain set of choices to operationalize tech a certain way, they are far more conducive to understanding the value of this visibility from the laptop to the cloud," he said. "In organizations where the CIO makes a decision, for example, to increase the top line, they might procure technology like SAP and operationalize it in certain geographic locations to get the value of being closer to the supply chain."
In this video interview with Information Security Media Group at Black Hat USA 2023, Pai also discussed:
- The need to overcome siloed security tools, especially in large enterprises;
- The distinction between GRC-centric operations, which focus on vulnerabilities and misconfigurations, and threat operations, which focus on detection and response;
- Uptycs' role in enhancing visibility and reducing risk.
Pai is an entrepreneur and technologist who has been awarded multiple U.S. patents. He was previously chief architect for carrier products and strategy at Akamai Technologies.